Afternoon Dessert – 2023-01-10


Welcome to another Afternoon Dessert breakout:

Expert Analysis Reveals Cryptographic Weaknesses in Threema Messaging App
A comprehensive analysis of the cryptographic protocols used in the Swiss encrypted messaging application Threema has revealed a number of loopholes that could be exploited to break authentication protections and even recover users’ private keys.
The seven attacks span three different threat models, according to ETH Zurich researchers Kenneth G. Paterson, Matteo Scarlata, and Kien Tuong Truong,
Read more….

Italian Users Warned of Malware Attack Targeting Sensitive Information
A new malware campaign has been observed targeting Italy with phishing emails designed to deploy an information stealer on compromised Windows systems.
“The info-stealer malware steals sensitive information like system info, crypto wallet and browser histories, cookies, and credentials of crypto wallets from victim machines,” Uptycs security researcher Karthickkumar Kathiresan said in a report.
Read more….

In-House vs. External Pen Testing: Which is Right For Your Organization?
Regular penetration testing is an important step in developing secure web applications. Outpost24 PTaaS solution is an on-demand, pay-as-you-go service that provides access to specialist external pen testers and tools that work as extensions of your in-house SecOps team. […]
Read more….

Hackers target Android users with fake Shagle video-chat app
The StrongPity APT hacking group is distributing a fake Shagle chat app that is a trojanized version of the Telegram for Android app with an added backdoor. […]
Read more….

StrongPity Hackers Distribute Trojanized Telegram App to Target Android Users
The advanced persistent threat (APT) group known as StrongPity has targeted Android users with a trojanized version of the Telegram app through a fake website that impersonates a video chat service called Shagle.
“A copycat website, mimicking the Shagle service, is used to distribute StrongPity’s mobile backdoor app,” ESET malware researcher Lukáš Štefanko said in a technical report. “The app is
Read more….

Iowa’s largest school district cancels classes after cyberattack
Des Moines Public Schools, the largest school district in Iowa, canceled all classes on Tuesday after taking all networked systems offline in response to “unusual activity” detected on its network one day before. […]
Read more….

Microsoft January 2023 Patch Tuesday fixes 98 flaws, 1 zero-day
​Today is Microsoft’s January 2023 Patch Tuesday, and with it comes fixes for an actively exploited zero-day vulnerability and a total of 98 flaws. […]
Read more….

Popular JWT cloud security library patches “remote” code execution hole
It’s remotely triggerable, but attackers would already have pretty deep network access if they could “prime” your server for compromise.
Read more….

CircleCI – code-building service suffers total credential compromise
They’re saying “rotate secrets”… in plain English, they mean “change your credentials”. The company has a tool to help you find them all.
Read more….

Follow for more…


Create a website or blog at

%d bloggers like this: