Afternoon Dessert – 2023-01-12


Welcome to another Afternoon Dessert breakout:

Over 100 Siemens PLC Models Found Vulnerable to Firmware Takeover
Security researchers have disclosed multiple architectural vulnerabilities in Siemens SIMATIC and SIPLUS S7-1500 programmable logic controllers (PLCs) that could be exploited by a malicious actor to stealthily install firmware on affected devices and take control of them.
Discovered by Red Balloon Security, the issues are tracked as CVE-2022-38773 (CVSS score: 4.6), with the low severity
Read more….

IcedID Malware Strikes Again: Active Directory Domain Compromised in Under 24 Hours
A recent IcedID malware attack enabled the threat actor to compromise the Active Directory domain of an unnamed target less than 24 hours after gaining initial access.
“Throughout the attack, the attacker followed a routine of recon commands, credential theft, lateral movement by abusing Windows protocols, and executing Cobalt Strike on the newly compromised host,” Cybereason researchers said in
Read more….

Fortinet: Govt networks targeted with now-patched SSL-VPN zero-day
Fortinet says unknown attackers exploited a FortiOS SSL-VPN zero-day vulnerability patched last month in attacks against government organizations and government-related targets. […]
Read more….

Vice Society ransomware claims attack on Australian firefighting service
Australia’s Fire Rescue Victoria has disclosed a data breach caused by a December cyberattack that is now claimed by the Vice Society ransomware gang. […]
Read more….

European police takes down call centers behind cryptocurrency scams
Multiple call centers across Europe controlled by a criminal organization involved in online investment fraud were taken down this week following a cross-border investigation started in June 2022. […]
Read more….

MetaMask warns of new ‘Address Poisoning’ cryptocurrency scam
Cryptocurrency wallet provider MetaMask is warning users of a new scam called ‘Address Poisoning’ used to trick users into sending funds to a scammer rather than an intended recipient. […]
Read more….

S3 Ep117: The crypto crisis that wasn’t (and farewell forever to Win 7) [Audio + Text]
Tell us in the comments… What’s the REAL reason there was no Windows 9? (No theory too far-fetched!)
Read more….

Microsoft Patch Tuesday: One 0-day; Win 7 and 8.1 get last-ever patches
Get ’em while they’re hot. And get ’em for the very last time, if you still have Windows 7 or 8.1…
Read more….

Follow for more…

Create a website or blog at

%d bloggers like this: