Weekly Top Ten Cybersecurity Stories – 5.27.2022 – Innovate Cybersecurity

WEEKLY TOP TEN | MAY 27, 2022 13:32 GMT

Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:

CISA Adds 41 New Vulnerabilities to Known Exploited Vulnerabilities Catalog
https://securityaffairs.co/wordpress/131646/security/known-exploited-vulnerabilities-catalog-flaws-2.html
Cisco Releases Security Update for CVE-2022-20821 Affecting IOS XR Software
https://securityaffairs.co/wordpress/131516/security/cisco-ios-xr-flaw.html
Quanta Cloud Technology Servers Found Vulnerable to “Pantsdown” BMC Exploit (CVE-2019-6260)
https://thehackernews.com/2022/05/critical-pantsdown-bmc-vulnerability.html
HP Wolf Security Team Discovers Malware Propagating Via Malicious PDF Documents
https://threatresearch.ext.hp.com/pdf-malware-is-not-yet-dead/#
Threat Actors Targeting Security Researchers Through Fake Proof of Concept Exploits on Github
https://securityaffairs.co/wordpress/131553/intelligence/fake-poc-exploits-attacks.html
Recorded Future Note an Increasing Amount of Session Hijacking and Cookie Theft by Criminals to Bypass MFA
https://www.infosecurity-magazine.com/blogs/threat-session-hijacking-mfa-bypass/
Red Canary Note Resurgence and New TTPs in ChromeLoader Malvertising Malware
https://redcanary.com/blog/chromeloader/
Security Research MalwareHunterTeam Discover Shift in IndustrialSpy Malware Towards Ransomware
https://www.bleepingcomputer.com/news/security/industrial-spy-data-extortion-market-gets-into-the-ransomware-game/
Microsoft Researchers Warn of Web Skimming Campaigns Masquerading As Google Analytics or Meta Pixel Scripts
https://www.microsoft.com/security/blog/2022/05/23/beneath-the-surface-uncovering-the-shift-in-web-skimming/
Interpol Concerned at Proliferation of APT and Nation-state Malware Into Cybercriminal Hands
https://securityaffairs.co/wordpress/131618/cyber-crime/nation-state-malware-dark-web.html

Hand-Picked Top-Read Stories

The Risks of Cybersecurity Vulnerabilities: How They’re Impacting Public Utilities

Why is DDoS Still So Effective After 20 Years?

Weekly Top 10: 12.16.2024: OpenWrt Flaw Allows Distribution of Malicious Firmware; Vulnerability in WPForms Allows for Arbitrary Stripe Refunds; AuthQuake Attack Allows MFA Bypass for Microsoft Accounts, and More.

Trending Tags

Weekly Top Ten Cybersecurity Stories – 5.27.2022

Previous Post

Avoiding Common Incident Response Pitfalls

Next Post

Building a Privileged Account Management (PAM) Strategy

Threat Advisories

Weekly Top 10: 12.16.2024: OpenWrt Flaw Allows Distribution of Malicious Firmware; Vulnerability in WPForms Allows for Arbitrary Stripe Refunds; AuthQuake Attack Allows MFA Bypass for Microsoft Accounts, and More.

Weekly Top 10: 12.9.2024: New Windows Zero-Day Exposes NTLM Credentials, Gets Unofficial Patch; Supply Chain Attack Detected in Solana’s web3.js Library; Snowblind: The Invisible Hand of Secret Blizzard, and More.

Weekly Top 10: 11.25.2024: Critical Flaw in End-of-Life D-Link VPN Routers; Actively Exploited RCE Flaw Impacting VMware vCenter; Russian Linked Threat Actor Linked in Cyber Espionage Campaign, and More.

Palo Alto Recommends Urgent Mitigation For Authentication Bypass Vulnerability in PAN-OS

Weekly Top 10: 11.18.2024: Microsoft Exchange Adds Warning to Emails Abusing Spoofing Flaw; Evasive ZIP Concatenation: Trojan Targets Windows Users; Microsoft November 2024 Patch Tuesday Fixes 4 Zero-Days, 89 Flaws, and More.

Education

Protecting Microsoft Teams From Data Exfiltration – A Tactical DLP Rule

Anatomy of a Data Breach

OpenAI Cybersecurity Research

Breach Report: Healthcare

Analysis of GalComm Chrome Extension Malware