Weekly Top Ten Cybersecurity Stories – 8.26.2022 – Innovate Cybersecurity

WEEKLY TOP TEN | AUGUST 26, 2022 17:25 GMT

Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:

Palo Alto Warns of 1100% Uptick in Phishing Abusing SaaS Platforms to Evade Detection
https://www.bleepingcomputer.com/news/security/phishing-attacks-abusing-saas-platforms-see-a-massive-1-100-percent-growth/
“Oktapus” Phishing Campaign Hits 130+ Companies, Steal 9,900 Credentials
https://www.bleepingcomputer.com/news/security/twilio-hackers-hit-over-130-orgs-in-massive-okta-phishing-attack/
Cybereason Alerts of HavanaCrypt Campaign Masquerading as Google Updater
https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Cisco Patches AsyncOS CVE-2022-20871 Vulnerability Allowing for Privilege Escalation
https://securityaffairs.co/wordpress/134580/security/cisco-secure-web-appliance-flaw.html
FBI Warns of Increasing Use of Residential IP Proxies To Complicate Detection While Performing Credential Stuffing Attacks
https://www.bleepingcomputer.com/news/security/fbi-warns-of-residential-proxies-used-in-credential-stuffing-attacks/
“DirtyCred” Linux Vulnerability Discovered by Security Researchers, Called “As Nasty As Dirty Pipe”
https://thehackernews.com/2022/08/as-nasty-as-dirty-pipe-8-year-old-linux.html
Cozy Bear APT Using Dormant Accounts to Bypass MFA and Harvest Emails
https://www.zdnet.com/article/hackers-are-using-this-sneaky-trick-to-exploit-dormant-microsoft-cloud-accounts-and-bypass-multi-factor-authentication/
Researchers Discover Escanor RAT Targeting IoT and Devices within Banking Industry
https://securityaffairs.co/wordpress/134697/malware/escanor-malware-ms-docs.html
XCSSET macOS Malware Updates to Better Target Monterey Distro
https://thehackernews.com/2022/08/xcsset-malware-updates-with-python-3-to.html
CISA Adds PAN-OS CVE-2022-0028 Denial of Service Vulnerability to Known Exploited Vulnerability Catalog
https://securityaffairs.co/wordpress/134749/security/palo-alto-networks-pan-os-flaw-2.html

Hand-Picked Top-Read Stories

The Risks of Cybersecurity Vulnerabilities: How They’re Impacting Public Utilities

Why is DDoS Still So Effective After 20 Years?

Weekly Top 10: 12.16.2024: OpenWrt Flaw Allows Distribution of Malicious Firmware; Vulnerability in WPForms Allows for Arbitrary Stripe Refunds; AuthQuake Attack Allows MFA Bypass for Microsoft Accounts, and More.

Trending Tags

Weekly Top Ten Cybersecurity Stories – 8.26.2022

Previous Post

CISA Warns of Exploited DDoS Vulnerability Impacting Palo Alto Firewalls

Next Post

Fire Eye Training and Certification

Threat Advisories

Weekly Top 10: 12.16.2024: OpenWrt Flaw Allows Distribution of Malicious Firmware; Vulnerability in WPForms Allows for Arbitrary Stripe Refunds; AuthQuake Attack Allows MFA Bypass for Microsoft Accounts, and More.

Weekly Top 10: 12.9.2024: New Windows Zero-Day Exposes NTLM Credentials, Gets Unofficial Patch; Supply Chain Attack Detected in Solana’s web3.js Library; Snowblind: The Invisible Hand of Secret Blizzard, and More.

Weekly Top 10: 11.25.2024: Critical Flaw in End-of-Life D-Link VPN Routers; Actively Exploited RCE Flaw Impacting VMware vCenter; Russian Linked Threat Actor Linked in Cyber Espionage Campaign, and More.

Palo Alto Recommends Urgent Mitigation For Authentication Bypass Vulnerability in PAN-OS

Weekly Top 10: 11.18.2024: Microsoft Exchange Adds Warning to Emails Abusing Spoofing Flaw; Evasive ZIP Concatenation: Trojan Targets Windows Users; Microsoft November 2024 Patch Tuesday Fixes 4 Zero-Days, 89 Flaws, and More.

Education

Protecting Microsoft Teams From Data Exfiltration – A Tactical DLP Rule

Anatomy of a Data Breach

OpenAI Cybersecurity Research

Breach Report: Healthcare

Analysis of GalComm Chrome Extension Malware