Weekly Top Ten Cybersecurity Stories – 10.28.2022 – Innovate Cybersecurity

WEEKLY TOP TEN | OCTOBER 28, 2022 19:11 GMT

Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:

Newly Discovered Windows Flaw Allows for JavaScript to Bypass Important Mark-of-the-Web Security Features
https://www.bleepingcomputer.com/news/security/exploited-windows-zero-day-lets-javascript-files-bypass-security-warnings/
Complex Typosquatting Campaign Reaches 200+ Websites, 25+ Brands to Trick Victims into Downloading Malware
https://www.bleepingcomputer.com/news/security/typosquat-campaign-mimics-27-brands-to-push-windows-android-malware/
VMWare Workspace ONE CVE-2022-22954 Vulnerability in Active Exploitation by Threat Actors
https://securityaffairs.co/wordpress/137483/hacking/vmware-workspace-one-access-flaw.html
QakBot Abusing Valid Signed Certificate To Infect Networks With Black Basta Ransomware
https://www.trendmicro.com/en_us/research/22/j/where-is-the-origin-qakbot-uses-valid-code-signing-.html
Emotet Using Self-Unlocking Encrypted RARs to Bypass Defenses
https://thehackernew s .com/2022/10/emotet-botnet-distributing-self.html
“Dormant Colors” Malvertising Campaign Reaches 1M+ Installs on Browsers
https://securityaffairs.co/wordpress/137587/malware/malicious-chrome-extensions-dormant-colors.html
New “Kiss-a-dog” Cryptojacking Campaign Targeting Docker & Kubernetes Instances
https://thehackernews.com/2022/10/new-cryptojacking-campaign-targeting.html
SQLite Vulnerability 2022-35737 Allowing for Overflow Atttacks Discovered After 22 Years
https://securityaffairs.co/wordpress/137629/hacking/cve-2022-35737-sqlite-bug.html
Windows Event Log-centric Flaws “LogCrusher” and “Overlog” Disclosed by Security Researchers
https://thehackernews.com/2022/10/researchers-detail-windows-event-log.html
Microsoft Pipes Azure AD Identity Protection Alerts to M365 Defender
https://www.theregister.com/2022/10/26/microsoft_365_identity_protection/

Hand-Picked Top-Read Stories

The Risks of Cybersecurity Vulnerabilities: How They’re Impacting Public Utilities

Why is DDoS Still So Effective After 20 Years?

Weekly Top 10: 12.16.2024: OpenWrt Flaw Allows Distribution of Malicious Firmware; Vulnerability in WPForms Allows for Arbitrary Stripe Refunds; AuthQuake Attack Allows MFA Bypass for Microsoft Accounts, and More.

Trending Tags

Weekly Top Ten Cybersecurity Stories – 10.28.2022

Previous Post

Don’t Get Spooked This Halloween: 5 Ways To Protect Your Business from Cyber Attackers

Next Post

Weekly Top Ten Cybersecurity Stories – 11.4.2022

Threat Advisories

Weekly Top 10: 12.16.2024: OpenWrt Flaw Allows Distribution of Malicious Firmware; Vulnerability in WPForms Allows for Arbitrary Stripe Refunds; AuthQuake Attack Allows MFA Bypass for Microsoft Accounts, and More.

Weekly Top 10: 12.9.2024: New Windows Zero-Day Exposes NTLM Credentials, Gets Unofficial Patch; Supply Chain Attack Detected in Solana’s web3.js Library; Snowblind: The Invisible Hand of Secret Blizzard, and More.

Weekly Top 10: 11.25.2024: Critical Flaw in End-of-Life D-Link VPN Routers; Actively Exploited RCE Flaw Impacting VMware vCenter; Russian Linked Threat Actor Linked in Cyber Espionage Campaign, and More.

Palo Alto Recommends Urgent Mitigation For Authentication Bypass Vulnerability in PAN-OS

Weekly Top 10: 11.18.2024: Microsoft Exchange Adds Warning to Emails Abusing Spoofing Flaw; Evasive ZIP Concatenation: Trojan Targets Windows Users; Microsoft November 2024 Patch Tuesday Fixes 4 Zero-Days, 89 Flaws, and More.

Education

Protecting Microsoft Teams From Data Exfiltration – A Tactical DLP Rule

Anatomy of a Data Breach

OpenAI Cybersecurity Research

Breach Report: Healthcare

Analysis of GalComm Chrome Extension Malware