By security practitioners, for security practitioners novacoast federal | Apex Program | novacoast | about innovate
By security practitioners, for security practitioners

Weekly Top Ten Cybersecurity Stories – 12.9.2022

WEEKLY TOP TEN | DECEMBER 9, 2022 20:12 GMT

Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:

  1. Security Flaws Found in Servers from Major Manufacturers Allow for Remote Code Execution
    https://thehackernews.com/2022/12/new-bmc-supply-chain-vulnerabilities.html
  2. CISA Calls for Patching of Google Chrome CVE-2022-4262
    https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-patch-exploited-google-chrome-bug-by-dec-26th/
  3. ZeroBot Botnet Exploiting Numerous Hardware Vulnerabilities to Propagate
    https://www.fortinet.com/blog/threat-research/zerobot-new-go-based-botnet-campaign-targets-multiple-vulnerabilities
  4. Researchers Successfully Chain Multiple Linux Ubuntu Flaws to Gain Root Privileges
    https://securityaffairs.co/wordpress/139209/hacking/three-linux-bugs-full-root-privileges.html
  5. “Bleed You” Campaign Targeting Vulnerable Windows Servers to Deploy Ransomware and Other Malware
    https://www.darkreading.com/threat-intelligence/cyber-threat-weak-windows-servers-bleed-you-campaign
  6. RediGo Malware Abusing CVE-2022-0543 to Target Redis Servers
    https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html
  7. Multiple Android OEM Signing Keys Leaked and in Active Abuse by Threat Actors
    https://www.schneier.com/blog/archives/2022/12/leaked-signing-keys-are-being-used-to-sign-malware.html
  8. Zombinder Darknet Platform Found to Be Packaging Legitimate Android Applications with Malware
    https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/
  9. Scarcruft APT Abusing Internet Explorer CVE-2022-41128 Zero Day to Deploy ROKRAT and Other Malware
    https://blog.google/threat-analysis-group/internet-explorer-0-day-exploited-by-north-korean-actor-apt37/
  10. Sophos Firewall 19.5 CVE-2022-326 Patched by the Company
    https://securityaffairs.co/wordpress/139362/security/sophos-firewall-critical-flaw.html
Previous Post

My Conversation With OpenAI About Cybersecurity

Next Post

Critical Citrix ADC and Gateway Zero-Day Actively Exploited

Innovate uses cookies to give you the best online experience. If you continue to use this site, you agree to the use of cookies. Please see our privacy policy for details.