By security practitioners, for security practitioners novacoast federal | Apex Program | novacoast | about innovate
By security practitioners, for security practitioners

Weekly Top Ten Cybersecurity Stories – 12.16.2022

WEEKLY TOP TEN | DECEMBER 16, 2022 15:26 GMT

Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:

  1. New SQL Injection Techniques Discovered Capable of Bypassing Web Application Firewalls
    https://www.csoonline.com/article/3682770/json-based-sql-injection-attacks-trigger-need-to-update-web-application-firewalls.html
  2. SPNEGO CVE-2022-37958 Reclassified to Higher “Critical” Status After Remote Code Execution (RCE) Exploit Discovered
    https://thehackernews.com/2022/12/microsoft-reclassifies-spnego-extended.html
  3. NSA Calls for Companies to Patch CVE-2022-27518 Affecting Citrix ADC and Gateway
    https://securityaffairs.co/wordpress/139609/apt/citrix-adc-gateway-cve-2022-27518.html
  4. Microsoft Hardware Developer Program Signs Several Malicious Drivers Used by Ransomware Actors
    https://thehackernews.com/2022/12/ransomware-attackers-use-microsoft.html
  5. Threat Actors Leveraging FIFA World Cup for Multiple Phishing Campaigns
    https://blog.cyble.com/2022/12/09/threat-actors-targeting-fans-amid-fifa-world-cup-fever/
  6. QBot Campaign Using HTML Smuggling via SVG Images to Infect Computers
    https://securityaffairs.co/wordpress/139658/cyber-crime/qbot-html-smuggling-svg.html
  7. Typosquatting Campaign Continuing to Target Python & Javascript Developers w/ Ransomware-laced PyPI Packages
    https://www.securityweek.com/python-javascript-developers-targeted-fake-packages-delivering-ransomware
  8. Researchers Discover Method to Force Several Popular EDR and AV Software to Wipe Data
    https://www.bleepingcomputer.com/news/security/antivirus-and-edr-solutions-tricked-into-acting-as-data-wipers/
  9. Microsoft December Patch Tuesday Can Cause Issues with Hyper-V Virtual Machines
    https://www.bleepingcomputer.com/news/microsoft/microsoft-december-windows-server-updates-break-hyper-v-vm-creation/
  10. Fortinet Patches CVE-2022-42475 Arbitrary Code Execution Vuln Affecting FortiOS SSL-VPN
    https://securityaffairs.co/wordpress/139569/hacking/fortinet-fortios-ssl-vpn-bug.html
Previous Post

A Threat Hunter’s Breakdown Of Magniber Ransomware

Next Post

OpenAI Cybersecurity Research

Innovate uses cookies to give you the best online experience. If you continue to use this site, you agree to the use of cookies. Please see our privacy policy for details.