Weekly Top Ten Cybersecurity Stories – 1.13.2023 – Innovate Cybersecurity

WEEKLY TOP TEN | JANUARY 13, 2023 16:15 GMT

Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:

CISA Adds CVE-2022-41080 Microsoft Exchange Privilege Escalation Flaw to Known Exploited Vulnerabilities Catalog
https://securityaffairs.com/140647/security/cisa-known-exploited-vulnerabilities-catalog-cve-2022-41080.html
1,000+ Fake AnyDesk Websites Found to Contain Vidar Information Stealer
https://www.bleepingcomputer.com/news/security/over-1-300-fake-anydesk-sites-push-vidar-info-stealing-malware/
Security Audit on US Federal Agency Discovers Worrisome Trends in Password Security
https://arstechnica.com/information-technology/2023/01/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit/
Researchers at Cybereason Warn of Uptick in Increasingly Fast IcedID Infections Abusing Legitimate Tools for Evasion
https://thehackernews.com/2023/01/icedid-malware-strikes-again-active.html
Active Phishing Campaign Pushing IcedID-laced Zoom Installer
https://securityaffairs.com/140465/malware/icedid-targets-zoom-users.html
Cisco Discloses No-Workaround CVE-2023-20025 Affects Multiple Router Models, Several at End-of-Life
https://www.bleepingcomputer.com/news/security/cisco-warns-of-auth-bypass-bug-with-public-exploit-in-eol-routers/
Zoho Patches Password Manager Pro SQL Injection Vulnerability CVE-2022-47523
https://securityaffairs.com/140369/security/zoho-sql-injection-manageengine.html
Dridex Banking Trojan Expands to Targeting macOS Computers
https://securityaffairs.com/140488/malware/dridex-banking-malware-macos.html
Signal-alternative Threema Found to Contain Several Flaws in Security Architecture
https://arstechnica.com/information-technology/2023/01/messenger-billed-as-better-than-signal-is-riddled-with-vulnerabilities/
“TrojanPuzzle” Attack Allowing for Insertion of Malicious Code by AI Coding Assistants Discovered by Security Researchers
https://www.bleepingcomputer.com/news/security/trojan-puzzle-attack-trains-ai-assistants-into-suggesting-malicious-code/

Hand-Picked Top-Read Stories

Palo Alto Recommends Urgent Mitigation For Authentication Bypass Vulnerability in PAN-OS

Weekly Top 10: 11.18.2024: Microsoft Exchange Adds Warning to Emails Abusing Spoofing Flaw; Evasive ZIP Concatenation: Trojan Targets Windows Users; Microsoft November 2024 Patch Tuesday Fixes 4 Zero-Days, 89 Flaws, and More.

What Happened To The Internet Archive?

Trending Tags

Weekly Top Ten Cybersecurity Stories – 1.13.2023

Previous Post

Reimagining Enterprise Cybersecurity for All

Next Post

Weekly Top Ten Cybersecurity Stories – 1.20.2023

Threat Advisories

Palo Alto Recommends Urgent Mitigation For Authentication Bypass Vulnerability in PAN-OS

Weekly Top 10: 11.18.2024: Microsoft Exchange Adds Warning to Emails Abusing Spoofing Flaw; Evasive ZIP Concatenation: Trojan Targets Windows Users; Microsoft November 2024 Patch Tuesday Fixes 4 Zero-Days, 89 Flaws, and More.

Weekly Top 10: 11.11.2024: Veeam Backup Exploit Used by Frag Ransomware; North Korean Hackers Use macOS Malware to Steal Crypto; Palo Alto PAN-OS May be Vulnerable to RCE, and More.

Weekly Top 10: 11.04.2024: Android Malware ‘FakeCall’ Hijacks Outgoing Calls; PTZ Cameras Being Targeted Using Two Zero-Days; Hacker Group TeamTNT Targets Docker Environments, and More.

Weekly Top 10: 10.28.2024: Severe Flaws in E2EE Cloud Storage Platforms Used by Millions; ClickFix Tactic: The Phantom Meet; Firm Hacked After Accidentally Hiring North Korean Cyber Criminal, and More.

Education

Protecting Microsoft Teams From Data Exfiltration – A Tactical DLP Rule

Anatomy of a Data Breach

OpenAI Cybersecurity Research

Breach Report: Healthcare

Analysis of GalComm Chrome Extension Malware