WEEKLY TOP TEN | APRIL 28, 2023 15:52 GMT
Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:
- Critical Vulnerabilities in PaperCut Print Management Software
https://www.huntress.com/blog/critical-vulnerabilities-in-papercut-print-management-software - New high-severity vulnerability CVE-2023-29552 discovered in the Service Location Protocol SLP
https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp - Cisco discloses XSS zero-day flaw in server management tool
https://www.bleepingcomputer.com/news/security/cisco-discloses-xss-zero-day-flaw-in-server-management-tool/ - EvilExtractor: All-in-One Stealer
https://www.fortinet.com/blog/threat-research/evil-extractor-all-in-one-stealer - “AuKill” EDR killer malware abuses process explorer driver
https://news.sophos.com/en-us/2023/04/19/aukill-edr-killer-malware-abuses-process-explorer-driver/ - RTM Locker Ransomware as a Service RaaS Now Suits Up for Linux Architecture
https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux - Google Gets Court Order to Take Down CryptBot That Infected Over 670,000 Computers
https://thehackernews.com/2023/04/google-gets-court-order-to-take-down.html - Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers
https://thehackernews.com/2023/04/apache-superset-vulnerability-insecure.html - BlueNoroff APT group targets macOS with ‘RustBucket’ Malware
https://www.jamf.com/blog/bluenoroff-apt-targets-macos-rustbucket-malware/ - Compromising Garmin’s Sport Watches: A Deep Dive into GarminOS and its MonkeyC Virtual Machine
https://www.anvilsecure.com/blog/compromising-garmins-sport-watches-a-deep-dive-into-garminos-and-its-monkeyc-virtual-machine.html
