Weekly Top Ten Cybersecurity Stories – 5.5.2023 – Innovate Cybersecurity

WEEKLY TOP TEN | MAY 5, 2023 16:10 GMT

Happy Cinco De Mayo! Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:

City of Dallas hit by Royal ransomware attack impacting IT services
https://www.bleepingcomputer.com/news/security/city-of-dallas-hit-by-royal-ransomware-attack-impacting-it-services/

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a
Ransomware gang hijacks university alert system to issue threats https://www.bleepingcomputer.com/news/security/ransomware-gang-hijacks-university-alert-system-to-issue-threats/
The beginning of the end of the password
https://blog.google/technology/safety-security/the-beginning-of-the-end-of-the-password/
Alert: Active Exploitation of TP-Link, Apache, and Oracle Vulnerabilities Detected https://thehackernews.com/2023/05/active-exploitation-of-tp-link-apache.html
Google will remove secure website indicators in Chrome 117 https://www.bleepingcomputer.com/news/google/google-will-remove-secure-website-indicators-in-chrome-117/

https://blog.chromium.org/2023/05/an-update-on-lock-icon.html
Not quite an Easter egg: a new family of Trojan subscribers on Google Play
https://securelist.com/fleckpe-a-new-family-of-trojan-subscribers-on-google-play/109643/
A doubled “Dragon Breath” adds new air to DLL sideloading attacks
https://news.sophos.com/en-us/2023/05/03/doubled-dll-sideloading-dragon-breath/
When Good APIs Go Bad: Uncovering 3 Azure API Management Vulnerabilities https://ermetic.com/blog/azure/when-good-apis-go-bad-uncovering-3-azure-api-management-vulnerabilities/
Attack on Security Titans: Earth Longzhi Returns With New Tricks https://www.trendmicro.com/en_us/research/23/e/attack-on-security-titans-earth-longzhi-returns-with-new-tricks.html
New LOBSHOT malware gives hackers hidden VNC access to Windows devices https://www.bleepingcomputer.com/news/security/new-lobshot-malware-gives-hackers-hidden-vnc-access-to-windows-devices/

Hand-Picked Top-Read Stories

The Risks of Cybersecurity Vulnerabilities: How They’re Impacting Public Utilities

Why is DDoS Still So Effective After 20 Years?

Weekly Top 10: 12.16.2024: OpenWrt Flaw Allows Distribution of Malicious Firmware; Vulnerability in WPForms Allows for Arbitrary Stripe Refunds; AuthQuake Attack Allows MFA Bypass for Microsoft Accounts, and More.

Trending Tags

Weekly Top Ten Cybersecurity Stories – 5.5.2023

Previous Post

Facing the Cybersecurity Talent Crisis with Innovative Solutions

Next Post

Weekly Top Ten Cybersecurity Stories – 5.12.2023

Threat Advisories

Weekly Top 10: 12.16.2024: OpenWrt Flaw Allows Distribution of Malicious Firmware; Vulnerability in WPForms Allows for Arbitrary Stripe Refunds; AuthQuake Attack Allows MFA Bypass for Microsoft Accounts, and More.

Weekly Top 10: 12.9.2024: New Windows Zero-Day Exposes NTLM Credentials, Gets Unofficial Patch; Supply Chain Attack Detected in Solana’s web3.js Library; Snowblind: The Invisible Hand of Secret Blizzard, and More.

Weekly Top 10: 11.25.2024: Critical Flaw in End-of-Life D-Link VPN Routers; Actively Exploited RCE Flaw Impacting VMware vCenter; Russian Linked Threat Actor Linked in Cyber Espionage Campaign, and More.

Palo Alto Recommends Urgent Mitigation For Authentication Bypass Vulnerability in PAN-OS

Weekly Top 10: 11.18.2024: Microsoft Exchange Adds Warning to Emails Abusing Spoofing Flaw; Evasive ZIP Concatenation: Trojan Targets Windows Users; Microsoft November 2024 Patch Tuesday Fixes 4 Zero-Days, 89 Flaws, and More.

Education

Protecting Microsoft Teams From Data Exfiltration – A Tactical DLP Rule

Anatomy of a Data Breach

OpenAI Cybersecurity Research

Breach Report: Healthcare

Analysis of GalComm Chrome Extension Malware