Weekly Top 10 – 6.9.2023 – OneDrive Down After DDoS, Win32k Exploit, Hacked Barracuda Appliances

WEEKLY TOP TEN | JUNE 9, 2023 14:11 GMT

Microsoft OneDrive down worldwide following claims of DDoS attacks
https://www.bleepingcomputer.com/news/microsoft/microsoft-onedrive-down-worldwide-following-claims-of-ddos-attacks/

PoC released for Windows Win32k bug exploited in attacks
(1) https://www.cisa.gov/news-events/alerts/2023/05/09/cisa-adds-one-known-exploited-vulnerability-catalog
(2) https://blog.avast.com/avast-patches-microsoft-vulnerability

Barracuda says hacked ESG appliances must be replaced immediately
https://www.barracuda.com/company/legal/esg-vulnerability

Cisco fixes AnyConnect bug giving Windows SYSTEM privileges
https://www.bleepingcomputer.com/news/security/cisco-fixes-anyconnect-bug-giving-windows-system-privileges/

New ‘PowerDrop’ PowerShell malware targets U.S. aerospace industry
https://www.bleepingcomputer.com/news/security/new-powerdrop-powershell-malware-targets-us-aerospace-industry/

SpinOk Android malware found in more apps with 30 million installs
(1) https://www.bleepingcomputer.com/news/security/spinok-android-malware-found-in-more-apps-with-30-million-installs/
(2) https://news.drweb.com/show/?i=14705&lng=en

Clop Ransomware Gang Likely Aware of MOVEit Transfer Vulnerability Since 2021
(1) https://thehackernews.com/2023/06/clop-ransomware-gang-likely-exploiting.html
(2) https://www.cisa.gov/news-events/alerts/2023/06/07/cisa-and-fbi-release-stopransomware-cl0p-ransomware-gang-exploits-moveit-vulnerability

Asylum Ambuscade: crimeware or cyberespionage?
https://www.welivesecurity.com/2023/06/08/asylum-ambuscade-crimeware-or-cyberespionage/

Japanese pharma giant Eisai discloses ransomware attack
https://www.eisai.com/news/2023/news202341.html

Zero-Day Alert: Google Issues Patch for New Chrome Vulnerability – Update Now!
(1) https://thehackernews.com/2023/06/zero-day-alert-google-issues-patch-for.html
(2) https://nvd.nist.gov/vuln/detail/CVE-2023-3079