By security practitioners, for security practitioners novacoast federal | Apex Program | novacoast | about innovate
By security practitioners, for security practitioners

Weekly Top 10 – 6.9.2023 – OneDrive Down After DDoS, Win32k Exploit, Hacked Barracuda Appliances

WEEKLY TOP TEN | JUNE 9, 2023 14:11 GMT

Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk and multiple sources if available:

Microsoft OneDrive down worldwide following claims of DDoS attacks
https://www.bleepingcomputer.com/news/microsoft/microsoft-onedrive-down-worldwide-following-claims-of-ddos-attacks/

PoC released for Windows Win32k bug exploited in attacks
(1) https://www.cisa.gov/news-events/alerts/2023/05/09/cisa-adds-one-known-exploited-vulnerability-catalog
(2) https://blog.avast.com/avast-patches-microsoft-vulnerability

Barracuda says hacked ESG appliances must be replaced immediately
https://www.barracuda.com/company/legal/esg-vulnerability

Cisco fixes AnyConnect bug giving Windows SYSTEM privileges
https://www.bleepingcomputer.com/news/security/cisco-fixes-anyconnect-bug-giving-windows-system-privileges/

New ‘PowerDrop’ PowerShell malware targets U.S. aerospace industry
https://www.bleepingcomputer.com/news/security/new-powerdrop-powershell-malware-targets-us-aerospace-industry/

SpinOk Android malware found in more apps with 30 million installs
(1) https://www.bleepingcomputer.com/news/security/spinok-android-malware-found-in-more-apps-with-30-million-installs/
(2) https://news.drweb.com/show/?i=14705&lng=en

Clop Ransomware Gang Likely Aware of MOVEit Transfer Vulnerability Since 2021
(1) https://thehackernews.com/2023/06/clop-ransomware-gang-likely-exploiting.html
(2) https://www.cisa.gov/news-events/alerts/2023/06/07/cisa-and-fbi-release-stopransomware-cl0p-ransomware-gang-exploits-moveit-vulnerability

Asylum Ambuscade: crimeware or cyberespionage?
https://www.welivesecurity.com/2023/06/08/asylum-ambuscade-crimeware-or-cyberespionage/

Japanese pharma giant Eisai discloses ransomware attack
https://www.eisai.com/news/2023/news202341.html

Zero-Day Alert: Google Issues Patch for New Chrome Vulnerability – Update Now!
(1) https://thehackernews.com/2023/06/zero-day-alert-google-issues-patch-for.html
(2) https://nvd.nist.gov/vuln/detail/CVE-2023-3079

Previous Post

Living Off the Land Attacks: The Risks

Next Post

The Art of ATT&CK

Innovate uses cookies to give you the best online experience. If you continue to use this site, you agree to the use of cookies. Please see our privacy policy for details.