Weekly Top 10 – 6.23.2023 – BlackLotus Mitigation, GitHub Repojacking, Apple exploits – Innovate Cybersecurity

WEEKLY TOP TEN | JUNE 23, 2023 13:02 GMT

Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk and multiple sources if available:

NSA Releases Guide to Mitigate BlackLotus Threat
https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3435305/nsa-releases-guide-to-mitigate-blacklotus-threat/
CISA orders govt agencies to patch bugs exploited by Russian hackers
https://www.bleepingcomputer.com/news/security/cisa-orders-govt-agencies-to-patch-bugs-exploited-by-russian-hackers/
APT37 hackers deploy new FadeStealer eavesdropping malware
(1) https://www.bleepingcomputer.com/news/security/apt37-hackers-deploy-new-fadestealer-eavesdropping-malware/
(2) https://asec.ahnlab.com/en/54349/
GitHub Dataset Research Reveals Millions Potentially Vulnerable to RepoJacking
https://blog.aquasec.com/github-dataset-research-reveals-millions-potentially-vulnerable-to-repojacking
Beyond The Horizon: Traveling The World On Camaro Dragon’S Usb Flash Drives
https://research.checkpoint.com/2023/beyond-the-horizon-traveling-the-world-on-camaro-dragons-usb-flash-drives/
Threat Group Assessment: Muddled Libra
https://unit42.paloaltonetworks.com/muddled-libra/
Zero-Day Alert: Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari
(1) https://thehackernews.com/2023/06/zero-day-alert-apple-releases-patches.html
(2) https://support.apple.com/en-us/HT201222
Microsoft Teams bug allows malware delivery from external accounts
https://www.bleepingcomputer.com/news/security/microsoft-teams-bug-allows-malware-delivery-from-external-accounts/
Fortinet fixes critical FortiNAC remote command execution flaw
https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-fortinac-remote-command-execution-flaw/
Graphican: Flea Uses New Backdoor in Attacks Targeting Foreign Ministries
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/flea-backdoor-microsoft-graph-apt15

Hand-Picked Top-Read Stories

Innovator Series EP7: Scott Kriz of SGNL

Blockchain – How it Evolved from a Trending Buzzword to Protecting Data Integrity

Weekly Top 10 – 04.29.2024- Custom Exploit Tool by Russian APT Fancy Bear, Coveware Quarterly Report Released, CrushFTP Zero-day Allows Sandbox Escape, and More.

Trending Tags

Weekly Top 10 – 6.23.2023 – BlackLotus Mitigation, GitHub Repojacking, Apple exploits

Previous Post

The Art of ATT&CK

Next Post

The Reddit Controversy, Hacktivism, and the Pandora’s Box of Vigilantism

The New Standard of

Cybersecurity
Education

Innovate Cybersecurity Summit

Threat Advisories

Weekly Top 10 – 04.29.2024- Custom Exploit Tool by Russian APT Fancy Bear, Coveware Quarterly Report Released, CrushFTP Zero-day Allows Sandbox Escape, and More.

Weekly Top 10 – 04.22.2024- MITRE breach, Hackers Exploit Fortinet Flaw, UNDP investigates ransomware attack, and More.

Weekly Top 10 – 04.15.2024- Google Bug Bounties, Medusa Ransomware Returns, LG Smart TVs Vulnerable, and More.

Weekly Top 10 – 04.9.2024- XZ Utils Backdoor, Vultur Banking Trojan, New Chrome Features, and More.

Weekly Top 10 – 04.2.2024- SharePoint and AMD Vulnerabilities, Password Spraying VPN Attacks, Tycoon 2FA, and More.

Education

Protecting Microsoft Teams From Data Exfiltration – A Tactical DLP Rule

Anatomy of a Data Breach

OpenAI Cybersecurity Research

Breach Report: Healthcare

Analysis of GalComm Chrome Extension Malware