By security practitioners, for security practitioners novacoast federal | Pillr | novacoast | about innovate
Hand-Picked Top-Read Stories
Trending Tags
By security practitioners, for security practitioners

Weekly Top 10 – 7.31.2023 – IDOR, Ivanti Bugs, SEC Reporting Deadline Mandate

WEEKLY TOP TEN | JULY 31, 2023 12:39 GMT

Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk and multiple sources if available:

  1. Cybersecurity Agencies Warn Against IDOR Bugs Exploited for Data Breaches
    (1) https://thehackernews.com/2023/07/cybersecurity-agencies-warn-against.html
    (2) https://www.cisa.gov/news-events/alerts/2023/07/27/cisa-and-partners-release-joint-cybersecurity-advisory-preventing-web-application-access-control
  2. CISA warns govt agencies to patch Ivanti bug exploited in attacks
    (1) https://www.bleepingcomputer.com/news/security/cisa-warns-govt-agencies-to-patch-ivanti-bug-exploited-in-attacks/
    (2) https://www.cisa.gov/news-events/alerts/2023/07/25/cisa-adds-one-known-exploited-vulnerability-catalog
  3. SEC now requires companies to disclose cyberattacks in 4 days
    (1) https://www.bleepingcomputer.com/news/security/sec-now-requires-companies-to-disclose-cyberattacks-in-4-days/
    (2) https://www.sec.gov/news/press-release/2023-139
  4. Hackers Abusing Windows Search Feature to Install Remote Access Trojans
    (1) https://thehackernews.com/2023/07/hackers-abusing-windows-search-feature.html
    (2) https://www.trellix.com/en-us/about/newsroom/stories/research/beyond-file-search-a-novel-method.html
  5. New Nitrogen malware pushed via Google Ads for ransomware attacks
    (1) https://www.bleepingcomputer.com/news/security/new-nitrogen-malware-pushed-via-google-ads-for-ransomware-attacks/
    (2) https://news.sophos.com/en-us/2023/07/26/into-the-tank-with-nitrogen/
  6. ALPHV ransomware adds data leak API in new extortion strategy
    https://www.bleepingcomputer.com/news/security/alphv-ransomware-adds-data-leak-api-in-new-extortion-strategy/
  7. 8 million people hit by data breach at US govt contractor Maximus
    https://www.bleepingcomputer.com/news/security/8-million-people-hit-by-data-breach-at-us-govt-contractor-maximus/
  8. Lazarus hackers hijack Microsoft IIS servers to spread malware
    https://www.bleepingcomputer.com/news/security/lazarus-hackers-hijack-microsoft-iis-servers-to-spread-malware/
  9. IcedID Malware Adapts and Expands Threat with Updated BackConnect Module
    https://thehackernews.com/2023/07/icedid-malware-adapts-and-expands.html
  10. A Data Exfiltration Attack Scenario: The Porsche Experience
    https://thehackernews.com/2023/07/a-data-exfiltration-attack-scenario.html
Previous Post

Weekly Top 10 – 7.24.2023 – MS Exchange malware, WormGPT, Citrix Exploit

July 27, 2023 15:24 GMT
Next Post

WormGPT and BlackMamba: AI-Generated Phishing And Malware Attacks

August 8, 2023 17:05 GMT
Innovate uses cookies to give you the best online experience. If you continue to use this site, you agree to the use of cookies. Please see our privacy policy for details.