By security practitioners, for security practitioners novacoast federal | Apex Program | novacoast | about innovate
By security practitioners, for security practitioners

Weekly Top Ten Cybersecurity Stories – 1.13.2023

WEEKLY TOP TEN | JANUARY 13, 2023 16:15 GMT

Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:

  1. CISA Adds CVE-2022-41080 Microsoft Exchange Privilege Escalation Flaw to Known Exploited Vulnerabilities Catalog
    https://securityaffairs.com/140647/security/cisa-known-exploited-vulnerabilities-catalog-cve-2022-41080.html
  2. 1,000+ Fake AnyDesk Websites Found to Contain Vidar Information Stealer
    https://www.bleepingcomputer.com/news/security/over-1-300-fake-anydesk-sites-push-vidar-info-stealing-malware/
  3. Security Audit on US Federal Agency Discovers Worrisome Trends in Password Security
    https://arstechnica.com/information-technology/2023/01/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit/
  4. Researchers at Cybereason Warn of Uptick in Increasingly Fast IcedID Infections Abusing Legitimate Tools for Evasion
    https://thehackernews.com/2023/01/icedid-malware-strikes-again-active.html
  5. Active Phishing Campaign Pushing IcedID-laced Zoom Installer
    https://securityaffairs.com/140465/malware/icedid-targets-zoom-users.html
  6. Cisco Discloses No-Workaround CVE-2023-20025 Affects Multiple Router Models, Several at End-of-Life
    https://www.bleepingcomputer.com/news/security/cisco-warns-of-auth-bypass-bug-with-public-exploit-in-eol-routers/
  7. Zoho Patches Password Manager Pro SQL Injection Vulnerability CVE-2022-47523
    https://securityaffairs.com/140369/security/zoho-sql-injection-manageengine.html
  8. Dridex Banking Trojan Expands to Targeting macOS Computers
    https://securityaffairs.com/140488/malware/dridex-banking-malware-macos.html
  9. Signal-alternative Threema Found to Contain Several Flaws in Security Architecture
    https://arstechnica.com/information-technology/2023/01/messenger-billed-as-better-than-signal-is-riddled-with-vulnerabilities/
  10. “TrojanPuzzle” Attack Allowing for Insertion of Malicious Code by AI Coding Assistants Discovered by Security Researchers
    https://www.bleepingcomputer.com/news/security/trojan-puzzle-attack-trains-ai-assistants-into-suggesting-malicious-code/
Previous Post

Reimagining Enterprise Cybersecurity for All

Next Post

Weekly Top Ten Cybersecurity Stories – 1.20.2023

Innovate uses cookies to give you the best online experience. If you continue to use this site, you agree to the use of cookies. Please see our privacy policy for details.