Weekly Top Ten Cybersecurity Stories – 1.13.2023 – Innovate Cybersecurity

WEEKLY TOP TEN | JANUARY 13, 2023 16:15 GMT

Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:

CISA Adds CVE-2022-41080 Microsoft Exchange Privilege Escalation Flaw to Known Exploited Vulnerabilities Catalog
https://securityaffairs.com/140647/security/cisa-known-exploited-vulnerabilities-catalog-cve-2022-41080.html
1,000+ Fake AnyDesk Websites Found to Contain Vidar Information Stealer
https://www.bleepingcomputer.com/news/security/over-1-300-fake-anydesk-sites-push-vidar-info-stealing-malware/
Security Audit on US Federal Agency Discovers Worrisome Trends in Password Security
https://arstechnica.com/information-technology/2023/01/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit/
Researchers at Cybereason Warn of Uptick in Increasingly Fast IcedID Infections Abusing Legitimate Tools for Evasion
https://thehackernews.com/2023/01/icedid-malware-strikes-again-active.html
Active Phishing Campaign Pushing IcedID-laced Zoom Installer
https://securityaffairs.com/140465/malware/icedid-targets-zoom-users.html
Cisco Discloses No-Workaround CVE-2023-20025 Affects Multiple Router Models, Several at End-of-Life
https://www.bleepingcomputer.com/news/security/cisco-warns-of-auth-bypass-bug-with-public-exploit-in-eol-routers/
Zoho Patches Password Manager Pro SQL Injection Vulnerability CVE-2022-47523
https://securityaffairs.com/140369/security/zoho-sql-injection-manageengine.html
Dridex Banking Trojan Expands to Targeting macOS Computers
https://securityaffairs.com/140488/malware/dridex-banking-malware-macos.html
Signal-alternative Threema Found to Contain Several Flaws in Security Architecture
https://arstechnica.com/information-technology/2023/01/messenger-billed-as-better-than-signal-is-riddled-with-vulnerabilities/
“TrojanPuzzle” Attack Allowing for Insertion of Malicious Code by AI Coding Assistants Discovered by Security Researchers
https://www.bleepingcomputer.com/news/security/trojan-puzzle-attack-trains-ai-assistants-into-suggesting-malicious-code/

Hand-Picked Top-Read Stories

Weekly Top 10 – 04.22.2024- MITRE breach, Hackers Exploit Fortinet Flaw, UNDP investigates ransomware attack, and More.

Weekly Top 10 – 04.15.2024- Google Bug Bounties, Medusa Ransomware Returns, LG Smart TVs Vulnerable, and More.

Weekly Top 10 – 04.9.2024- XZ Utils Backdoor, Vultur Banking Trojan, New Chrome Features, and More.

Trending Tags

Weekly Top Ten Cybersecurity Stories – 1.13.2023

Previous Post

Reimagining Enterprise Cybersecurity for All

Next Post

Weekly Top Ten Cybersecurity Stories – 1.20.2023

The New Standard of

Cybersecurity
Education

Innovate Cybersecurity Summit

Threat Advisories

Weekly Top 10 – 04.22.2024- MITRE breach, Hackers Exploit Fortinet Flaw, UNDP investigates ransomware attack, and More.

Weekly Top 10 – 04.15.2024- Google Bug Bounties, Medusa Ransomware Returns, LG Smart TVs Vulnerable, and More.

Weekly Top 10 – 04.9.2024- XZ Utils Backdoor, Vultur Banking Trojan, New Chrome Features, and More.

Weekly Top 10 – 04.2.2024- SharePoint and AMD Vulnerabilities, Password Spraying VPN Attacks, Tycoon 2FA, and More.

Weekly Top 10 – 03.25.2024- AI Enhanced Cyber Attacks Rising, Microsoft Warns Taxpayers of Tax Return Phishing Scams, “Fluffy Wolf” Stealer Malware Targets Corporate Environments, and More.

Education

Protecting Microsoft Teams From Data Exfiltration – A Tactical DLP Rule

Anatomy of a Data Breach

OpenAI Cybersecurity Research

Breach Report: Healthcare

Analysis of GalComm Chrome Extension Malware