Weekly Top Ten Cybersecurity Stories – 1.20.2023 – Innovate Cybersecurity

WEEKLY TOP TEN | JANUARY 20, 2023 18:10 GMT

Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:

Poisoned Google Search Results Create Increasingly Convincing Phishing Websites
https://www.bleepingcomputer.com/news/security/hackers-push-malware-via-google-search-ads-for-vlc-7-zip-ccleaner/
Ransomware Actors Add DDoS To Their Arsenal, Creating Triple Extortion Threat for Businesses
https://blog.cyble.com/2023/01/13/ransomware-extortion-techniques-a-growing-concern-for-organizations/
Threat Actors Turn to Polyglot Files To Minimize Detection Risks
https://thehackernews.com/2023/01/cybercriminals-using-polyglot-files-in.html
US CISA Adds CVE-2022-44877 Affecting CentOS Web Panel to the Known Exploited Vulnerabilities Catalog
https://securityaffairs.com/140989/security/centos-web-panel-rce-known-exploited-vulnerabilities-catalog.html
4,000+ Sophos Firewalls Remain Unpatched, Vulnerable to CVE-2022-3236 Remote Code Execution Vulnerability
https://www.computing.co.uk/news/4062871/sophos-firewall-servers-vulnerable-code-injection-vulnerability
Threat Actors Turn to Blank SVG Image Files to Deploy Malicious Scripts in Phishing Attacks
https://www.bleepingcomputer.com/news/security/new-blank-image-attack-hides-phishing-scripts-in-svg-files/
ESET Discusses Recent Trends for Tech Support Scams
https://www.welivesecurity.com/2023/01/19/tech-support-scammers-still-at-it-what-look-out-for/
Recent Nissan Data Breach Attributed to Exposed Third Party System
https://www.bleepingcomputer.com/news/security/nissan-north-america-data-breach-caused-by-vendor-exposed-database/
MSI Security Misconfiguration Allows for Attackers to Create Insecure Boot Scenario on Hundreds of Motherboards
https://www.bleepingcomputer.com/news/security/msi-accidentally-breaks-secure-boot-for-hundreds-of-motherboards/
Security Researchers Discover Discord Bot Used for C2 Communication with Threat Actors
https://securityintelligence.com/posts/self-checkout-discord-c2/

Hand-Picked Top-Read Stories

Palo Alto Recommends Urgent Mitigation For Authentication Bypass Vulnerability in PAN-OS

Weekly Top 10: 11.18.2024: Microsoft Exchange Adds Warning to Emails Abusing Spoofing Flaw; Evasive ZIP Concatenation: Trojan Targets Windows Users; Microsoft November 2024 Patch Tuesday Fixes 4 Zero-Days, 89 Flaws, and More.

What Happened To The Internet Archive?

Trending Tags

Weekly Top Ten Cybersecurity Stories – 1.20.2023

Previous Post

Weekly Top Ten Cybersecurity Stories – 1.13.2023

Next Post

Building a Foundational Data Classification Strategy

Threat Advisories

Palo Alto Recommends Urgent Mitigation For Authentication Bypass Vulnerability in PAN-OS

Weekly Top 10: 11.18.2024: Microsoft Exchange Adds Warning to Emails Abusing Spoofing Flaw; Evasive ZIP Concatenation: Trojan Targets Windows Users; Microsoft November 2024 Patch Tuesday Fixes 4 Zero-Days, 89 Flaws, and More.

Weekly Top 10: 11.11.2024: Veeam Backup Exploit Used by Frag Ransomware; North Korean Hackers Use macOS Malware to Steal Crypto; Palo Alto PAN-OS May be Vulnerable to RCE, and More.

Weekly Top 10: 11.04.2024: Android Malware ‘FakeCall’ Hijacks Outgoing Calls; PTZ Cameras Being Targeted Using Two Zero-Days; Hacker Group TeamTNT Targets Docker Environments, and More.

Weekly Top 10: 10.28.2024: Severe Flaws in E2EE Cloud Storage Platforms Used by Millions; ClickFix Tactic: The Phantom Meet; Firm Hacked After Accidentally Hiring North Korean Cyber Criminal, and More.

Education

Protecting Microsoft Teams From Data Exfiltration – A Tactical DLP Rule

Anatomy of a Data Breach

OpenAI Cybersecurity Research

Breach Report: Healthcare

Analysis of GalComm Chrome Extension Malware