By security practitioners, for security practitioners novacoast federal | Apex Program | novacoast | about innovate
By security practitioners, for security practitioners

Weekly Top Ten Cybersecurity Stories – 1.20.2023

WEEKLY TOP TEN | JANUARY 20, 2023 18:10 GMT

Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:

  1. Poisoned Google Search Results Create Increasingly Convincing Phishing Websites
    https://www.bleepingcomputer.com/news/security/hackers-push-malware-via-google-search-ads-for-vlc-7-zip-ccleaner/
  2. Ransomware Actors Add DDoS To Their Arsenal, Creating Triple Extortion Threat for Businesses
    https://blog.cyble.com/2023/01/13/ransomware-extortion-techniques-a-growing-concern-for-organizations/
  3. Threat Actors Turn to Polyglot Files To Minimize Detection Risks
    https://thehackernews.com/2023/01/cybercriminals-using-polyglot-files-in.html
  4. US CISA Adds CVE-2022-44877 Affecting CentOS Web Panel to the Known Exploited Vulnerabilities Catalog
    https://securityaffairs.com/140989/security/centos-web-panel-rce-known-exploited-vulnerabilities-catalog.html
  5. 4,000+ Sophos Firewalls Remain Unpatched, Vulnerable to CVE-2022-3236 Remote Code Execution Vulnerability
    https://www.computing.co.uk/news/4062871/sophos-firewall-servers-vulnerable-code-injection-vulnerability
  6. Threat Actors Turn to Blank SVG Image Files to Deploy Malicious Scripts in Phishing Attacks
    https://www.bleepingcomputer.com/news/security/new-blank-image-attack-hides-phishing-scripts-in-svg-files/
  7. ESET Discusses Recent Trends for Tech Support Scams
    https://www.welivesecurity.com/2023/01/19/tech-support-scammers-still-at-it-what-look-out-for/
  8. Recent Nissan Data Breach Attributed to Exposed Third Party System
    https://www.bleepingcomputer.com/news/security/nissan-north-america-data-breach-caused-by-vendor-exposed-database/
  9. MSI Security Misconfiguration Allows for Attackers to Create Insecure Boot Scenario on Hundreds of Motherboards
    https://www.bleepingcomputer.com/news/security/msi-accidentally-breaks-secure-boot-for-hundreds-of-motherboards/
  10. Security Researchers Discover Discord Bot Used for C2 Communication with Threat Actors
    https://securityintelligence.com/posts/self-checkout-discord-c2/
Previous Post

Weekly Top Ten Cybersecurity Stories – 1.13.2023

Next Post

Building a Foundational Data Classification Strategy

Innovate uses cookies to give you the best online experience. If you continue to use this site, you agree to the use of cookies. Please see our privacy policy for details.