Weekly Top Ten Cybersecurity Stories – 1.27.2023 – Innovate Cybersecurity

WEEKLY TOP TEN | JANUARY 27, 2023 19:30 GMT

Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:

Threat Actors Pivot Towards OneNote Attachments to Deploy Initial Access Malware, Echoing Former Malicious Document Strategies
https://www.bleepingcomputer.com/news/security/hackers-now-use-microsoft-onenote-attachments-to-spread-malware/
CISA Releases Guidelines to Secure Networks Against Remote Management Software Abuse in Wake of Federal Agency Breaches By RMM
https://thehackernews.com/2023/01/us-federal-agencies-fall-victim-to.html
Researchers Release Proof of Concept Code Exploiting Windows CryptoAPI CVE-2022-34689 Allowing MD5 Certificate Collision Attacks
https://www.bleepingcomputer.com/news/security/exploit-released-for-critical-windows-cryptoapi-spoofing-bug/
Cisco Warns Multiple End-of-Life Routers Vulnerable to CVE-2023-20025 Remote Code Execution Vulnerability
https://securityaffairs.com/141102/hacking/eof-cisco-routers-exposed-rce.html
LastPass Parent Company GoTo (Formerly LogMeIn) Discloses Compromise of Encrypted Customer Information, Some Encryption Keys
https://www.bleepingcomputer.com/news/security/goto-says-hackers-stole-customers-backups-and-encryption-key/
Zoho ManageEngine CVE-2022-47966 Remote Code Execution Flaw Added to CISA Known Exploited Vulnerabilities Catalog
https://securityaffairs.com/141248/security/zoho-manageengine-2022-47966-known-exploited-vulnerabilities-catalog.html
ZeroBot Botnet Poses Growing Risk to IoT Networks As Nations Struggle to Mandate Security Provisions
https://techmonitor.ai/the-age-of-ambient/zerobot-botnet-enterprise-iot
Threat Actor Abusing DNS Settings on Wi-Fi Routers as Part of Wroba Malware Campaign
https://securityaffairs.com/141137/malware/roaming-mantis-wroba-malware.html
Microsoft Announces Intentions to Increase XLL Protection as Part of Greater Anti-Phishing Security Measures
https://www.bleepingcomputer.com/news/microsoft/microsoft-365-to-block-downloaded-excel-xll-add-ins-to-boost-security/
Cyble Releases Ransomware Trends Report for Q4 2022
https://blog.cyble.com/2023/01/24/cybles-q4-2022-ransomware-analysis/

Hand-Picked Top-Read Stories

Weekly Top 10 – 04.22.2024- MITRE breach, Hackers Exploit Fortinet Flaw, UNDP investigates ransomware attack, and More.

Weekly Top 10 – 04.15.2024- Google Bug Bounties, Medusa Ransomware Returns, LG Smart TVs Vulnerable, and More.

Weekly Top 10 – 04.9.2024- XZ Utils Backdoor, Vultur Banking Trojan, New Chrome Features, and More.

Trending Tags

Weekly Top Ten Cybersecurity Stories – 1.27.2023

Previous Post

Building a Foundational Data Classification Strategy

Next Post

Weekly Top Ten Cybersecurity Stories – 2.3.2023

The New Standard of

Cybersecurity
Education

Innovate Cybersecurity Summit

Threat Advisories

Weekly Top 10 – 04.22.2024- MITRE breach, Hackers Exploit Fortinet Flaw, UNDP investigates ransomware attack, and More.

Weekly Top 10 – 04.15.2024- Google Bug Bounties, Medusa Ransomware Returns, LG Smart TVs Vulnerable, and More.

Weekly Top 10 – 04.9.2024- XZ Utils Backdoor, Vultur Banking Trojan, New Chrome Features, and More.

Weekly Top 10 – 04.2.2024- SharePoint and AMD Vulnerabilities, Password Spraying VPN Attacks, Tycoon 2FA, and More.

Weekly Top 10 – 03.25.2024- AI Enhanced Cyber Attacks Rising, Microsoft Warns Taxpayers of Tax Return Phishing Scams, “Fluffy Wolf” Stealer Malware Targets Corporate Environments, and More.

Education

Protecting Microsoft Teams From Data Exfiltration – A Tactical DLP Rule

Anatomy of a Data Breach

OpenAI Cybersecurity Research

Breach Report: Healthcare

Analysis of GalComm Chrome Extension Malware