By security practitioners, for security practitioners novacoast federal | Apex Program | novacoast | about innovate
By security practitioners, for security practitioners

Weekly Top Ten Cybersecurity Stories – 1.27.2023

WEEKLY TOP TEN | JANUARY 27, 2023 19:30 GMT

Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:

  1. Threat Actors Pivot Towards OneNote Attachments to Deploy Initial Access Malware, Echoing Former Malicious Document Strategies
    https://www.bleepingcomputer.com/news/security/hackers-now-use-microsoft-onenote-attachments-to-spread-malware/
  2. CISA Releases Guidelines to Secure Networks Against Remote Management Software Abuse in Wake of Federal Agency Breaches By RMM
    https://thehackernews.com/2023/01/us-federal-agencies-fall-victim-to.html
  3. Researchers Release Proof of Concept Code Exploiting Windows CryptoAPI CVE-2022-34689 Allowing MD5 Certificate Collision Attacks
    https://www.bleepingcomputer.com/news/security/exploit-released-for-critical-windows-cryptoapi-spoofing-bug/
  4. Cisco Warns Multiple End-of-Life Routers Vulnerable to CVE-2023-20025 Remote Code Execution Vulnerability
    https://securityaffairs.com/141102/hacking/eof-cisco-routers-exposed-rce.html
  5. LastPass Parent Company GoTo (Formerly LogMeIn) Discloses Compromise of Encrypted Customer Information, Some Encryption Keys
    https://www.bleepingcomputer.com/news/security/goto-says-hackers-stole-customers-backups-and-encryption-key/
  6. Zoho ManageEngine CVE-2022-47966 Remote Code Execution Flaw Added to CISA Known Exploited Vulnerabilities Catalog
    https://securityaffairs.com/141248/security/zoho-manageengine-2022-47966-known-exploited-vulnerabilities-catalog.html
  7. ZeroBot Botnet Poses Growing Risk to IoT Networks As Nations Struggle to Mandate Security Provisions
    https://techmonitor.ai/the-age-of-ambient/zerobot-botnet-enterprise-iot
  8. Threat Actor Abusing DNS Settings on Wi-Fi Routers as Part of Wroba Malware Campaign
    https://securityaffairs.com/141137/malware/roaming-mantis-wroba-malware.html
  9. Microsoft Announces Intentions to Increase XLL Protection as Part of Greater Anti-Phishing Security Measures
    https://www.bleepingcomputer.com/news/microsoft/microsoft-365-to-block-downloaded-excel-xll-add-ins-to-boost-security/
  10. Cyble Releases Ransomware Trends Report for Q4 2022
    https://blog.cyble.com/2023/01/24/cybles-q4-2022-ransomware-analysis/
Previous Post

Building a Foundational Data Classification Strategy

Next Post

Weekly Top Ten Cybersecurity Stories – 2.3.2023

Innovate uses cookies to give you the best online experience. If you continue to use this site, you agree to the use of cookies. Please see our privacy policy for details.