WEEKLY TOP TEN | OCTOBER 14, 2022 20:35 GMT
Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:
- ”Caffeine” Phishing-as-a-Service Toolkit Presages Uptick in Higher Complexity Phishing Attacks
https://thehackernews.com/2022/10/researchers-warn-of-new-phishing-as.html - Javascript VM2 Sandbox Vulnerability CVE-2022-36067 Allowing for Sandbox Escape Discovered by Researchers
https://thehackernews.com/2022/10/researchers-detail-critical-rce-flaw.html - Unpatched VMware CVE-2021-22048 Privilege Escalation Vulnerability Remains Unpatched
https://securityaffairs.co/wordpress/136979/hacking/vmware-unpatched-cve-2021-22048.html - Fortinet Patches Critical CVE-2022-40684 Affecting Its Firewall and Proxy Products
https://securityaffairs.co/wordpress/136786/security/fortinet-critical-flaw.html - Zimbra Collaboration Suite CVE-2022-41352 Remote Code Execution Vulnerability Disclosed by Security Researchers
https://securityaffairs.co/wordpress/136800/hacking/zimbra-collaboration-suite-rce.html - Pro-Russia “Killnet” Hacktivist Group Stages DDoS Attacks on American Airports
https://securityaffairs.co/wordpress/136894/hacktivism/killnet-targets-us-airports.html - QBot Phishing Campaign Pivots Towards Corporate Users
https://www.securityweek.com/qbot-malware-infects-over-800-corporate-users-new-ongoing-campaign - Emotet Botnet Shifts Gears in Tactics, Focusing Increasingly on LOLBINs and Defense Evasion Techniques
https://thehackernews.com/2022/10/new-report-uncovers-emotets-delivery.html - CISA Releases Report on Most-Exploited Vulnerabilities by Chinese APTs
https://www.cisa.gov/uscert/ncas/alerts/aa22-279a - Researchers Coin “Hyperjacking” Term for Malware Affecting Hypervisors
https://www.makeuseof.com/what-is-hyperjacking-attack/