WEEKLY TOP TEN | OCTOBER 21, 2022 13:01 GMT
Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:
- Apache Commons Text CVE-2022-42889 Disclosed w/ Working Proof of Concept Code
https://www.zscaler.com/blogs/security-research/security-advisory-apache-commons-text-remote-code-execution-vulnerability - Zimbra CVE-2022-41352 Seeing Active Exploitation by Threat Actors
https://securityaffairs.co/wordpress/137164/apt/zimbra-cve-2022-41352-exploitation.html - Venus Ransomware Operators Exploiting Open RDP to Deploy Payloads
https://www.bleepingcomputer.com/news/security/venus-ransomware-targets-publicly-exposed-remote-desktop-services/ - Qakbot Malware Now Deploying Cobalt Strike Alternative Brute Ratel, Black Basta Ransomware
https://thehackernews.com/2022/10/black-basta-ransomware-hackers.html - UEFI-centric Rootkit “BlackLotus” on Sale on Cybercrime Forums
https://securityaffairs.co/wordpress/137252/malware/black-lotus-uefi-rootkit.html - Ursnif Banking Trojan Pivots to General Purpose Approach, Signals Possibility of Info Theft & Ransomware
https://www.mandiant.com/resources/blog/rm3-ldr4-ursnif-banking-fraud - Security Researchers Discover PowerShell Backdoor Masquerading as Windows Updater
https://www.safebreach.com/resources/blog/safebreach-labs-researchers-uncover-new-fully-undetectable-powershell-backdoor/ - Newly Discovered “Alchimist” Attack Framework Found to be Targeting Mac, Windows, and Linux Networks
https://thehackernews.com/2022/10/new-chinese-malware-attack-framework.html - RansomCartel Ransomware Possibly Linked to REvil Ransomware Group
https://unit42.paloaltonetworks.com/ransom-cartel-ransomware/ - CISA Releases Open Source Tool for Recognizing Malware C2 Traffic via logs
https://www.bleepingcomputer.com/news/security/cisa-releases-open-source-redeye-c2-log-visualization-tool/