By security practitioners, for security practitioners novacoast federal | Pillr | novacoast | about innovate
By security practitioners, for security practitioners

Weekly Top Ten Cybersecurity Stories – 10.28.2022

WEEKLY TOP TEN | OCTOBER 28, 2022 19:11 GMT

Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:

  1. Newly Discovered Windows Flaw Allows for JavaScript to Bypass Important Mark-of-the-Web Security Features
    https://www.bleepingcomputer.com/news/security/exploited-windows-zero-day-lets-javascript-files-bypass-security-warnings/
  2. Complex Typosquatting Campaign Reaches 200+ Websites, 25+ Brands to Trick Victims into Downloading Malware
    https://www.bleepingcomputer.com/news/security/typosquat-campaign-mimics-27-brands-to-push-windows-android-malware/
  3. VMWare Workspace ONE CVE-2022-22954 Vulnerability in Active Exploitation by Threat Actors
    https://securityaffairs.co/wordpress/137483/hacking/vmware-workspace-one-access-flaw.html
  4. QakBot Abusing Valid Signed Certificate To Infect Networks With Black Basta Ransomware
    https://www.trendmicro.com/en_us/research/22/j/where-is-the-origin-qakbot-uses-valid-code-signing-.html
  5. Emotet Using Self-Unlocking Encrypted RARs to Bypass Defenses
    https://thehackernews.com/2022/10/emotet-botnet-distributing-self.html
  6. “Dormant Colors” Malvertising Campaign Reaches 1M+ Installs on Browsers
    https://securityaffairs.co/wordpress/137587/malware/malicious-chrome-extensions-dormant-colors.html
  7. New “Kiss-a-dog” Cryptojacking Campaign Targeting Docker & Kubernetes Instances
    https://thehackernews.com/2022/10/new-cryptojacking-campaign-targeting.html
  8. SQLite Vulnerability 2022-35737 Allowing for Overflow Atttacks Discovered After 22 Years
    https://securityaffairs.co/wordpress/137629/hacking/cve-2022-35737-sqlite-bug.html
  9. Windows Event Log-centric Flaws “LogCrusher” and “Overlog” Disclosed by Security Researchers
    https://thehackernews.com/2022/10/researchers-detail-windows-event-log.html
  10. Microsoft Pipes Azure AD Identity Protection Alerts to M365 Defender
    https://www.theregister.com/2022/10/26/microsoft_365_identity_protection/
Previous Post

Don’t Get Spooked This Halloween: 5 Ways To Protect Your Business from Cyber Attackers 

Next Post

Weekly Top Ten Cybersecurity Stories – 11.4.2022

Innovate uses cookies to give you the best online experience. If you continue to use this site, you agree to the use of cookies. Please see our privacy policy for details.