Weekly Top Ten Cybersecurity Stories – 11.4.2022 – Innovate Cybersecurity

WEEKLY TOP TEN | NOVEMBER 4, 2022 15:53 GMT

Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:

SocGholish Threat Actor Compromises Hundreds of News Sites After Supply Chain Attack
https://www.bleepingcomputer.com/news/security/hundreds-of-us-news-sites-push-malware-in-supply-chain-attack/
Security Researcher Releases Patch for Abused Microsoft Mark-of-the-Web Vulnerability
https://thehackernews.com/2022/10/unofficial-patch-released-for-new.html
Emotet Botnet Activity on the Rise After Multi-month Pause
https://www.bleepingcomputer.com/news/security/emotet-botnet-starts-blasting-malware-again-after-5-month-break/
GIMP-Impersonating Website Advertised by Google Until Recently
https://www.bleepingcomputer.com/news/security/google-ad-for-gimporg-served-info-stealing-malware-via-lookalike-site/
VMware Discloses that High Severity CVE-2021-39144 Has Available Proof-of-Concept Code
https://securityaffairs.co/wordpress/137912/security/vmware-cve-2021-39144-exploit.html
W4SP InfoStealer Found in 30+ High Use PyPI Python Registries
https://www.bleepingcomputer.com/news/security/dozens-of-pypi-packages-caught-dropping-w4sp-info-stealing-malware/
Azov Malware Resembles Ransomware But Only Encrypts Data Instead
https://www.bleepingcomputer.com/news/security/new-azov-data-wiper-tries-to-frame-researchers-and-bleepingcomputer/
Cranefly Hacking Group Using Novel IIS Log Method to Perform C2
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cranefly-new-tools-technique-geppei-danfuan
TikTok Discloses Ability for Employees to View Data of European Users
https://thehackernews.com/2022/11/new-tiktok-privacy-policy-confirms.html
CISA Releases Guidance to Harden Against Phishing and MFA Subversion
https://www.cisa.gov/uscert/ncas/current-activity/2022/10/31/cisa-releases-guidance-phishing-resistant-and-numbers-matching

Hand-Picked Top-Read Stories

Palo Alto Recommends Urgent Mitigation For Authentication Bypass Vulnerability in PAN-OS

Weekly Top 10: 11.18.2024: Microsoft Exchange Adds Warning to Emails Abusing Spoofing Flaw; Evasive ZIP Concatenation: Trojan Targets Windows Users; Microsoft November 2024 Patch Tuesday Fixes 4 Zero-Days, 89 Flaws, and More.

What Happened To The Internet Archive?

Trending Tags

Weekly Top Ten Cybersecurity Stories – 11.4.2022

Previous Post

Weekly Top Ten Cybersecurity Stories – 10.28.2022

Next Post

Weekly Top Ten Cybersecurity Stories – 11.11.2022

Threat Advisories

Palo Alto Recommends Urgent Mitigation For Authentication Bypass Vulnerability in PAN-OS

Weekly Top 10: 11.18.2024: Microsoft Exchange Adds Warning to Emails Abusing Spoofing Flaw; Evasive ZIP Concatenation: Trojan Targets Windows Users; Microsoft November 2024 Patch Tuesday Fixes 4 Zero-Days, 89 Flaws, and More.

Weekly Top 10: 11.11.2024: Veeam Backup Exploit Used by Frag Ransomware; North Korean Hackers Use macOS Malware to Steal Crypto; Palo Alto PAN-OS May be Vulnerable to RCE, and More.

Weekly Top 10: 11.04.2024: Android Malware ‘FakeCall’ Hijacks Outgoing Calls; PTZ Cameras Being Targeted Using Two Zero-Days; Hacker Group TeamTNT Targets Docker Environments, and More.

Weekly Top 10: 10.28.2024: Severe Flaws in E2EE Cloud Storage Platforms Used by Millions; ClickFix Tactic: The Phantom Meet; Firm Hacked After Accidentally Hiring North Korean Cyber Criminal, and More.

Education

Protecting Microsoft Teams From Data Exfiltration – A Tactical DLP Rule

Anatomy of a Data Breach

OpenAI Cybersecurity Research

Breach Report: Healthcare

Analysis of GalComm Chrome Extension Malware