Weekly Top Ten Cybersecurity Stories – 11.4.2022 – Innovate Cybersecurity

WEEKLY TOP TEN | NOVEMBER 4, 2022 15:53 GMT

Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:

SocGholish Threat Actor Compromises Hundreds of News Sites After Supply Chain Attack
https://www.bleepingcomputer.com/news/security/hundreds-of-us-news-sites-push-malware-in-supply-chain-attack/
Security Researcher Releases Patch for Abused Microsoft Mark-of-the-Web Vulnerability
https://thehackernews.com/2022/10/unofficial-patch-released-for-new.html
Emotet Botnet Activity on the Rise After Multi-month Pause
https://www.bleepingcomputer.com/news/security/emotet-botnet-starts-blasting-malware-again-after-5-month-break/
GIMP-Impersonating Website Advertised by Google Until Recently
https://www.bleepingcomputer.com/news/security/google-ad-for-gimporg-served-info-stealing-malware-via-lookalike-site/
VMware Discloses that High Severity CVE-2021-39144 Has Available Proof-of-Concept Code
https://securityaffairs.co/wordpress/137912/security/vmware-cve-2021-39144-exploit.html
W4SP InfoStealer Found in 30+ High Use PyPI Python Registries
https://www.bleepingcomputer.com/news/security/dozens-of-pypi-packages-caught-dropping-w4sp-info-stealing-malware/
Azov Malware Resembles Ransomware But Only Encrypts Data Instead
https://www.bleepingcomputer.com/news/security/new-azov-data-wiper-tries-to-frame-researchers-and-bleepingcomputer/
Cranefly Hacking Group Using Novel IIS Log Method to Perform C2
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cranefly-new-tools-technique-geppei-danfuan
TikTok Discloses Ability for Employees to View Data of European Users
https://thehackernews.com/2022/11/new-tiktok-privacy-policy-confirms.html
CISA Releases Guidance to Harden Against Phishing and MFA Subversion
https://www.cisa.gov/uscert/ncas/current-activity/2022/10/31/cisa-releases-guidance-phishing-resistant-and-numbers-matching

Hand-Picked Top-Read Stories

What Makes a Good Password?

Weekly Top 10: 10.27.2025: Medusa Ransomware Leaks Claimed 834 GB After $1.2m Demand; Toolshell’ Exploitation Campaign Hits Multiple Sectors; E-Business Suite SSRF Zero-Day Actively Exploited, and More.

Tamika Bass On Being Intentional: Acknowledging Mental Health In Cybersecurity

Trending Tags

Weekly Top Ten Cybersecurity Stories – 11.4.2022

Previous Post

Weekly Top Ten Cybersecurity Stories – 10.28.2022

Next Post

Weekly Top Ten Cybersecurity Stories – 11.11.2022

2025

Threat Advisories

Weekly Top 10: 10.27.2025: Medusa Ransomware Leaks Claimed 834 GB After $1.2m Demand; Toolshell’ Exploitation Campaign Hits Multiple Sectors; E-Business Suite SSRF Zero-Day Actively Exploited, and More.

Weekly Top 10: 10.20.2025: Microsoft Revokes 200+ Certs Used in Fake Teams Installers; Chinese Apt ‘Jewelbug’ Hit Russian It Services Firm; CISA ICS Advisory: Hitachi Energy MACH GWS, and More.

Weekly Top 10: 10.13.2025: Ransomware Arrests Tied to Kido Education Attack; Discord Confirms 70,000 Users’ ID Photos Exposed; Azure Outage Tied to Kubernetes Crash at Microsoft Front Door, and More.

Weekly Top 10: 10.06.2025: Hackers Launch Extortion Campaign Targeting Oracle E-Business Suite Customers; GreyNoise Detects 500% Surge in Scans Targeting Palo Alto Networks Portals; Ransomware Gang Sought BBC Reporter’s Help, and More.

Weekly Top 10: 09.29.2025: Emergency Directive on Cisco ASA/FTD Zero-Days; Cloudflare Mitigates 22.2 Tbps DDoS; Workforce PII Stolen in Supplier Ransomware Breach, and More.

Education

Protecting Microsoft Teams From Data Exfiltration – A Tactical DLP Rule

Anatomy of a Data Breach

OpenAI Cybersecurity Research

Breach Report: Healthcare

Analysis of GalComm Chrome Extension Malware