Weekly Top Ten Cybersecurity Stories – 12.16.2022

WEEKLY TOP TEN | DECEMBER 16, 2022 15:26 GMT

1. New SQL Injection Techniques Discovered Capable of Bypassing Web Application Firewalls
   https://www.csoonline.com/article/3682770/json-based-sql-injection-attacks-trigger-need-to-update-web-application-firewalls.html
2. SPNEGO CVE-2022-37958 Reclassified to Higher “Critical” Status After Remote Code Execution (RCE) Exploit Discovered
   https://thehackernews.com/2022/12/microsoft-reclassifies-spnego-extended.html
3. NSA Calls for Companies to Patch CVE-2022-27518 Affecting Citrix ADC and Gateway
   https://securityaffairs.co/wordpress/139609/apt/citrix-adc-gateway-cve-2022-27518.html
4. Microsoft Hardware Developer Program Signs Several Malicious Drivers Used by Ransomware Actors
   https://thehackernews.com/2022/12/ransomware-attackers-use-microsoft.html
5. Threat Actors Leveraging FIFA World Cup for Multiple Phishing Campaigns
   https://blog.cyble.com/2022/12/09/threat-actors-targeting-fans-amid-fifa-world-cup-fever/
6. QBot Campaign Using HTML Smuggling via SVG Images to Infect Computers
   https://securityaffairs.co/wordpress/139658/cyber-crime/qbot-html-smuggling-svg.html
7. Typosquatting Campaign Continuing to Target Python & Javascript Developers w/ Ransomware-laced PyPI Packages
   https://www.securityweek.com/python-javascript-developers-targeted-fake-packages-delivering-ransomware
8. Researchers Discover Method to Force Several Popular EDR and AV Software to Wipe Data
   https://www.bleepingcomputer.com/news/security/antivirus-and-edr-solutions-tricked-into-acting-as-data-wipers/
9. Microsoft December Patch Tuesday Can Cause Issues with Hyper-V Virtual Machines
   https://www.bleepingcomputer.com/news/microsoft/microsoft-december-windows-server-updates-break-hyper-v-vm-creation/
10. Fortinet Patches CVE-2022-42475 Arbitrary Code Execution Vuln Affecting FortiOS SSL-VPN
    https://securityaffairs.co/wordpress/139569/hacking/fortinet-fortios-ssl-vpn-bug.html