Weekly Top Ten Cybersecurity Stories – 12.2.2022

WEEKLY TOP TEN | DECEMBER 2, 2022 20:55 GMT

1. Organizations at Risk Due to Active Exploitation of Fortinet CVE-2022-40684
   https://blog.cyble.com/2022/11/24/multiple-organisations-compromised-by-critical-authentication-bypass-vulnerability-in-fortinet-products-cve-2022-40684/
2. CISA Adds Oracle Fusion MIddleware CVE-2021-35587 to Known Exploited Vulnerability Database
   https://thehackernews.com/2022/11/cisa-warns-of-actively-exploited.html
3. GoTo, Formely LogMeIn, Discloses Breach of its Development Environment and Cloud Storage
   https://www.bleepingcomputer.com/news/security/goto-says-hackers-breached-its-dev-environment-cloud-storage/
4. LastPass Reports Secondary Breach Following Earlier August 2022 Attack
   https://securityaffairs.co/wordpress/139136/data-breach/lastpass-second-security-breach.html
5. Microsoft Warns of LSASS Leaks Following November Patch Tuesday Causing Potential Domain Controller Freezes
   https://www.bleepingcomputer.com/news/microsoft/new-windows-server-updates-cause-domain-controller-freezes-restarts/
6. Researchers Discover Way to Bypass Vulnerability Detection via Specially Crafted NPM Libraries
   https://thehackernews.com/2022/11/researchers-find-way-malicious-npm.html
7. Cybercriminals Using FIFA World Cup as Cover for Updated Phishing Campaigns
   https://www.scmagazine.com/news/cybercrime/cybercriminals-look-to-exploit-sports-fans-with-world-cup-themed-attacks
8. Several Dell, HP, and Lenovo Devices Found to be Using Outdated and Insecure OpenSSL Libraries
   https://securityaffairs.co/wordpress/138986/security/dell-hp-lenovo-openssl-outdated.html
9. US FCC Bans Importation of Electronics from Several Chinese Companies
   https://securityaffairs.co/wordpress/138998/breaking-news/fcc-bans-import-chinese-equipment.html
10. Amazon AWS Patches Privilege Escalation Flaw in its Codebase
    https://securityaffairs.co/wordpress/139045/hacking/amazon-web-services-flaw.html