Weekly Top Ten Cybersecurity Stories – 12.9.2022 – Innovate Cybersecurity

WEEKLY TOP TEN | DECEMBER 9, 2022 20:12 GMT

Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:

Security Flaws Found in Servers from Major Manufacturers Allow for Remote Code Execution
https://thehackernews.com/2022/12/new-bmc-supply-chain-vulnerabilities.html
CISA Calls for Patching of Google Chrome CVE-2022-4262
https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-patch-exploited-google-chrome-bug-by-dec-26th/
ZeroBot Botnet Exploiting Numerous Hardware Vulnerabilities to Propagate
https://www.fortinet.com/blog/threat-research/zerobot-new-go-based-botnet-campaign-targets-multiple-vulnerabilities
Researchers Successfully Chain Multiple Linux Ubuntu Flaws to Gain Root Privileges
https://securityaffairs.co/wordpress/139209/hacking/three-linux-bugs-full-root-privileges.html
“Bleed You” Campaign Targeting Vulnerable Windows Servers to Deploy Ransomware and Other Malware
https://www.darkreading.com/threat-intelligence/cyber-threat-weak-windows-servers-bleed-you-campaign
RediGo Malware Abusing CVE-2022-0543 to Target Redis Servers
https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html
Multiple Android OEM Signing Keys Leaked and in Active Abuse by Threat Actors
https://www.schneier.com/blog/archives/2022/12/leaked-signing-keys-are-being-used-to-sign-malware.html
Zombinder Darknet Platform Found to Be Packaging Legitimate Android Applications with Malware
https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/
Scarcruft APT Abusing Internet Explorer CVE-2022-41128 Zero Day to Deploy ROKRAT and Other Malware
https://blog.google/threat-analysis-group/internet-explorer-0-day-exploited-by-north-korean-actor-apt37/
Sophos Firewall 19.5 CVE-2022-326 Patched by the Company
https://securityaffairs.co/wordpress/139362/security/sophos-firewall-critical-flaw.html

Hand-Picked Top-Read Stories

Palo Alto Recommends Urgent Mitigation For Authentication Bypass Vulnerability in PAN-OS

Weekly Top 10: 11.18.2024: Microsoft Exchange Adds Warning to Emails Abusing Spoofing Flaw; Evasive ZIP Concatenation: Trojan Targets Windows Users; Microsoft November 2024 Patch Tuesday Fixes 4 Zero-Days, 89 Flaws, and More.

What Happened To The Internet Archive?

Trending Tags

Weekly Top Ten Cybersecurity Stories – 12.9.2022

Previous Post

My Conversation With OpenAI About Cybersecurity

Next Post

Critical Citrix ADC and Gateway Zero-Day Actively Exploited

Threat Advisories

Palo Alto Recommends Urgent Mitigation For Authentication Bypass Vulnerability in PAN-OS

Weekly Top 10: 11.18.2024: Microsoft Exchange Adds Warning to Emails Abusing Spoofing Flaw; Evasive ZIP Concatenation: Trojan Targets Windows Users; Microsoft November 2024 Patch Tuesday Fixes 4 Zero-Days, 89 Flaws, and More.

Weekly Top 10: 11.11.2024: Veeam Backup Exploit Used by Frag Ransomware; North Korean Hackers Use macOS Malware to Steal Crypto; Palo Alto PAN-OS May be Vulnerable to RCE, and More.

Weekly Top 10: 11.04.2024: Android Malware ‘FakeCall’ Hijacks Outgoing Calls; PTZ Cameras Being Targeted Using Two Zero-Days; Hacker Group TeamTNT Targets Docker Environments, and More.

Weekly Top 10: 10.28.2024: Severe Flaws in E2EE Cloud Storage Platforms Used by Millions; ClickFix Tactic: The Phantom Meet; Firm Hacked After Accidentally Hiring North Korean Cyber Criminal, and More.

Education

Protecting Microsoft Teams From Data Exfiltration – A Tactical DLP Rule

Anatomy of a Data Breach

OpenAI Cybersecurity Research

Breach Report: Healthcare

Analysis of GalComm Chrome Extension Malware