Weekly Top Ten Cybersecurity Stories – 12.9.2022

WEEKLY TOP TEN | DECEMBER 9, 2022 20:12 GMT

1. Security Flaws Found in Servers from Major Manufacturers Allow for Remote Code Execution
   https://thehackernews.com/2022/12/new-bmc-supply-chain-vulnerabilities.html
2. CISA Calls for Patching of Google Chrome CVE-2022-4262
   https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-patch-exploited-google-chrome-bug-by-dec-26th/
3. ZeroBot Botnet Exploiting Numerous Hardware Vulnerabilities to Propagate
   https://www.fortinet.com/blog/threat-research/zerobot-new-go-based-botnet-campaign-targets-multiple-vulnerabilities
4. Researchers Successfully Chain Multiple Linux Ubuntu Flaws to Gain Root Privileges
   https://securityaffairs.co/wordpress/139209/hacking/three-linux-bugs-full-root-privileges.html
5. “Bleed You” Campaign Targeting Vulnerable Windows Servers to Deploy Ransomware and Other Malware
   https://www.darkreading.com/threat-intelligence/cyber-threat-weak-windows-servers-bleed-you-campaign
6. RediGo Malware Abusing CVE-2022-0543 to Target Redis Servers
   https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html
7. Multiple Android OEM Signing Keys Leaked and in Active Abuse by Threat Actors
   https://www.schneier.com/blog/archives/2022/12/leaked-signing-keys-are-being-used-to-sign-malware.html
8. Zombinder Darknet Platform Found to Be Packaging Legitimate Android Applications with Malware
   https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/
9. Scarcruft APT Abusing Internet Explorer CVE-2022-41128 Zero Day to Deploy ROKRAT and Other Malware
   https://blog.google/threat-analysis-group/internet-explorer-0-day-exploited-by-north-korean-actor-apt37/
10. Sophos Firewall 19.5 CVE-2022-326 Patched by the Company
    https://securityaffairs.co/wordpress/139362/security/sophos-firewall-critical-flaw.html