Weekly Top Ten Cybersecurity Stories – 2.10.2023 – Innovate Cybersecurity

WEEKLY TOP TEN | FEBRUARY 10, 2023 20:22 GMT

Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:

Royal Ransomware Pivots to Targeting Linux and ESXi, Matching Greater ESXiArgs Campaign
https://blog.cyble.com/2023/02/09 /the-royal-menace-spreads-to-linux-a-deep-dive-into-this-new-ransomware/
Multiple National CERTs Warn of Active ESXi Ransomware Campaign in Progress Abusing CVE-2021-21974
https://securityaffairs .com/141804/cyber-crime/vmware-esxi-ransomware.html
OpenSSH Patches CVE-2023-25136 Arbitrary Code Execution Vulnerability
https://securityaffairs.com/141907/hacking/openssh-pre-auth-double-free-bug.html
OpenSSL Patches Multiple Vulnerabilities, Several Allowing for RCE
https://thehackernews.com/2023/02/openssl-fixes-multiple-new-security.html
BYOVD for Sunlogin Abused to Deploy Sliver Cobalt Strike-alternative
https://thehackernews.com/2023/02/hackers-exploit-vulnerabilities-in.html
Threat Actors Leverage Longer Time-to-Infect, Better Information and Management Relationships to Craft Increasingly Convincing Spearphishing Emails
https://www.zdnet.com/article/theres-been-a-big-rise-in-phishing-attacks-this-one-worked/#ftag=RSSbaffb68
New Vulnerabilities Discovered Affecting Industrial Internet of Things (IIOT)
https://thehackernews.com/2023/02/critical-infrastructure-at-risk-from.html
CISA Adds Multiple Vulnerabilities Related to SugarCRM and Oracle to the Known Exploited Vulnerabilities Catalog
https://securityaffairs.com/141838/security/oracle-sugarcrm-known-exploited-vulnerabilities-catalog.html
Multi-purpose Linux-centric Medusa Botnet Found Deploying via Mirai Botnet Infrastructure
https://blog.cyble.com/2023/02/03/new-medusa-botnet-emerging-via-mirai-botnet-targeting-linux-users/
Cl0p Linux-variant Ransomware Found to Have Reversible Encryption Scheme
https://thehackernews.com/2023/02/linux-variant-of-clop-ransomware.html

Hand-Picked Top-Read Stories

Palo Alto Recommends Urgent Mitigation For Authentication Bypass Vulnerability in PAN-OS

Weekly Top 10: 11.18.2024: Microsoft Exchange Adds Warning to Emails Abusing Spoofing Flaw; Evasive ZIP Concatenation: Trojan Targets Windows Users; Microsoft November 2024 Patch Tuesday Fixes 4 Zero-Days, 89 Flaws, and More.

What Happened To The Internet Archive?

Trending Tags

Weekly Top Ten Cybersecurity Stories – 2.10.2023

Previous Post

Zero Trust Inside and Out

Next Post

Roundup—The Rundown On 7 Recent High-Profile Data Breaches

Threat Advisories

Palo Alto Recommends Urgent Mitigation For Authentication Bypass Vulnerability in PAN-OS

Weekly Top 10: 11.18.2024: Microsoft Exchange Adds Warning to Emails Abusing Spoofing Flaw; Evasive ZIP Concatenation: Trojan Targets Windows Users; Microsoft November 2024 Patch Tuesday Fixes 4 Zero-Days, 89 Flaws, and More.

Weekly Top 10: 11.11.2024: Veeam Backup Exploit Used by Frag Ransomware; North Korean Hackers Use macOS Malware to Steal Crypto; Palo Alto PAN-OS May be Vulnerable to RCE, and More.

Weekly Top 10: 11.04.2024: Android Malware ‘FakeCall’ Hijacks Outgoing Calls; PTZ Cameras Being Targeted Using Two Zero-Days; Hacker Group TeamTNT Targets Docker Environments, and More.

Weekly Top 10: 10.28.2024: Severe Flaws in E2EE Cloud Storage Platforms Used by Millions; ClickFix Tactic: The Phantom Meet; Firm Hacked After Accidentally Hiring North Korean Cyber Criminal, and More.

Education

Protecting Microsoft Teams From Data Exfiltration – A Tactical DLP Rule

Anatomy of a Data Breach

OpenAI Cybersecurity Research

Breach Report: Healthcare

Analysis of GalComm Chrome Extension Malware