Weekly Top Ten Cybersecurity Stories – 2.3.2023 – Innovate Cybersecurity

WEEKLY TOP TEN | FEBRUARY 3, 2023 20:55 GMT

Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:

Security Researchers Release Proof-of-Concept Code for VMWare vRealize CVE-2022-31706 Vulnerability
https://securityaffairs.com/141628/hacking/vmware-vrealize-log-rce-poc-resealed.html
Lexmark Releases Patch for 100+ Printer Models Affected by CVE-2023-23560 Remote Code Execution Vulnerability
https://securityaffairs.com/141428/hacking/lexmark-cve-2023-23560-rce.html
In Wake of Microsoft Security Updates, Threat Actors Turn to OneNote to Deliver Initial Malware
https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Threat Actors Target Popular Password Managers Following LastPass Breach in Latest Wave of Google Malvertising
https://www.malwarebytes.com/blog/threat-intelligence/2023/01/google-sponsored-ads-malvertising-targets-password-manager
North Korean Lazarus Group APT “No Pineapple” Campaign Discovered Targeting Unpatched Zimbra Email Servers
https://thehackernews.com/2023/02/north-korean-hackers-exploit-unpatched.html
HeadCrab Botnet Compromises 1200+ Redis Servers Worldwide via Bespoke Malware
https://thehackernews.com/2023/02/new-threat-stealthy-headcrab-malware.html
Google Fi Discloses Breach of Customer Data and Possibility of SIM Swapping on Affected Accounts
https://www.bleepingcomputer.com/news/security/google-fi-data-breach-let-hackers-carry-out-sim-swap-attacks/
GitHub Revokes Code Signing Certificate for GitHub Desktop and Atom Following Compromise
https://thehackernews.com/2023/01/github-breach-hackers-stole-code.html
Abused Microsoft Partner Network Accounts Used to Deploy Shadow SaaS Rootkits
https://thehackernews.com/2023/02/hackers-abused-microsofts-verified.html
Additional Vulnerabilities Discovered in AMI MegaRAC BMC Software
https://thehackernews.com/2023/02/additional-supply-chain-vulnerabilities.html

Hand-Picked Top-Read Stories

Palo Alto Recommends Urgent Mitigation For Authentication Bypass Vulnerability in PAN-OS

Weekly Top 10: 11.18.2024: Microsoft Exchange Adds Warning to Emails Abusing Spoofing Flaw; Evasive ZIP Concatenation: Trojan Targets Windows Users; Microsoft November 2024 Patch Tuesday Fixes 4 Zero-Days, 89 Flaws, and More.

What Happened To The Internet Archive?

Trending Tags

Weekly Top Ten Cybersecurity Stories – 2.3.2023

Previous Post

Weekly Top Ten Cybersecurity Stories – 1.27.2023

Next Post

Zero Trust Inside and Out

Threat Advisories

Palo Alto Recommends Urgent Mitigation For Authentication Bypass Vulnerability in PAN-OS

Weekly Top 10: 11.18.2024: Microsoft Exchange Adds Warning to Emails Abusing Spoofing Flaw; Evasive ZIP Concatenation: Trojan Targets Windows Users; Microsoft November 2024 Patch Tuesday Fixes 4 Zero-Days, 89 Flaws, and More.

Weekly Top 10: 11.11.2024: Veeam Backup Exploit Used by Frag Ransomware; North Korean Hackers Use macOS Malware to Steal Crypto; Palo Alto PAN-OS May be Vulnerable to RCE, and More.

Weekly Top 10: 11.04.2024: Android Malware ‘FakeCall’ Hijacks Outgoing Calls; PTZ Cameras Being Targeted Using Two Zero-Days; Hacker Group TeamTNT Targets Docker Environments, and More.

Weekly Top 10: 10.28.2024: Severe Flaws in E2EE Cloud Storage Platforms Used by Millions; ClickFix Tactic: The Phantom Meet; Firm Hacked After Accidentally Hiring North Korean Cyber Criminal, and More.

Education

Protecting Microsoft Teams From Data Exfiltration – A Tactical DLP Rule

Anatomy of a Data Breach

OpenAI Cybersecurity Research

Breach Report: Healthcare

Analysis of GalComm Chrome Extension Malware