WEEKLY TOP TEN | APRIL 14, 2023 17:12 GMT
Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:
- Urgent: Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit
https://thehackernews.com/2023/04/urgent-microsoft-issues-patches-for-97.html - Nokoyawa ransomware attacks with Windows zero-day
https://securelist.com/nokoyawa-ransomware-attacks-with-windows-zero-day/109483/ - Microsoft shares guidance to detect BlackLotus UEFI bootkit attacks
https://www.bleepingcomputer.com/news/security/microsoft-shares-guidance-to-detect-blacklotus-uefi-bootkit-attacks/ - Israel-based Spyware Firm QuaDream Targets High-Risk iPhones with Zero-Click Exploit
https://thehackernews.com/2023/04/israel-based-spyware-firm-quadream.html - Newly Discovered “By-Design” Flaw in Microsoft Azure Could Expose Storage Accounts to Hackers
https://thehackernews.com/2023/04/newly-discovered-by-design-flaw-in.html - Kyocera Android app with 1M installs can be abused to drop malware
https://www.bleepingcomputer.com/news/security/kyocera-android-app-with-1m-installs-can-be-abused-to-drop-malware/ - RTM Locker: Emerging Cybercrime Group Targeting Businesses with Ransomware
https://thehackernews.com/2023/04/rtm-locker-emerging-cybercrime-group.html - Legion: New hacktool steals credentials from misconfigured sites
https://www.bleepingcomputer.com/news/security/legion-new-hacktool-steals-credentials-from-misconfigured-sites/ - Recent IcedID (Bokbot) activity
https://isc.sans.edu/diary/Recent+IcedID+Bokbot+activity/29740 - Following the Lazarus group by tracking DeathNote campaign
https://securelist.com/the-lazarus-group-deathnote-campaign/109490/
