By security practitioners, for security practitioners novacoast federal | Apex Program | novacoast | about innovate
By security practitioners, for security practitioners

Weekly Top Ten Cybersecurity Stories – 4.15.2022

WEEKLY TOP TEN | APRIL 15, 2022 17:52 GMT

Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:

  1. CISA Adds 10 New CVEs to Known Exploited Vulnerability Catalog
    https://securityaffairs.co/wordpress/130191/hacking/cisa-adds-windows-clfs-driver-privilege-escalation-flaw-to-its-known-exploited-vulnerabilities-catalog.html
  2. VMWare Workspace ONE Receives Patch In Concert With Disclosure That CVE-2022-22954 Is Exploited In-the-Wild
    https://securityaffairs.co/wordpress/130188/hacking/vmware-workspace-one-access-flaw-attacks.html
  3. Apache Releases Security Advisory for Struts 2 Vulnerability
    https://www.cisa.gov/uscert/ncas/current-activity/2022/04/12/apache-releases-security-advisory-struts-2
  4. Flaws in WPA3 Protocol Allow for Potential Compromise of WiFi Password
    https://securereading.com/vulnerabilities-in-wpa3-protocol-allow-attackers-to-steal-wi-fi-password/
  5. Chinese HAFNIUM APT Exploiting Flaw in Scheduled Task Creation to Hide Malware
    https://www.bleepingcomputer.com/news/security/microsoft-new-malware-uses-windows-bug-to-hide-scheduled-tasks/
  6. LockBit Ransomware Group Performed 5+ Month Recon On US Gov Network Before Deploying Ransomware Package
    https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-lurked-in-a-us-gov-network-for-months/
  7. Sandworm APT Utilize INDUSTROYER2 and CADDYWIPER In Targeted Attack on Ukrainian Energy Facilities, Thwarted by ESET, Microsoft, and CERT-UA
    https://securityaffairs.co/wordpress/130123/apt/russia-sandworm-targets-energy-facilities-ukraine.html
  8. ConnectWise Report Suggests that Ransomware Operators Increasingly Target MSPs
    https://securitybrief.co.nz/story/ransomware-hones-in-on-msps-for-bigger-payout-report-finds
  9. Watchguard Decried for Handling of Vulnerability That Allowed CyclopsBlink Botnet to Propagate
    https://www.securityweek.com/cisa-tells-orgs-patch-watchguard-flaw-exploited-months-disclosure
  10. Microsoft Rolling Out Autopatch Feature With Windows Enterprise E3 in July 2022, Aiming to Ensure Timely Patch Management
    https://securityaffairs.co/wordpress/130082/security/microsoft-autopatch-feature-patch-management.html
Previous Post

Wormable RPC Vulnerability Among Several Fixed In April Patch Tuesday

Next Post

Why Scheduled Patch Windows Are Bad Practice

Innovate uses cookies to give you the best online experience. If you continue to use this site, you agree to the use of cookies. Please see our privacy policy for details.