Weekly Top Ten Cybersecurity Stories – 4.15.2022 – Innovate Cybersecurity

WEEKLY TOP TEN | APRIL 15, 2022 17:52 GMT

Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:

CISA Adds 10 New CVEs to Known Exploited Vulnerability Catalog
https://securityaffairs.co/wordpress/130191/hacking/cisa-adds-windows-clfs-driver-privilege-escalation-flaw-to-its-known-exploited-vulnerabilities-catalog.html
VMWare Workspace ONE Receives Patch In Concert With Disclosure That CVE-2022-22954 Is Exploited In-the-Wild
https://securityaffairs.co/wordpress/130188/hacking/vmware-workspace-one-access-flaw-attacks.html
Apache Releases Security Advisory for Struts 2 Vulnerability
https://www.cisa.gov/uscert/ncas/current-activity/2022/04/12/apache-releases-security-advisory-struts-2
Flaws in WPA3 Protocol Allow for Potential Compromise of WiFi Password
https://securereading.com/vulnerabilities-in-wpa3-protocol-allow-attackers-to-steal-wi-fi-password/
Chinese HAFNIUM APT Exploiting Flaw in Scheduled Task Creation to Hide Malware
https://www.bleepingcomputer.com/news/security/microsoft-new-malware-uses-windows-bug-to-hide-scheduled-tasks/
LockBit Ransomware Group Performed 5+ Month Recon On US Gov Network Before Deploying Ransomware Package
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-lurked-in-a-us-gov-network-for-months/
Sandworm APT Utilize INDUSTROYER2 and CADDYWIPER In Targeted Attack on Ukrainian Energy Facilities, Thwarted by ESET, Microsoft, and CERT-UA
https://securityaffairs.co/wordpress/130123/apt/russia-sandworm-targets-energy-facilities-ukraine.html
ConnectWise Report Suggests that Ransomware Operators Increasingly Target MSPs
https://securitybrief.co.nz/story/ransomware-hones-in-on-msps-for-bigger-payout-report-finds
Watchguard Decried for Handling of Vulnerability That Allowed CyclopsBlink Botnet to Propagate
https://www.securityweek.com/cisa-tells-orgs-patch-watchguard-flaw-exploited-months-disclosure
Microsoft Rolling Out Autopatch Feature With Windows Enterprise E3 in July 2022, Aiming to Ensure Timely Patch Management
https://securityaffairs.co/wordpress/130082/security/microsoft-autopatch-feature-patch-management.html

Hand-Picked Top-Read Stories

Weekly Top 10 – 04.22.2024- MITRE breach, Hackers Exploit Fortinet Flaw, UNDP investigates ransomware attack, and More.

Weekly Top 10 – 04.15.2024- Google Bug Bounties, Medusa Ransomware Returns, LG Smart TVs Vulnerable, and More.

Weekly Top 10 – 04.9.2024- XZ Utils Backdoor, Vultur Banking Trojan, New Chrome Features, and More.

Trending Tags

Weekly Top Ten Cybersecurity Stories – 4.15.2022

Previous Post

Wormable RPC Vulnerability Among Several Fixed In April Patch Tuesday

Next Post

Why Scheduled Patch Windows Are Bad Practice

The New Standard of

Cybersecurity
Education

Innovate Cybersecurity Summit

Threat Advisories

Weekly Top 10 – 04.22.2024- MITRE breach, Hackers Exploit Fortinet Flaw, UNDP investigates ransomware attack, and More.

Weekly Top 10 – 04.15.2024- Google Bug Bounties, Medusa Ransomware Returns, LG Smart TVs Vulnerable, and More.

Weekly Top 10 – 04.9.2024- XZ Utils Backdoor, Vultur Banking Trojan, New Chrome Features, and More.

Weekly Top 10 – 04.2.2024- SharePoint and AMD Vulnerabilities, Password Spraying VPN Attacks, Tycoon 2FA, and More.

Weekly Top 10 – 03.25.2024- AI Enhanced Cyber Attacks Rising, Microsoft Warns Taxpayers of Tax Return Phishing Scams, “Fluffy Wolf” Stealer Malware Targets Corporate Environments, and More.

Education

Protecting Microsoft Teams From Data Exfiltration – A Tactical DLP Rule

Anatomy of a Data Breach

OpenAI Cybersecurity Research

Breach Report: Healthcare

Analysis of GalComm Chrome Extension Malware