By security practitioners, for security practitioners innovate | novacoast federal | novaSOC | novacoast
By security practitioners, for security practitioners

Weekly Top Ten Cybersecurity Stories – 4.29.2022

WEEKLY TOP TEN | APRIL 29, 2022 16:05 GMT

Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:

  1. Microsoft Discloses Nimbuspwn Vulnerability Affecting Linux Allowing for Privilege Escalation
    https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/
  2. Security Researcher Discloses Proof-of-Concept Exploit for Java Signature Bypass Vulnerability
    https://securityaffairs.co/wordpress/130522/security/poc-java-vulnerability-cve-2022-21449.html
  3. Bumblebee Malware Loader Appears to Replace BazarLoader For CyberAttacks
    https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-replaces-contis-bazarloader-in-cyberattacks/
  4. Iranian APT35 Exploits CVE-2022-22954 Affecting VMWare Workspace ONE to Deploy Malware
    https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-vmware-rce-flaw-to-install-backdoors/
  5. Onyx Ransomware Destroying Files Instead of Just Encrypting Them
    https://www.bleepingcomputer.com/news/security/beware-onyx-ransomware-destroys-files-instead-of-encrypting-them/
  6. DFIR Report Analyzes Quantum Ransomware and Notes Less Than 4 Hours to Encryption
    https://thedfirreport.com/2022/04/25/quantum-ransomware/
  7. CISA Releases 2021 List of Top 15 Exploited Vulnerabilities
    https://www.cisa.gov/uscert/ncas/alerts/aa22-117a
  8. VirusTotal Flaw Patched Allowing For Remote Code Execution and Reverse Shell Access to Security Vendor Products
    https://www.itnews.com.au/news/googles-virustotal-service-vulnerable-for-over-eight-months-579170
  9. Microsoft Details Russian Actions in Lead-up to Ukraine Invasion
    https://blogs.microsoft.com/on-the-issues/2022/04/27/hybrid-war-ukraine-russia-cyberattacks/
  10. FBI Releases Indicators of Compromise Associated with BlackCat/ALPHV Ransomware
    https://www.cisa.gov/uscert/ncas/current-activity/2022/04/22/fbi-releases-iocs-associated-blackcatalphv-ransomware
Previous Post

The Return of Emotet Malware

Next Post

Pen Test Postmortem: How To Get Owned

Innovate uses cookies to give you the best online experience. If you continue to use this site, you agree to the use of cookies. Please see our privacy policy for details.