Weekly Top Ten Cybersecurity Stories – 5.12.2023 – Innovate Cybersecurity

WEEKLY TOP TEN | MAY 12, 2023 17:47 GMT

Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:

Hunting Russian Intelligence “Snake” Malware
https://media.defense.gov/2023/May/09/2003218554/-1/-1/1/JOINT_CSA_HUNTING_RU_INTEL_SNAKE_MALWARE_20230509.PDF
Millions of mobile phones come pre-infected with malware
https://www.theregister.com/2023/05/11/bh_asia_mobile_phones/
Microsoft issues optional fix for Secure Boot zero-day used by malware
(1) https://www.bleepingcomputer.com/news/microsoft/microsoft-issues-optional-fix-for-secure-boot-zero-day-used-by-malware/
(2) https://msrc.microsoft.com/blog/2023/05/guidance-related-to-secure-boot-manager-changes-associated-with-cve-2023-24932/
From One Vulnerability to Another: Outlook Patch Analysis Reveals Important Flaw in Windows API
https://www.akamai.com/blog/security-research/important-outlook-vulnerability-bypass-windows-api
Fake system update drops Aurora stealer via Invalid Printer loader
https://www.malwarebytes.com/blog/threat-intelligence/2023/05/fake-system-update-drops-new-highly-evasive-loader
Experts Detail New Zero-Click Windows Vulnerability for NTLM Credential Theft
https://thehackernews.com/2023/05/experts-detail-new-zero-click-windows.html
Hypervisor Ransomware | Multiple Threat Actor Groups Hop on Leaked Babuk Code to Build ESXi Lockers
https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/
New features and updates to improve online safety Google brings dark web monitoring to all U.S. Gmail users
https://blog.google/technology/safety-security/online-safety-features-updates-google-io-2023/
QR codes used in fake parking tickets, surveys to steal your money
https://www.bleepingcomputer.com/news/security/qr-codes-used-in-fake-parking-tickets-surveys-to-steal-your-money/
MSI Data Breach: Private Code Signing Keys Leaked on the Dark Web
https://thehackernews.com/2023/05/msi-data-breach-private-code-signing.html

Hand-Picked Top-Read Stories

Weekly Top 10 – 04.15.2024- Google Bug Bounties, Medusa Ransomware Returns, LG Smart TVs Vulnerable, and More.

Weekly Top 10 – 04.9.2024- XZ Utils Backdoor, Vultur Banking Trojan, New Chrome Features, and More.

Weekly Top 10 – 04.2.2024- SharePoint and AMD Vulnerabilities, Password Spraying VPN Attacks, Tycoon 2FA, and More.

Trending Tags

Weekly Top Ten Cybersecurity Stories – 5.12.2023

Previous Post

Weekly Top Ten Cybersecurity Stories – 5.5.2023

Next Post

Weekly Top Ten Cybersecurity Stories – 5.19.2023

The New Standard of

Cybersecurity
Education

Innovate Cybersecurity Summit

Threat Advisories

Weekly Top 10 – 04.15.2024- Google Bug Bounties, Medusa Ransomware Returns, LG Smart TVs Vulnerable, and More.

Weekly Top 10 – 04.9.2024- XZ Utils Backdoor, Vultur Banking Trojan, New Chrome Features, and More.

Weekly Top 10 – 04.2.2024- SharePoint and AMD Vulnerabilities, Password Spraying VPN Attacks, Tycoon 2FA, and More.

Weekly Top 10 – 03.25.2024- AI Enhanced Cyber Attacks Rising, Microsoft Warns Taxpayers of Tax Return Phishing Scams, “Fluffy Wolf” Stealer Malware Targets Corporate Environments, and More.

Windows Server Updates Blamed For Domain Controller Crashes

Education

Protecting Microsoft Teams From Data Exfiltration – A Tactical DLP Rule

Anatomy of a Data Breach

OpenAI Cybersecurity Research

Breach Report: Healthcare

Analysis of GalComm Chrome Extension Malware