Weekly Top Ten Cybersecurity Stories – 5.20.2022 – Innovate Cybersecurity

WEEKLY TOP TEN | MAY 20, 2022 14:00 GMT

Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:

CISA Orders Emergency Patch of VMWare CVE-2022-22972 and 22973
https://securityaffairs.co/wordpress/131436/security/cisa-orders-federal-agencies-to-vmware-flaws.html
CISA Removes CVE-2022-26925 From Catalog After Discovering Flaw in Domain Controller Installations
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/13/cisa-temporarily-removes-cve-2022-26925-known-exploited
CISA Discloses Routinely Exploited Threat Actor Initial Access Techniques
https://www.cisa.gov/uscert/ncas/alerts/aa22-137a
Security Researchers Discover Flaw in Bluetooth Physical Architecture Allowing for Compromise Even if Turned Off
https://securityaffairs.co/wordpress/131336/hacking/malware-execution-iphone-turned-off.html
Microsoft Warns Sysrv-K Botnet Abusing WordPress Vulnerabilities and VMWare Spring Cloud CVE to Propagate
https://www.zdnet.com/article/microsoft-warns-this-botnet-has-new-tricks-to-target-linux-and-windows-systems/
CISA Adds CVE-2022-30525 Vulnerability for Zyxel Firewall to Catalog
https://thehackernews.com/2022/05/watch-out-hackers-begin-exploiting.html
Jamf Threat Labs Team Discovers Variant of MacOS Malware “UpdateAgent” Written in Swift
https://securityaffairs.co/wordpress/131391/malware/updateagent-macos-malware-swift.html
Microsoft Warns of Threat Actors Abusing SQLPS to Brute Force Externally-Facing MSSQL Server Databases
https://www.techradar.com/news/brute-force-attacks-targeting-mssql-servers-microsoft-warns
Italian Security Researchers Report That APT Groups Overwhelmingly Utilize Existing Vulnerabilities Over Zero Day Exploits
https://threatpost.com/apts-overwhelmingly-share-known-vulnerabilities-rather-than-attack-o-days/179657/
PRODAFT Intelligence Team Performs Deep Dive on WIZARD SPIDER Technical Playbook
https://www.zdnet.com/article/wizard-spider-hacking-group-hires-cold-callers-to-scare-ransomware-victims-into-paying-up/

Hand-Picked Top-Read Stories

Weekly Top 10 – 04.22.2024- MITRE breach, Hackers Exploit Fortinet Flaw, UNDP investigates ransomware attack, and More.

Weekly Top 10 – 04.15.2024- Google Bug Bounties, Medusa Ransomware Returns, LG Smart TVs Vulnerable, and More.

Weekly Top 10 – 04.9.2024- XZ Utils Backdoor, Vultur Banking Trojan, New Chrome Features, and More.

Trending Tags

Weekly Top Ten Cybersecurity Stories – 5.20.2022

Previous Post

May 2022 Windows Patches Could Cause Auth Issues On Domain Controllers

Next Post

Avoiding Common Incident Response Pitfalls

The New Standard of

Cybersecurity
Education

Innovate Cybersecurity Summit

Threat Advisories

Weekly Top 10 – 04.22.2024- MITRE breach, Hackers Exploit Fortinet Flaw, UNDP investigates ransomware attack, and More.

Weekly Top 10 – 04.15.2024- Google Bug Bounties, Medusa Ransomware Returns, LG Smart TVs Vulnerable, and More.

Weekly Top 10 – 04.9.2024- XZ Utils Backdoor, Vultur Banking Trojan, New Chrome Features, and More.

Weekly Top 10 – 04.2.2024- SharePoint and AMD Vulnerabilities, Password Spraying VPN Attacks, Tycoon 2FA, and More.

Weekly Top 10 – 03.25.2024- AI Enhanced Cyber Attacks Rising, Microsoft Warns Taxpayers of Tax Return Phishing Scams, “Fluffy Wolf” Stealer Malware Targets Corporate Environments, and More.

Education

Protecting Microsoft Teams From Data Exfiltration – A Tactical DLP Rule

Anatomy of a Data Breach

OpenAI Cybersecurity Research

Breach Report: Healthcare

Analysis of GalComm Chrome Extension Malware