WEEKLY TOP TEN | MAY 27, 2022 13:32 GMT
Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:
- CISA Adds 41 New Vulnerabilities to Known Exploited Vulnerabilities Catalog
https://securityaffairs.co/wordpress/131646/security/known-exploited-vulnerabilities-catalog-flaws-2.html - Cisco Releases Security Update for CVE-2022-20821 Affecting IOS XR Software
https://securityaffairs.co/wordpress/131516/security/cisco-ios-xr-flaw.html - Quanta Cloud Technology Servers Found Vulnerable to “Pantsdown” BMC Exploit (CVE-2019-6260)
https://thehackernews.com/2022/05/critical-pantsdown-bmc-vulnerability.html - HP Wolf Security Team Discovers Malware Propagating Via Malicious PDF Documents
https://threatresearch.ext.hp.com/pdf-malware-is-not-yet-dead/# - Threat Actors Targeting Security Researchers Through Fake Proof of Concept Exploits on Github
https://securityaffairs.co/wordpress/131553/intelligence/fake-poc-exploits-attacks.html - Recorded Future Note an Increasing Amount of Session Hijacking and Cookie Theft by Criminals to Bypass MFA
https://www.infosecurity-magazine.com/blogs/threat-session-hijacking-mfa-bypass/ - Red Canary Note Resurgence and New TTPs in ChromeLoader Malvertising Malware
https://redcanary.com/blog/chromeloader/ - Security Research MalwareHunterTeam Discover Shift in IndustrialSpy Malware Towards Ransomware
https://www.bleepingcomputer.com/news/security/industrial-spy-data-extortion-market-gets-into-the-ransomware-game/ - Microsoft Researchers Warn of Web Skimming Campaigns Masquerading As Google Analytics or Meta Pixel Scripts
https://www.microsoft.com/security/blog/2022/05/23/beneath-the-surface-uncovering-the-shift-in-web-skimming/ - Interpol Concerned at Proliferation of APT and Nation-state Malware Into Cybercriminal Hands
https://securityaffairs.co/wordpress/131618/cyber-crime/nation-state-malware-dark-web.html
