By security practitioners, for security practitioners innovate | novacoast federal | novaSOC | novacoast
By security practitioners, for security practitioners

Weekly Top Ten Cybersecurity Stories – 5.6.2022

WEEKLY TOP TEN | MAY 6, 2022 13:01 GMT

Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:

  1. AvosLocker Variant Abusing Legitimate Security Driver and Log4Shell to Propagate
    https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
  2. Kaspersky Discovers Fileless Malware Injecting Into Windows Event Logs For Defense Evasion
    https://threatpost.com/attackers-use-event-logs-to-hide-fileless-malware/179484/
  3. Emotet Botnet Operators Testing New Techniques in Advance of Windows VBA Macro Changes
    https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
  4. Synology Discloses Multiple Vulnerabilites in QNAP NAS Devices via Netatalk Security Flaws
    https://securityaffairs.co/wordpress/130778/hacking/synology-netatalk-vulnerabilities.html
  5. SentinelOne Officially Discloses Avast Driver Flaw Allowing for Disabling of Security Products and Code Execution
    https://securityaffairs.co/wordpress/130944/security/avast-avg-antivirus-flaws.html
  6. Threat Actor UNC3524 Performing Bulk Email Collection To Support Espionage Campaign Focused on Operational Security and Longer Dwell Times
    https://www.mandiant.com/resources/unc3524-eye-spy-email
  7. Security Researchers Discover Multi-year Winnti Campaign That Stole Troves of Intellectual Property Data
    https://www.computerweekly.com/news/252516710/Intellectual-property-theft-operation-attributed-to-Winnti-group
  8. CoFense Discusses Leaked Conti Logs, Focusing on Phishing and Threat Selection Methodology
    https://www.infosecurity-magazine.com/blogs/phishing-takeaways-from-the-conti/
  9. Pro-Ukraine Hackers Abusing Docker Installs to Launch DDoS Attacks Against Russian Organizations
    https://securityaffairs.co/wordpress/130901/cyber-warfare-2/docker-images-ddos-attack-russia.html
  10. Security Researcher Discovers Vulnerability in Several Ransomware Samples, Preventing Encryption via DLL Hijacking
    https://securityaffairs.co/wordpress/130883/malware/stoppin-ransomware-with-dll-hijacking.html
Previous Post

How To Get the Most Out of Your Pen Test

Next Post

F5Networks Security Fixes—Critical RCE Impacting BIG-IP

Innovate uses cookies to give you the best online experience. If you continue to use this site, you agree to the use of cookies. Please see our privacy policy for details.