WEEKLY TOP TEN | JUNE 17, 2022 12:55 GMT
Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:
- Threat Actors Are Abusing Atlassian Confluence Vulnerabilities to Deploy AvosLocker and Cerber2021 Ransomware
https://www.bleepingcomputer.com/news/security/confluence-servers-hacked-to-deploy-avoslocker-cerber2021-ransomware/ - Microsoft Fortifies Azure Data Factory and Synapse Pipelines Against “SynLapse” Vulnerability
https://thehackernews.com/2022/06/technical-details-released-for-synlapse.html - HelloXD Ransomware Found Deploying MicroBackdoor Alongside Ransomware Payloads
https://securityaffairs.co/wordpress/132207/malware/helloxd-ransomware-installs-microbackdoor.html - Avast Security Researchers Discover “Syslogk” Linux Rootkit Using “Magic Packets” To Activate Backdoors on Networks
https://securityaffairs.co/wordpress/132232/malware/syslogk-linux-rootkit.html - JFrog Security Researchers Discover RCE Vulnerability in Fastjson Library
https://securityaffairs.co/wordpress/132333/security/fastjson-library-rce.html - Akamai Security Researchers Discover Panchan Peer-to-Peer Botnet Attacking Linux Servers
https://www.akamai.com/blog/security/new-p2p-botnet-panchan - Travis CI Logs Found Storing User Tokens in Plaintext, Vulnerable to Compromise
https://blog.aquasec.com/travis-ci-security - Proofpoint Discovers Potential Flaw in Office365 Allowing for Encryption of Cloud-based Data
https://www.proofpoint.com/us/blog/cloud-security/proofpoint-discovers-potentially-dangerous-microsoft-office-365-functionality - Microsoft Releases Patch for “Follina” Zero Day Flaw
https://techcrunch.com/2022/06/15/follina-windows-zero-day/ - Citrix Patches CVE-2022-27511 Vulnerability Affecting Application Delivery Management (ADM)
https://securityaffairs.co/wordpress/132299/security/citrix-application-delivery-management-flaw.html
