WEEKLY TOP TEN | JUNE 24, 2022 12:59 GMT
Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:
- Google Researchers Discover Years-Old Apple Safari Vulnerability in Active Exploitation
https://thehackernews.com/2022/06/google-researchers-detail-5-year-old.html - Cisco Announces It Won’t Patch End-of-Life Routers Affected By CVE-2022-20825
https://securityaffairs.co/wordpress/132437/security/cisco-rce-small-business-rv-routers.html - Researchers Discover Flaws in MEGA Cloud Storage Allowing Theft of Credentials and Malicious File Uploads
https://thehackernews.com/2022/06/researchers-uncover-ways-to-break.html - Threat Actors Abusing Azure Front Door (AFD) For Phishing Attacks
https://securityaffairs.co/wordpress/132458/cyber-crime/azure-front-door-phishing.html - Cyble Labs Discloses Risk of Using Misconfigured Network Management Tools
https://blog.cyble.com/2022/06/16/misconfigured-tool-allows-hackers-insight-into-complete-it-networks/ - “DFSCoerce” NTLM Relay Attack Similar to PetitPotam Method Discovered
https://securityaffairs.co/wordpress/132473/hacking/dfscoerce-attacks-windows-domains.html - APTs Increasingly Use IoT, OT, Network Devices to Achieve Persistence
https://www.darkreading.com/attacks-breaches/how-apts-are-achieving-persistence-through-iot-ot-and-network-devices - .LNK File-based Malware Builders Are Growing in Popularity
https://blog.cyble.com/2022/06/22/quantum-software-lnk-file-based-builders-growing-in-popularity/ - Researcher Creates Website Capable of Fingerprinting Google Chrome Users via Chrome Extensions
https://www.bleepingcomputer.com/news/security/google-chrome-extensions-can-be-fingerprinted-to-track-you-online/ - Secureworks Researchers Note Chinese Threat Actor Using Ransomware As Cover for IP Theft
https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader