WEEKLY TOP TEN | JULY 2, 2022 11:52 GMT
Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:
- Intel471 Notes that Cybercriminals Increasingly Utilize Messaging Apps (Discord, Telegram, etc.) to Deploy RATs, Other Malware
https://intel471.com/blog/cybercrime-telegram-discord-automation-chatbots - “Robin Banks” Phishing-as-a-Service Platform Begins Campaign Against Banking Sector With Highly Complex Attacks
https://www.bleepingcomputer.com/news/security/new-robin-banks-phishing-service-targets-bofa-citi-and-wells-fargo/ - Proofpoint Discovers Shift in TTPs Away from Macros in Wake of Microsoft Security Changes
https://www.proofpoint.com/us/blog/threat-insight/how-threat-actors-are-adapting-post-macro-world - Cyble Labs Warns of Cobalt Strike Beacons Being Deployed Via DLL Sideloading w/ Microsoft Applications
https://blog.cyble.com/2022/07/27/targeted-attacks-being-carried-out-via-dll-sideloading/ - New “Ducktail” InfoStealer Malware Targeting Facebook Business Accounts
https://thehackernews.com/2022/07/new-ducktail-infostealer-malware.html - Kaspersky Discovers Difficult-to-Remove “CosmicStrand” Firmware Rootkit
https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/ - Microsoft Reminds of Windows Server 20H2 End of Service in August 2022
https://www.bleepingcomputer.com/news/microsoft/microsoft-reminder-windows-server-20h2-reaches-eos-next-month/ - LockBit RaaS Targets Small Canadian Town
https://cybernews.com/news/lockbit-targets-small-canadian-town-with-extortion/ - SonicWall Patches SQL Injection CVE-2022-22280 With Analytics On-Prem and Global Management Systems
https://securityaffairs.co/wordpress/133579/security/sonicwall-critical-sqli.html - Palo Alto Incident Response Report Showcases Hard Data Relating to Threat Actor TTPs
https://www.paloaltonetworks.com/unit42/2022-incident-response-report
