By security practitioners, for security practitioners innovate | novacoast federal | novaSOC | novacoast
By security practitioners, for security practitioners

Weekly Top Ten Cybersecurity Stories – 7.8.2022

WEEKLY TOP TEN | JULY 8, 2022 11:52 GMT

Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:

  1. DragonForce Malaysia Hacktivist Groups Releases Proof of Concept Code for Novel LPE Flaw Amidst Shift to Ransomware Focus
    https://www.darkreading.com/vulnerabilities-threats/dragonforce-malaysia-releases-lpe-exploit-threatens-ransomware
  2. Threat Actors Leveraging Brute Ratel Red-Team Tool To Better Evade Detection
    https://thehackernews.com/2022/07/hackers-abusing-brc4-red-team.html
  3. Raspberry Robin USB Worm Founded in Hundreds of Networks
    https://securityaffairs.co/wordpress/132826/malware/microsoft-raspberry-robin-spreading.html
  4. CISA Adds Windows LSA Flaw CVE-2022-26925 to the Known Exploited Vulnerabilities Catalog
    https://securityaffairs.co/wordpress/132830/security/cisa-orders-patch-cve-2022-26925.html
  5. EvilNum Deploying Malware via Office Word Templates And Spearphishing Campaigns
    https://www.govinfosecurity.com/evilnum-hacking-group-updates-ttps-targeting-fintech-a-19496
  6. CISA Releases Alert Regarding North Korean APTs Deploying Maui Ransomware Against Healthcare and Public Health Sector
    https://www.cisa.gov/uscert/ncas/alerts/aa22-187a
  7. ALPHV Ransomware Organizing Leaded Data Into Searchable Format, Increasing Risk of Complex Attacks
    https://blog.cyble.com/2022/07/06/alphv-ransomware-expands-its-arsenal-of-extortion-techniques/
  8. Lazarus Group Malware VSingle Using GitHub for C2 Server Information
    https://blogs.jpcert.or.jp/en/2022/07/vsingle.html
  9. The Django Project Team Patches a SQL Injection Flaw CVE-2022-34265 In Their Python-based Framework
    https://securityaffairs.co/wordpress/132853/security/django-framework-sql-injection.html
  10. Microsoft Releases Patch for ShadowCoerce NTLM Relay Flaw
    https://www.bleepingcomputer.com/news/microsoft/microsoft-quietly-fixes-shadowcoerce-windows-ntlm-relay-bug/
Previous Post

CISA Suggests Patching Severe Vulnerability in OpenSSL

Next Post

Forge Rock Training

Innovate uses cookies to give you the best online experience. If you continue to use this site, you agree to the use of cookies. Please see our privacy policy for details.