By security practitioners, for security practitioners novacoast federal | Pillr | novacoast | about innovate
By security practitioners, for security practitioners

Weekly Top Ten Cybersecurity Stories – 9.30.2022

WEEKLY TOP TEN | SEPTEMBER 30, 2022 18:37 GMT

Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:

  1. Microsoft Exchange Zero-Day SSRF + RCE Chained Exploits
    https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-new-exchange-zero-days-are-used-in-attacks/
  2. Russian APT28 Utilizing Novel Powerpoint-centric Phishing Techniques to Deploy Graphite Malware
    https://www.bleepingcomputer.com/news/security/hackers-use-powerpoint-files-for-mouseover-malware-delivery/
  3. Hackers Achieving Low-Observable Persistence on ESXi Virtual Machines via Malicious vSphere Installation Bundles
    https://www.bleepingcomputer.com/news/security/new-malware-backdoors-vmware-esxi-servers-to-hijack-virtual-machines/
  4. Okta Subsidiary Auth0 Discloses Partial Compromise of Code Repositories
    https://www.bleepingcomputer.com/news/security/auth0-warns-that-some-source-code-repos-may-have-been-stolen/
  5. Small Business-centric FARGO Ransomware Operators Abusing MS-SQL in Recent Campaign
    https://www.itpro.co.uk/security/ransomware/369162/fargo-ransomware-targets-vulnerable-microsoft-sql-servers-in-new-wave-of
  6. Metador APT Discovered After 2-year ISP-focused Infiltration Campaign
    https://securityaffairs.co/wordpress/136239/apt/metador-targets-isp-networks.html
  7. High Potency Multi-Platform Chaos Botnet Malware Discovered by Security Researchers
    https://blog.lumen.com/chaos-is-a-go-based-swiss-army-knife-of-malware/
  8. NullMixer RAT-Dropper Deploying Over a Dozen RATs via Software Cracks and Keygens
    https://securelist.com/nullmixer-oodles-of-trojans-in-a-single-dropper/107498/
  9. Threat Actors Turn Towards Quantum Builder to Evade Detection and Diversify Attack Methodology
    https://thehackernews.com/2022/09/cyber-criminals-using-quantum-builder.html
  10. Bl00dy Ransomware Operator Begins Copycat Campaign in Wake of Lockbit BLACK Source Code Leak
    https://securityaffairs.co/wordpress/136345/cyber-crime/bl00dy-ransomware-lockbit-3-encryptor.html
Previous Post

Gytpol Training and Certification

Next Post

Microsoft Warns of Two Actively-Exploited Exchange Zero-Days

Innovate uses cookies to give you the best online experience. If you continue to use this site, you agree to the use of cookies. Please see our privacy policy for details.