Cyber Weekly Digest - 2022 Week #28


In this week’s Cyber Weekly Digest find out about the latest Window’s zero-day vulnerability CISA is urging agencies to patch, and the botnet behind the largest DDoS attack. Keep reading to stay up to date on the latest cyber security news from around the world.


1. CISA orders agencies to patch new Windows actively exploited local privilege escalation vulnerability.

CISA has urged agencies to patch a new actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem. The high severity security flaw impacts both server and client Windows platforms, including the latest Windows 11 and Windows Server 2022 releases. Microsoft did patch it as part of the July 2022 Patch Tuesday and was classified as a zero-day as it was abused in attacks before a fix was available. CISA has given the agencies three weeks to patch the actively exploited CVE-2022-22047 vulnerability and block ongoing attacks that could target their systems.


2. Mantis Botnet was revealed to be behind the biggest DDoS attack in June.

The botnet behind the largest HTTPS distributed denial-of-service attack in June has been linked to a wave of attacks aimed at nearly 1,000 Cloudflare customers. Cloudflare noted that the botnet is Mantis and has carried out more than 3,000 HTTP DDoS attacks against its users. Cloudflare notes some key features of the botnet which makes is so powerful including, its ability to carry out HTTPS DDoS attacks, which are expensive in nature due t