Cyber Weekly Digest - 2022 Week #31

Updated: Aug 12

Take a look at this week’s Cyber Weekly Digest and read about some of the biggest cyber security news from around the world, including a “massive” cyber attack on the German Chambers of Industry and Commerce, and the security concerns around the vote for the next UK Conservative Party leader. Keep reading to stay up to date on the latest cyber security stories.

1. VMware urges users to patch a critical risk authentication bypass vulnerability.

VMware is warning users to patch multiple products affected by a critical authentication bypass vulnerability that could allow an attacker to gain administrative access to a system as well as exploit other flaws. The vulnerability is tracked as CVE-2022-31656 and has a rating of 9.8 on the CVSS. It is one of a number of fixes the company made in various products in an update released on Tuesday for flaws that could easily become an exploit chain. The flaw is an authentication bypass vulnerability affecting VMware Workspace ONE Access, Identity Manager and vRealize Automation. The bug affects local domain users and requires that a remote attacker must have network access to a vulnerable user interface.

2. BlackCat ransomware claims an attack on European gas pipeline.

The ALPHV ransomware gang, known as BlackCat, has claimed responsibility for a cyber attack against Creos Luxembourg S.A. last week, a natural gas pipeline and electricity network operator. Creos’ owner, Encevo announced the attack last month and resulted in customer portals being unavailable. This week BlackCat added Creos to their extortion site threatening to publish 180,000 stolen files, including contracts, agreements, passports, bills, and emails. Creos has urged all customers to reset their online account credentials as they continue to investigat