Cyber Weekly Digest - 2022 Week #34


In this week’s Cyber Weekly Digest we discuss some of the recent vulnerabilities and issues in cyber security vendors as well as one of the most popular password management solutions that confirmed it was breached. Keep reading to find out about the biggest cyber security news from the week.


1. The CISA issues a warning that Palo Alto Networks’ PAN-OS is under active attack.

This week the CISA issued a warning to the public and federal IT security teams to apply available fixes for Palo Alto Networks’ PAN-OS. Earlier this month Palo Alto Networks issued a fix for the high-severity bug (CVE-2022-0028) stating that threat actors had attempted to exploit it. The vulnerability could be used by remote attackers to carry out reflected and amplified DoS attacks without having to authenticate targeted systems. PAN has said the flaw can only be exploited on a limited number of systems, under certain conditions and that the vulnerable systems are not part of a common firewall configuration.


2. Threat actors behind the Twilio and Cloudflare breaches have hit over 130 organisations.

The threat actor behind the attacks on Twilio and Cloudflare earlier this month has been linked to a broader phishing campaign aimed at 136 organisations that resulted in a cumulative compromise of 9,931 accounts. Researchers noted the threat actors singled out employees of companies that are customers of identity services provider Okta. The campaign involved sending the targets text messages containing links to phishing sites that impersonated the Okta authentication page. At least 169 unique phishing domains are said to have been set up for this campaign so far, with most of the targets being based in the US.


3. VMware’s Carbon Black started causing BSOD on Windows systems.

Windows servers and workstations at over 50 organisations started to crash earlier this week because of an issue caused by certain versions of VMware’s Carbon Black endpoint security solution. The problem was caused by a ruleset deployed to Carbon Black Cloud Sensor 3.6.0.1979 - 3.8.0.398 which caused devices to crash and show a blue screen at startup, denying access to them. One customer noted that they had around 500 endpoints BSOD around 15:00 BST on Tuesday. VMware has since contacted impacted customers to correct the issue.


4. Dominican government agency hit by ransomware attack.

The Dominican Republic's Instituto Agrario Dominicano has been hit by a Quantum ransomware attack that encrypted multiple services and workstations. The Instituto Agrario Dominicano (IAD) is part of the Ministry of Agriculture and is responsible for executing Agrarian Reform programs in the country. The National Cybersecurity Center that is assisting the agency recover from the attack has said that the IP addresses of the attackers were from the U.S. and Russia. The Quantum ransomware operation was behind the attack, which initially demanded a $650,000 ransom from the agency. The threat actors claimed to have stolen over 1TB of data and threatened to release it if IAD did not pay a ransom publicly. The IAD said they are unlikely to pay the ransom, as they cannot afford to.


5. Last Pass developer systems breached to steal source code.

It has been revealed that Last Pass, a password management solution, was compromised two weeks ago. LastPass released a security advisory yesterday confirming that it was breached through a compromised developer account that attackers used to access the company's developer environment. While LastPass says there is no evidence that customer data or encrypted password vaults were compromised, the threat actors did steal portions of their source code and "proprietary LastPass technical information." In response to the breach, LastPass has deployed containment and mitigation measures.



17 views