Cyber Weekly Digest - 2022 Week #5

Updated: Apr 12


In this week’s Cyber Weekly Digest we take a look at some of the latest supply-chain disrupting cyber attacks impacting organisations around the world including a German petrol distributor and UK snacks producer. Keep reading to stay up to date on the latest cyber security news.


1. KP Snacks has been hit by a Conti ransomware attack.

KP Snacks, a major producer of popular British snacks has been hit by the Conti ransomware group affecting distribution to leading supermarkets. Due to the attack deliveries from KP Snacks to leading superstores are reportedly being delayed or cancelled altogether, which could last until March. A private leak page shows the Conti ransomware group claiming responsibility for the attack, by posting samples of stolen files.


2. APT35 is using a new Powershell backdoor called PowerLess.

The Iranian advanced persistent threat (APT), Charming Kitten is now deploying a new backdoor which researchers have dubbed PowerLess Backdoor, a previously undocumented PowerShell trojan that supports downloading additional payloads, such as a keylogger and an info stealer. Researchers noted that the PowerShell code runs in the context of a .NET application, therefore not launching 'powershell.exe' which enables it to evade security products.


3. German petrol distributor’s operations severely impacted by a cyber attack.

Oiltanking GmbH, a German petrol distributor who supplies Shell gas stations in the country, has fallen victim to a cyberattack that severely impacted its operations. Because Oiltanking supplies 26 companies in the country, German media raised worries about shortages. This is because of the automated tank loading and unloading process which is currently online and cannot fall back onto a manual process. No Threat actors have claimed the attack yet.


4. Samba addresses a critical severity vulnerability that can let attackers gain remote code execution with root privileges.

Samba is an interoperability suite that allows Windows and Linus/Unix-based hosts to work together and share file and print services with multi-platform devices on a common network. This week Samba addressed critical severity vulnerability in the Samba platform that could allow attackers to gain remote code execution with root privileges on servers. The flaw is specifically is an out-of-bounds heap read/write vulnerability in the VFS module called “vfs_fruit.” The flaw affects all versions of Samba prior to v.4.13.17 and has a CVSS rating of 9.9.


5. Business services provider Morley disclosed a data breach after suffering a ransomware attack last year.

This week Morley Companies Inc. disclosed a data breach following a ransomware attack in August last year allowing threat actors to steal data before encrypting files. Morley is a US company offering business services to Fortune 500 and Global 100 firms. After investigating the attack, the company determined that the threat actors stole the personal information of 521,046 individuals during the attack, including data for Morley's employees, contractors, and clients.



17 views