In this week’s Cyber Weekly Digest, we look at the latest DDoS attack to hit another VoIP provider and threat actors who were able to remain undetected on an Australian water supplier’s servers for nine months. Keep reading to stay up to date on the latest cyber security stories from the week.
This week stock trading platform, Robinhood, disclosed a data breach after their systems were attacked, allowing threat actors to access the personal information of 7 million customers. The threat actor was able to access personal information through social engineering methods. The attacker called a customer support employee and was able to gain access to the customer support systems. Robinhood also received an extortion demand after learning about the attack. Robinhood does not believe that any social security numbers, bank account numbers or debit card numbers were exposed in the attack. Robinhood has warned customers and provided suggestions for customers concerned about the safety of their accounts.
Telnyx is the latest VoIP telephony provider to be targeted by a Distributed Denial of Service (DDoS) att ack. At the beginning of the week, Telnyx was targeted by an attack causing all telephony services to fail or be delayed. This year VoIP providers have been increasingly targeted with DDoS extortion attacks such as VoIP.ms and Bandwidth, both being targets in September this year. Since the attack, Telnyx has moved its EMEA and APAC services behind Cloudflare.
A new zero-day vulnerability has been disclosed in Palo Alto Networks GlobalProtect VPN that an unauthenticated network-based attacker could abuse to execute arbitrary code on affected devices with root user privileges. Tracked as CVE-2021-3064, the vulnerability has a critical CVSS score of 9.8 and impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. The technical details related to CVE-2021-3064 have been withheld for 30 days to prevent threat actors from abusing the vulnerability to stage real-world attacks.
This month’s Microsoft Patch Tuesday released updates for a total of 55 vulnerabilities, which is relatively low considering past Patch Tuesdays. Six of this month’s patches are rated critical, with the other 49 rated important. One of the most critical patches is for a critical remote code execution RCE weakness in the Exchange Server, caused by issues with the validation of command-let (cmdlet) arguments. Microsoft says they are aware of “limited targeted attacks” using this vulnerability in the wild.
According to a report published by Queensland Audit Office this week, Australian government-owned water supplier SunWater was breached for nine months, with the actors remaining undetected the entire time. The breach occurred between August 2020 and May 2021, and the actors managed to access a web server used to store customer information by the water supplier. The attackers planted a custom malware that was used to increase visitor traffic to an online video platform.