Blog

Latest Cyberthreats and Advisories - August 12, 2022

Aug 12, 2022

8.12 Cyberthreats 1 Cyberattacks hit global companies, critical vulnerabilities discovered in top tech products and the top malware strains of 2021 make headlines this week. Here are the latest cybersecurity threats and advisories for the week of August 12, 2022.

Threat Advisories and Alerts

CISA and ACSC List the Top Malware Strains of 2021

A joint cybersecurity advisory has been released by CISA and ACSC. The advisory names the top malware strains of 2021, which include Agent Tesla, AZORult, Formbook, GootLoader, LokiBot, MOUSEISLAND, NanoCore, Qakbot, Remcos, TrickBot and Ursnif. The malware strains consist of ransomware, information stealers, trojans (RATS) and banking trojans. To protect organizations, the advisory recommends user training, the application of timely patches, offline data backups, multifactor authentication and securing Remote Desktop Protocol (RDP).

Source: https://www.cisa.gov/uscert/ncas/alerts/aa22-216a

Microsoft’s Latest Patch Fixes 121 Flaws and Zero-Day Vulnerabilities

Microsoft’s August 2022 Patch Tuesday fixes 121 vulnerabilities, 17 of which are deemed critical because they allow elevation of privileges and remote code execution. The zero-day vulnerability patches are for DogWalk (deemed innocuous when first discovered in January of 2020) and the Microsoft Exchange Information Disclosure Vulnerability (CVE-2022-30134 ), which allows cyberattackers to read targeted emails. CISA and the Canadian Centre for Cybersecurity have issued advisories for these vulnerabilities.

Source: https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2022-patch-tuesday-fixes-exploited-zero-day-121-flaws/

VMware Releases Another Patch—This Time for a Critical Auth Bypass Vulnerability

Only a week ago did VMware release a patch to fix a critical vulnerability that could give threat actors admin privileges. Earlier this week, VMware released additional security updates to prevent this same type of attack. The patches address a critical authentication bypass security flaw that has affected multiple products. Thankfully for users, VMware said there’s no evidence attackers are exploiting these security issues. Regardless, CISA has issued an advisory encouraging users and admins to make the appropriate updates. Download links and instructions for the patches can be found on VMware’s knowledgebase website .

Source: https://www.bleepingcomputer.com/news/security/vmware-warns-of-public-exploit-for-critical-auth-bypass-vulnerability/

NHS cyber-attack could leave staff without patient records ‘for three weeks’

A recent cyber-attack on NHS medical records could mean that medics are unable to access patients’ notes for three weeks, health chiefs have warned. The software system, which supports the NHS 111 non-emergency phone service and electronic records, was shut down last week after it was attacked by hackers. The company that operates the systems was unable to say when the outage will end, with hospital staff being told to prepare for at least three weeks of disruption.

Source: https://www.telegraph.co.uk/news/2022/08/10/nhs-cyber-attack-could-leave-staff-without-patient-records-three/

Emerging Threats and Research

Twilio Suffers Data Breach from Social Engineering Attack

Cloud communications company Twilio was recently hit with a sophisticated social engineering cyberattack whereby employees were phished by threat actors who pretended to be Twilio’s IT department. The attackers sent text messages to staff asking them to click on a link to update their passwords or review schedule changes. The cybercriminals gained access to some internal company systems and a limited number of Twilio customer accounts. TechCrunch has reported that similar attacks have targeted other organizations, including an IT outsourcing company, customer service provider and a U.S. internet provider.

Source: https://www.helpnetsecurity.com/2022/08/09/twilio-phished-data-breach/

Cyberattack Forces 7-Eleven to Close All Stores in Denmark

A cyberattack on the morning of August 8 caused all 7-Elevens throughout Denmark to shut down. According to a statement released by the global convenience store chain, the attack disrupted payment and checkout systems, making them unusable. Further details about the type of attack have yet to be reported.

Source: https://www.bleepingcomputer.com/news/security/7-eleven-stores-in-denmark-closed-due-to-a-cyberattack/  

Slack Bug Exposes Hashed Passwords of Thousands of Users

The messaging company Slack has admitted to exposing the hashed passwords of 0.5% of its workspace users. As the company has over 10 million active users, that equates to at least 50,000 accounts. The bug reportedly affected all users who created or revoked shared invitation links between April 17, 2017, and July 17, 2022. While Slack doesn’t believe the flaw allowed criminals to get ahold of plaintext passwords, the company has taken the precaution to reset the passwords of all affected users.

Source: https://www.theregister.com/2022/08/08/slack_passwords/

To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board.