Blog

Latest Cyberthreats and Advisories - August 19, 2022

Aug 19, 2022

8.19 Cyberthreats Big tech breaches, the rise of callback phishing and joint advisories issued by CISA…here are the latest cybersecurity threats and advisories for the week of August 19, 2022.

Threat Advisories and Alerts

Cybercriminals Exploit Zimbra Vulnerabilities

CISA and MS-ISAC have issued a joint advisory in response to active exploitation of multiple vulnerabilities against Zimbra Collaboration Suite (ZCS). Cybercriminals may target unpatched ZCS security holes in government and private sector networks. Organizations who didn’t make  the appropriate updates upon patch release should assume they’ve been compromised and follow the recovery steps in the CISA advisory.

Source: https://www.cisa.gov/uscert/ncas/alerts/aa22-228a

CISA and the FBI Issue Warning for Zeppelin Ransomware

The FBI and CISA have issued a joint advisory concerning Zeppelin ransomware, which has been active since 2019. The ransomware targets a wide range of businesses, from healthcare organizations to defense contractors and more. Attacks are perpetrated via phishing campaigns, RDP exploitation and SonicWall firewall vulnerabilities. FBI and CISA encourage ransomware victims to report all incidents.

Source: https://www.cisa.gov/uscert/ncas/alerts/aa22-223a

Cisco Releases Patches for Multiple Vulnerabilities

Security updates have been released for vulnerabilities affecting Cisco Firepower Threat Defense Software and Adaptive Security Appliance Software. CISA encourages users and admins to apply the necessary updates, as the vulnerabilities could enable attackers to access sensitive information.

Source: https://www.cisa.gov/uscert/ncas/current-activity/2022/08/11/cisco-releases-security-update-multiple-products

Apple updates MacOS to address critical flaws

Mac maker Apple this week released macOS Monterey 12.5.1, an update to the Mac operating system. The update includes two security updates that affect the Kernel and WebKit and are serious. Apple says the flaw may allow an app “to execute arbitrary code with kernel privileges” and may have been actively exploited.

Source: https://www.macworld.com/article/833211/macos-monterey-12-5-1-security-updates.html

Emerging Threats and Research

Twilio Breach Exposed the Phone Numbers of 1,900 Signal Users

A Twilio breach from earlier this month is now known to have exposed the SMS registration codes and phone numbers of 1,900 users of messaging app Signal, a customer of Twilio. Signal has claimed that other personal data of the affected users—such as contact lists, profile information, message history, etc.—is secure and wasn’t accessed by the attacker. Signal is contacting the 1,900 users directly, asking them to re-register the app on their devices.

Source: https://www.theregister.com/2022/08/16/twilio_breach_fallout_signal_user/

Mailchimp Breach Exposes the Email Addresses of DigitalOcean Customers

Some users of the cloud infrastructure provider DigitalOcean were affected by a recent Mailchimp attack. On August 8, DigitalOcean learned that its Mailchimp account had been compromised, which it believes was part of a wider Mailchimp security incident. Email addresses of some DigitalOcean customers were exposed, and the attackers reportedly tried to reset the passwords of the corresponding accounts. Affected customers have been contacted by DigitalOcean directly and their accounts have since been secured. DigitalOcean users should be vigilant about potential phishing attacks in the coming weeks.

Source: https://www.helpnetsecurity.com/2022/08/16/mailchimp-digitalocean-security-incident/

Callback Phishing up 625% Since Q1 2021

A hybrid form of phishing known as “callback phishing” is on the rise. According to Agari’s Q2 2022 cyber-intelligence report, the sophisticated attacks have increased 625% since the first quarter of 2021, compared to a 6% increase for normal phishing volumes. Attacks are typically orchestrated via an email sent to unsuspecting victims about an invoice or fake subscription notice. Victims are then asked to call a phone number to resolve the issue, at which point the scammers trick them into sharing sensitive information or downloading malware.

Source: https://www.bleepingcomputer.com/news/security/callback-phishing-attacks-see-massive-625-percent-growth-since-q1-2021/

265 Brands Impersonated in Credential Phishing Attacks This Year

A report by Abnormal Security found that 15% of phishing emails impersonate well-known brands to fool victims. Threat actors send fake emails that masquerade as the popular brands, using their reputation and familiarity to persuade employees to give their login credentials. The first half of 2022 saw 265 brands impersonated, the most popular of which was LinkedIn. Other major brands imitated include three more Microsoft product brands: OneDrive, Outlook and Microsoft 365.

Source: https://www.helpnetsecurity.com/2022/08/15/landscape-email-threat/

To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board.