At a glance.
- Zimbra exploitation.
- PAN-OS vulnerability added to CISA's Known Exploited Vulnerabilities Catalog.
- Iranian APT data extraction tool described.
- LockBit gang comes under DDoS.
- Twitter whistleblower.
- Poland and Ukraine conclude cybersecurity agreement.
- Greek natural gas supplier under criminal cyberattack.
- Targeting and trolling.
Update to the Joint Alert on Zimbra exploitation.
The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) yesterday updated Alert AA22-228A, "Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite," to include two new detection signatures. Exploitation of Zimbra remains a threat, so the alert is worth a look. CISA especially urges organizations that may not have checked their systems for vulnerability to look for evidence of the five vulnerabilities. Patches are available for all of them.
Addition to CISA's Known Exploited Vulnerabilities Catalog.
CISA has also added CVE-2022-0028, a vulnerability in Palo Alto Networks' PAN-OS to its catalog of Known Exploited Vulnerabilities. It's a "reflected amplification denial-of-service vulnerability." Filtering policy misconfigurations could permit "a network-based attacker to conduct reflected and amplified TCP denial-of-service attacks." US Federal agencies overseen by CISA have until September 12th to apply Palo Alto's update.