CISA Exploit List, Multi-Company Hacks, and New Cyber Insurance Policy
10 Items Added to CISA Actively Exploited List
by Artie Kaye
The US Cybersecurity and Infrastructure Security Agency had added 10 items to their list of must address exploits. The date to fix by is September 15, 2022. As these are actively being used by attackers in the wild it is recommended to resolve the issues. Below are the CVE numbers, the companies, and the link to the solutions for said problems.
For a more comprehensive list of all vulnerabilities, visit cisa.gov (Opens in a new tab/window.)
Twilio, CloudFlare and Oktapus
by Artie Kaye
The recent hacks against Twilio, CloudFlare and many other companies have been made by a group dubbed Oktapus. The moniker comes from the apparent desire to find Okta credentials in the targeted databases. Okta is a company which provides single sign on services, which allows one account to access the accounts linked to it. As many business portals can be accessed using Okta, this magnifies the potential damage that could be done.
Researchers at Permiso have outlined a potential source for attack, which could shed light on why the Okta accounts are the target for Oktapus. The vector is account management, and transferring existing account privileges from one account to another. This is a function of the software and can only be implemented by administrator level users. Okta has given a list of suggestions for decreasing the chance of being compromised. Links to Permiso’s and Okta’s posts can be found below.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)
Lloyd’s of London and Cyber Insurance
by Artie Kaye
In a bulletin released on August 16, Lloyd’s of London has addressed the increase in financial damages brought on by cyber attacks. They are choosing to make an exclusion for state sponsored cyber attacks, which could disqualify someone from an insurance payout if the cyber attack came from a government, or government backed attacker. With their place in the insurance world, these decisions could be adopted by many other companies in the coming months across the world. The full bulletin is linked below.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)