News for August 29, 2022

10 Items Added to CISA Actively Exploited List
by Artie Kaye

The US Cybersecurity and Infrastructure Security Agency had added 10 items to their list of must address exploits.  The date to fix by is September 15, 2022.  As these are actively being used by attackers in the wild it is recommended to resolve the issues.  Below are the CVE numbers, the companies, and the link to the solutions for said problems.




VMware Tanzu


Grafana Labs

Delta Electronics




Twilio, CloudFlare and Oktapus
by Artie Kaye

The recent hacks against Twilio, CloudFlare and many other companies have been made by a group dubbed Oktapus.  The moniker comes from the apparent desire to find Okta credentials in the targeted databases.  Okta is a company which provides single sign on services, which allows one account to access the accounts linked to it.  As many business portals can be accessed using Okta, this magnifies the potential damage that could be done. 

Researchers at Permiso have outlined a potential source for attack, which could shed light on why the Okta accounts are the target for Oktapus.  The vector is account management, and transferring existing account privileges from one account to another.  This is a function of the software and can only be implemented by administrator level users.  Okta has given a list of suggestions for decreasing the chance of being compromised.  Links to Permiso’s and Okta’s posts can be found below.

Lloyd’s of London and Cyber Insurance
by Artie Kaye

In a bulletin released on August 16, Lloyd’s of London has addressed the increase in financial damages brought on by cyber attacks.  They are choosing to make an exclusion for state sponsored cyber attacks, which could disqualify someone from an insurance payout if the cyber attack came from a government, or government backed attacker.  With their place in the insurance world, these decisions could be adopted by many other companies in the coming months across the world.  The full bulletin is linked below.