CyberSec Roundup
A synopsis of the Latest Cybersecurity News

Zegna Confirms Ransomware Attack

In August 2021, the Italian luxury fashion house Ermenegildo Zegna were the victims of a ransomware attack by the RansomEXX group, which disrupted most of their IT infrastructure. The company recently confirmed the attack in their SEC filing, disclosing that they did not pay the ransom, which lead to RansomEXX publishing the stolen data.

GitHub Security Alert

GitHub Security recently discovered an attack campaign using stolen OAuth user tokens issued to third-party OAuth integrators, Heroku and Travis-CI. Github confirmed that the tokens were not stolen from their systems directly, but were being used to download data from dozens of organizations. Github has taken measures to protect its users, and has asked Heroku and Travis-CI to conduct security investigations into the incident.

CISA updates Known Exploited Vulnerabilities Catalog

CISA added nine new vulnerabilities to this catalog, as these vulnerabilities are frequently used by threat actors to compromise networks. These cover vulnerabilities that were recently patched from VMware, Google Chrome, D-Link and others. Organizations are urged to review the list and ensure their systems are patched accordingly.

By: David Pinder
IT & Security Consultant
Certified Ethical Hacker (Master)