A sophisticated attack would undoubtedly compromise the majority of organizations.
Similar social engineering techniques were used by the unidentified attackers who broke into the communications business Twilio to attempt to penetrate the supplier of reverse proxies Cloudflare, but they were unsuccessful.
According to Cloudflare, the company's Zero Trust security technology and the usage of hardware keys for authentication secured its network.
Engineers Daniel Stinson-Diess and Sourov Zaman, as well as Cloudflare founder Matthew Prince, said in a post-mortem of the assault that on July 20, at least 76 employees, including some of their family members, received texts that appeared to be from reputable sources.
Similar to Twilio, the communications requested that staff members check any changes to their schedules and included a link to what seemed to be the Cloudflare Okta login page.
Cloudflare uses Okta as its identity supplier.
Tavis Ormandy, a Google researcher, identified the second OpenSSL flaw, CVE-2022-0778, as an infinite loop denial-of-service bug in February.
March saw a patch.
Mitsubishi claimed that GT SoftGOT2000 version 1.280S or later has the issues fixed (pdf).
