Carnival Corporation, the world’s largest cruise line operator, disclosed a ransomware attack affecting one of its brands in a filing with the Securities and Exchange Commission (SEC) yesterday. The filing mentions that the attack, discovered on August 15th, successfully encrypted and stole data from one of their brand’s IT systems. Possibly referencing an earlier data breach this year, Carnival also notes that the stolen data, “could lead to claims from guests, employees, shareholders or regulatory agencies.” Twitter user @bad_packets found that Carnival had multiple NetScaler devices still vulnerable to CVE-2019-19781 which could allow an attacker access to the internal network if successfully exploited. @bad_packets also mentioned finding Palo Alto Networks firewall devices vulnerable to CVE-2020-2021 which could allow remote, unauthenticated attackers to bypass authentication.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in