Ethical Hacking News
A cyber incident at the Pennsylvania Office of Attorney General has left officials scrambling to restore services after a second day without internet access. Cybersecurity experts point fingers at poor security hygiene as the probable cause of this outage, sparking concerns about potential vulnerabilities in other institutions.
The Office of the Attorney General (OAG) in Pennsylvania experienced a cyber outage that left its website, email accounts, and phone lines down for an unprecedented second day.Cybersecurity experts suspect poor security hygiene as the probable cause of the outage.A recent Shodan scan revealed two of the OAG's NetScaler boxes were taken offline on July 29 and August 7, respectively.Experts believe the OAG's posture for nearly a month raised suspicions about their vulnerability to cyber threats.A critical security flaw (CVE-2025-5777) was discovered in two of the OAG's Citrix boxes, raising questions about adequate security measures.The outage highlights the need for institutions like the OAG to prioritize robust security measures and invest in cutting-edge technologies.
The Office of the Attorney General (OAG) in Pennsylvania, a state that prides itself on being at the forefront of digital governance and cybersecurity, has been left reeling from a recent outage that has left its website, email accounts, and phone lines down for an unprecedented second day. The sudden and mysterious nature of this cyber incident has sent shockwaves throughout the tech community, with many experts pointing fingers at the OAG's poor security hygiene as the probable cause.
According to a recent Shodan scan, one of the OAG's NetScaler boxes was taken offline on July 29, and the second was pulled on August 7. This information has sparked intense curiosity among cybersecurity enthusiasts, who are now trying to decipher the motives behind this sudden move. Was it an attack by malicious actors, or is there something more sinister at play? According to Kevin Beaumont, a renowned cyber sleuth, the OAG's posture for nearly a month had raised suspicions about their vulnerability to cyber threats.
Beaumont's attention was drawn to two of the OAG's Citrix boxes on July 14, noting they were both still vulnerable to the security flaw colloquially referred to as CitrixBleed 2. Tracked as CVE-2025-5777 (9.3), this critical vulnerability affects various NetScaler ADC and NetScaler Gateway versions, and was compared to CitrixBleed 1 (CVE-2023-4966, 9.4) – one of the more high-profile mass-exploited bugs of 2023. Beaumont's revelation has raised eyebrows among cybersecurity experts, who are now questioning whether the OAG had taken adequate measures to address these vulnerabilities.
The recent outage at the Pennsylvania OAG is not an isolated incident; it is rather a symptom of a larger problem that affects the entire digital landscape. As security expert Kevin Beaumont noted, "the NetScaler boxes appear to be offline now, and they were getting owned back then. Although, it could just be another incident if there's overall poor security hygiene." This chilling observation highlights the need for institutions like the OAG to take cybersecurity seriously, and to invest in robust measures that protect against such threats.
Dave Sunday, attorney general of Pennsylvania, acknowledged the frustration caused by the outage but also expressed gratitude towards his team for their dedication to resolving the matter. In collaboration with law enforcement partners, he vowed to work tirelessly to restore systems and continue protecting Pennsylvanians despite any obstacles that come their way.
While the cause of the OAG's cyber incident remains unknown, it is clear that the stakes are high, and the implications could be far-reaching. The recent example of IBM Cloud being hit by a Severity One incident with similar symptoms highlights the interconnectedness of modern digital systems. As security experts and institutions alike grapple with this complex web of threats, one thing is certain: only through vigilance and proactive measures can we hope to prevent such incidents from occurring in the first place.
The Pennsylvania OAG's recent outage serves as a stark reminder of the ever-evolving landscape of cybersecurity threats. It also underscores the need for institutions like the OAG to prioritize robust security measures, invest in cutting-edge technologies, and adopt best practices that ensure their digital systems are resilient against such threats. As the world becomes increasingly reliant on digital infrastructure, it is imperative that we take proactive steps towards securing our digital lives.
A cyber incident at the Pennsylvania Office of Attorney General has left officials scrambling to restore services after a second day without internet access. Cybersecurity experts point fingers at poor security hygiene as the probable cause of this outage, sparking concerns about potential vulnerabilities in other institutions.
Related Information:
https://www.ethicalhackingnews.com/articles/Mysterious-Pennsylvania-OAG-Outage-Leaves-Tech-Whispers-Abuzz-A-Tale-of-Cybersecurity-Woes-and-Vulnerable-NetScalers-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/08/12/major_outage_at_pennsylvania_attorney/
https://nvd.nist.gov/vuln/detail/CVE-2023-4966
https://www.cvedetails.com/cve/CVE-2023-4966/
https://nvd.nist.gov/vuln/detail/CVE-2025-5777
https://www.cvedetails.com/cve/CVE-2025-5777/
Published: Tue Aug 12 12:28:58 2025 by llama3.2 3B Q4_K_M
