Security News > 2022 > March

Cyberattackers are targeting uninterruptible power supply devices, which provide battery backup power during power surges and outages. UPS devices are usually used in mission-critical environments, safeguarding critical infrastructure installations and important computer systems and IT equipment, so the stakes are high.

It turns out the only thing Russian forces needed to knock thousands of Ukrainian satellite broadband customers offline was a misconfigured VPN. Viasat, whose Ukrainian satellite broadband service was knocked offline the day Russia invaded Ukraine, said its analysis of the attack revealed a poorly configured VPN appliance was used by the attacker to access the trusted management section of the KA-SAT satellite network. "These destructive commands overwrote key data in flash memory on the modems, rendering the modems unable to access the network, but not permanently unusable," Viasat said today.

Taiwan-based network-attached storage maker QNAP warned on Tuesday that most of its NAS devices are impacted by a high severity OpenSSL bug disclosed two weeks ago. Attackers can exploit the vulnerability, tracked as CVE-2022-0778, to trigger a denial of service state and remotely crash unpatched devices.

The Lapsus$ data extortionists are back from a week-long "Vacation," they announced on Telegram, posting ~70GB worth of data purportedly stolen from software development giant Globant. "We are officially back from a vacation," the gang wrote on their Telegram channel, posting images of exfiltrated data and admin credentials.

Google has updated its Stable channel for the desktop version of Chrome, to address a zero-day security vulnerability that's being actively exploited in the wild. The bug, tracked as CVE-2022-1096, is a type-confusion issue in the V8 JavaScript engine, which is an open-source engine used by Chrome and Chromium-based web browsers.

A coordinated operation conducted by the FBI and its international law enforcement partners has resulted in disrupting business email compromise schemes in several countries. BEC actors are high-level scammers who trick employees of real companies into making payments to bank accounts under their control, pretending to be a business partner or a firm submitting a legitimate payment order.

VMware's Horizon virtualization platform has become an ongoing target of attackers exploiting the high-profile Log4j flaw to install backdoors and cryptomining malware. VMware in late December released an updated version of Horizon and continued with patches for Horizon this month for the Log4j flaw - called Log4Shell and tracked as CVE-2021-44228 - but the threat continues.

Threat analysts have discovered a new obfuscation technique used by the Hive ransomware gang, which involves IPv4 addresses and a series of conversions that eventually lead to downloading a Cobalt Strike beacon. There are numerous ways to achieve obfuscation, each with its own set of pros and cons, but a novel one discovered in a an incident response involving Hive ransomware shows that adversaries are finding new, stealthier ways to achieve their goal.

Threat actors from North Korea have been exploiting a vulnerability in Google Chrome to target certain users with remote code, particularly news outlets, software vendors and fintechs in the United States. On Feb. 10, Google's TAG team discovered two distinct threat actors using that vulnerability to target U.S.-based organizations spanning news media, IT, cryptocurrency and fintech industries.

Chances are we'll continue to hear reports of software breakdowns in vehicle systems, and as vehicles increasingly rely on code, risks of vulnerabilities affecting security and safety grow exponentially. Preventing this type of issue in the development stage requires software engineers to follow secure coding standards that define how to write code in order to avoid security vulnerabilities in device software.