Security News > 2022 > March

US satellite communications provider Viasat has shared an incident report regarding the cyberattack that affected its KA-SAT consumer-oriented satellite broadband service on February 24, the day Russia invaded Ukraine. Today's incident report comes after the KA-SAT satellite network - "Used intensively by the Ukrainian military" - was affected by a cyberattack that triggered satellite service outages in Central and Eastern Europe.

A spearphishing campaign targeting Russian citizens and government entities that are not aligned with the actions of the Russian government is the latest in numerous threats that have emerged since Russia invaded the Ukraine in February. MalwareBytes observed two documents associated with the campaign using the previously identified flaw dubbed MSHTML and tracked as CVE-2021-40444.

Cybercriminals trying to foist the Mars Stealer malware onto users seemingly have a penchant for one particulat tactic: disguising it as legitimate, benign software to trick users into downloading it. In a recent campaign described by Morphisec malware researcher Arnold Osipov, the threat actor distributed the malware via cloned websites offering well-known software such as Apache Open Office.

A new spear phishing campaign is taking place in Russia targeting dissenters with opposing views to those promoted by the state and national media about the war against Ukraine. The campaign targets government employees and public servants with emails warning of the software tools and online platforms that are forbidden in the country.

Researchers from the University of Oxford published details of a vulnerability in the Combined Charging System that has the potential to abort charging. The Combined Charging System is one of the plethora of standards in the EV charging world, and allows DC fast charging.

The malicious uses of these technologies are scary: Police reportedly arrived on the scene last week and found the man crouched beside the woman’s passenger side door. According to the police, the...

As cybercriminals increasingly turned to the dark web to pressure victims to pay up by threatening to release sensitive data, ransomware has reached new heights, Palo Alto Networks revealed. The average ransom demand jumped 144% in 2021, reaching $2.2 million, while the average payment rose 78%, reaching $541,010.

A research from Wabbi and IDG found that companies which utilize continuous security have seen a 50% decrease in vulnerabilities. As the number of attacks increase daily, it has become essential to integrate security within the SDLC. Most respondents agree it is essential to integrate security throughout the development lifecycle, yet only 15% report it being integrates from the beginning.

The UK's National Cyber Security Centre has advised users of Russian technology products to reassess the risks it presents. In advice that builds on 2017 guidance about technology supply chains that include links to hostile states, NCSC technical director Ian Levy stated that the agency has not found evidence "That the Russian state intends to suborn Russian commercial products and services to cause damage to UK interests."

Lapsus$ continues to cause trouble for single-sign-on-as-a-service outfit Okta, as new information about the gang's attack has emerged. Security researcher Bill Demirkapi, who revealed some evidence of Lapsus$'s heist of Nvidia data, has revealed what he claims are documents detailing the attack on Sitel - the outsourced tech support provider engaged by Okta and which was the entity breached by Lapsus$.