March | 2022 | OSG: Bits, Bytes and Packets

Skip navigation

Monthly Archives: March 2022

Krebs: Bad actors gaining access to customer data from internet service providers, phone companies and social media via hijacked accounts used by law enforcement and government agencies, bypassing subpoena process

March 30, 2022 – 3:34 pm
Posted in Computers and Internet, Cyber security, FBI, Fraud, Leaked Credentials, Social Engineering
Tagged EDR, Emergency Data Requests, krebsonsecurity.com, Subpoena, Warrant
Leave a Comment

https://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/

FBI releases a Private Industry Notification warning of phishing campaign aimed at U.S. Election Officials as well as state/local officials

March 30, 2022 – 2:35 pm
Posted in Attacks, CISA, Community, Computers and Internet, Cyber security, FBI, Fraud, Phishing, Privacy, Social Engineering
Leave a Comment

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/30/fbi-releases-pin-phishing-campaign-against-us-election-officials

SANS provides some clarity on the Java Spring Framework vulnerability and Spring Cloud Function

March 30, 2022 – 2:15 pm
Posted in Uncategorized
Tagged CVE-2022-22963, isc.sans.edu, SerializationUtils, Spring Cloud Function, Spring Framework, spring4shell
Leave a Comment

https://isc.sans.edu/forums/diary/Possible+new+Java+Spring+Framework+Vulnerability+Updated+not+a+Spring+problem/28498/

https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html

FCC adds Kaspersky to the “Covered List”; citing unacceptable risks to U.S. national security

March 25, 2022 – 5:59 pm
Posted in Anti-Virus, Computers and Internet, Cyber security, Supply Chain
Tagged Covered List, FCC, Kaspersky, Risk, Russia
Leave a Comment

https://www.bleepingcomputer.com/news/security/us-says-kaspersky-poses-unacceptable-risk-to-national-security/

Google releases emergency patch for zero-day vulnerability that is being exploited in the wild. Get to 99.0.4844.84

March 25, 2022 – 4:36 pm
Posted in Computers and Internet, Cyber security, Google, Patch Available, Vulnerability, Zero Day
Tagged 99.0.4844.84, Apple Mac, Chrome, CVE-2022-1096, Linux, WIndows
Leave a Comment

https://www.bleepingcomputer.com/news/security/emergency-google-chrome-update-fixes-zero-day-used-in-attacks/

Allot more phishing is coming…

March 25, 2022 – 4:26 pm
Posted in Computers and Internet, Cyber security, Phishing, Social Engineering
Tagged Bitcoin Variation, Emotet, FortiGuard Labs Research, Fortinet, IRS-themed email, Refugee war scams, Tax Season, Ukraine Related Scams
Leave a Comment

https://www.fortinet.com/blog/threat-research/bad-actors-capitalize-current-events-email-scams

Updated Statement by Okta CSO on Twitter posts of a security incident.

March 22, 2022 – 2:41 pm
Posted in Attacks, Breaking, Computers and Internet, Cyber security, Technology
Tagged MFA, Okta
Leave a Comment

https://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/

Possible Okta incident claimed on Twitter. Okta is investigating but CSO said an January, 2020 incident at a 3rd party was detected and contained. Microsoft may also have been impacted

March 22, 2022 – 12:05 pm
Posted in Attacks, Breaking, Business Continuity, Computers and Internet, Cyber security, HAck, Leaked Credentials, Microsoft, Supply Chain Attack
Tagged Developing story, Okta, securitymagazine.com, telegraph.co.uk, thehackernews.com, Twitter
Leave a Comment

https://www.securitymagazine.com/articles/97302-cybersecurity-firm-okta-investigating-possible-data-breach

https://thehackernews.com/2022/03/lapsus-hackers-claim-to-have-breached.html

https://www.telegraph.co.uk/business/2022/03/22/okta-hack-puts-thousands-companies-high-alert/

Okta CSO statement
https://sec.okta.com/articles/2022/03/official-okta-statement-lapsus-claims

In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor. (1 of 2)
— Todd McKinnon (@toddmckinnon) March 22, 2022

White House warns that Russia is exploring cyber attack options in the U.S.

March 21, 2022 – 6:05 pm
Posted in Attacks, Computers and Internet, Cyber security, Disaster Recovery, Technology
Tagged therecord
Leave a Comment

https://therecord.media/white-house-re-ups-concerns-about-russian-cyberattacks-based-on-evolving-intelligence

Internet Explorer… the end is near

March 18, 2022 – 9:11 am
Posted in Computers and Internet, End of Life, Microsoft, Microsoft Patches
Tagged Bleepingcomputer.com, IE Mode, Internet Explorer
Leave a Comment

https://www.bleepingcomputer.com/news/microsoft/microsoft-reminds-of-internet-explorers-looming-demise-in-june/