{
	"id": "31f2e6d8-7460-4d75-92a8-9a941ce9ab30",
	"created_at": "2026-05-01T03:09:14.5324Z",
	"updated_at": "2026-05-01T03:10:50.515382Z",
	"deleted_at": null,
	"sha1_hash": "8c9515b003b27af4e60707b3dfd589f8d3b2f69d",
	"title": "Cyber Security Headlines – March 21, 2022",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 106386,
	"plain_text": "Cyber Security Headlines – March 21, 2022\r\nBy Steve Prentice\r\nPublished: 2022-03-21 · Archived: 2026-05-01 02:07:59 UTC\r\nCISA, FBI tell satellite communications network owners to watch out for hacks\r\nafter Ukraine attack\r\nThis alert forms part of CISA’s “Shields Up” program which responds to potential Russian cyberattacks related to\r\nthe Ukraine conflict. As part of the defense of SATCOM network, the program asks all organizations to\r\n“significantly lower their threshold for reporting and sharing indications of malicious cyber activity.” As an\r\nexample of the danger, Victor Zhora, the deputy chairman of the State Service of Special Communications and\r\nInformation Protection of Ukraine, described to the media how the digital sabotage of Viasat’s KA-SAT satellite\r\nhours before the Russian invasion led to “huge loss in communications in the very beginning of the war.” As a\r\nconsequence, lawmakers in the US are pressing the DHS to name space as another critical infrastructure sector\r\nlike health care or energy.\r\n(Cyberscoop)\r\nHackers claim to breach TransUnion South Africa with ‘Password’ password\r\nhttps://cisoseries.com/cyber-security-headlines-march-21-2022/\r\nPage 1 of 4\n\nHackers have breached a server belonging to TransUnion South Africa and have demanded a ransom payment.\r\nThe hacking group, “N4ughtysecTU” is based in Brazil, and says they downloaded 4TB of data. The group also\r\ntold Bleeping Computer “they didn’t steal any user credentials but performed a brute force attack on the SFTP\r\nserver. The account they ultimately breached was allegedly using the password “Password”, so it was quick and\r\nstraightforward to brute-force.” TransUnion has noted it will not pay the ransom.\r\n(Bleeping Computer)\r\nDeveloper sabotages own npm module prompting open-source supply chain\r\nsecurity questions\r\nAccording to CSOOnline, the developer of a popular JavaScript component hosted on the npm repository\r\n“decided to protest Russia’s invasion of Ukraine by adding code to their own component that would add or delete\r\nfiles on people’s computers in a way they didn’t expect.” The component, node-ipc, is a dependency for a variety\r\nof other projects which consequently had to receive emergency updates to compensate. Experts believe that while\r\ndevelopers certainly have the right to modify their own software, in an act of self-sabotage called protestware,\r\n“such acts risk damaging trust in the open-source ecosystem, which has faced increased supply-chain security\r\nchallenges in recent years.”\r\n(CSOOnline)\r\nCloud-based email threats surge 50% in 2021\r\nThis corresponds with a drop in ransomware and business email compromise (BEC) detections as attacks become\r\nmore targeted, according to Trend Micro in a recent report. “The number of phishing attempts almost doubled\r\nduring the period, as threat actors continued to target home workers. Of these, 38% were focused on stealing\r\ncredentials, the report claimed.” The report also mentions that misconfigured cloud systems were also a critical\r\nrisk factor in 2021, with AWS Key Management Service (AWS KMS) and Amazon Elastic Container Service\r\n(Amazon ECS) having some of the highest misconfiguration rates\r\n(InfoSecurity Magazine)\r\nThanks to our episode sponsor, Varonis\r\nOn average, an employee can access 17 million files on day one. Varonis will show you where\r\ncritical data is vulnerable, detect anomalies, and automatically right-size privileges to get you to\r\n“Zero Trust.” Their data security platform can test your ransomware readiness and show you where\r\nyou stack up. Learn more at www.varonis.com/cisoseries.\r\nAvoslocker ransomware gang targets US critical infrastructure\r\nhttps://cisoseries.com/cyber-security-headlines-march-21-2022/\r\nPage 2 of 4\n\nThe FBI has published a joint cybersecurity advisory in conjunction with the US Treasury Department and the\r\nFinancial Crimes Enforcement Network, warning of AvosLocker ransomware attacks targeting multiple US\r\ncritical infrastructure. The AvosLocker ransomware-as-a-service emerged in the threat landscape in September\r\n2021, and since January has expanded its targets by implementing the support for encrypting Linux systems,\r\nspecifically VMware ESXi servers. AvosLocker claims to directly handle ransom negotiations, as well as the\r\npublishing and hosting of exfiltrated victim data after their affiliates infect targets.\r\n(Security Affairs)\r\nNew Phishing toolkit lets anyone create fake Chrome browser login windows\r\nAccording to BleepingComputer, “A phishing kit has been released that allows red teamers and wannabe\r\ncybercriminals to create effective single sign-on phishing login forms using fake Chrome browser windows,\r\nknown as a Browser in the Browser (BitB) Attack.” Security researcher mr.d0x told BleepingComputer that these\r\ntemplates are easy to use in creating convincing Chrome windows to display single sign-on login forms for any\r\nonline platform. Mr.d0x, who released the templates Google Chrome for Windows and Mac on GitHub, said that\r\nredteamers could simply download the templates, edit them to contain the desired URL and Window title, and then\r\nuse an iframe to display the login form. “Kuba Gretzky, creator of the Evilginx phishing toolkit, tested the new\r\nmethod and showed how it worked perfectly with the Evilginx platform, meaning it could be adapted to steal 2FA\r\nkeys during phishing attacks.”\r\n(Bleeping Computer)\r\nDarkHotel APT targets Wynn, Macao Hotels to steal guest data\r\nThe group has been targeting luxury hotels in Macao with a spear-phishing campaign aimed at “breaching their\r\nnetworks and stealing the sensitive data of high-profile guests staying at resorts.” A threat research report from\r\nTrellix identified the South Korean DarkHotel APT group as the culprit, stating the campaign began at the end of\r\nNovember. It consisted of with emails containing malicious Excel macros that were sent to members of hotel\r\nmanagement who had access to hotel networks. These included human resources and office managers.\r\n(ThreatPost)\r\nAnonymous leaks data stolen from Russian pipeline company Transneft\r\nAccording to Security Affairs, “the Anonymous collective claims it has hacked Omega Company, the in-house\r\nR\u0026D unit of Transneft, the Russia-based state-controlled oil pipeline company.” The hacktivists claim to have\r\nstolen 79GB of emails from the largest oil pipeline company in the world, and havepublished them on the leak site\r\nof Distributed Denial of Secrets, a non-profit whistleblower organization. The stolen data includes invoices,\r\nequipment technical configurations, and product shipment information. The Omega Company produces high-tech\r\nacoustic and temperature monitoring systems for oil pipelines.\r\n(Security Affairs)\r\nhttps://cisoseries.com/cyber-security-headlines-march-21-2022/\r\nPage 3 of 4\n\nSource: https://cisoseries.com/cyber-security-headlines-march-21-2022/\r\nhttps://cisoseries.com/cyber-security-headlines-march-21-2022/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://cisoseries.com/cyber-security-headlines-march-21-2022/"
	],
	"report_names": [
		"cyber-security-headlines-march-21-2022"
	],
	"threat_actors": [],
	"ts_created_at": 1777604954,
	"ts_updated_at": 1777605050,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/8c9515b003b27af4e60707b3dfd589f8d3b2f69d.pdf",
		"text": "https://archive.orkl.eu/8c9515b003b27af4e60707b3dfd589f8d3b2f69d.txt",
		"img": "https://archive.orkl.eu/8c9515b003b27af4e60707b3dfd589f8d3b2f69d.jpg"
	}
}