Satellite disruption investigated, HP printers need updating, and more.
Welcome to Cyber Security Today. It’s Wednesday, March 23rd, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
The U.S. continues to look into the disruption of the European services of the Viasat satellite communications provider on the eve of the Russian invasion of Ukraine. At a press conference Monday deputy national security adviser for cyber Anne Neuberger told reporters intelligence agencies are still investigating what happened. Last week the Cybersecurity and Infrastructure Security Agency warned all satellite communications providers to watch for intrusions in the wake of the Viasat attack. News reports say some customer modems that connect to the satellite’s internet service stopped working. Ukraine’s military is one of the customers. On Monday Viasat’s chairman told CNBC he couldn’t say who was behind the attack. On Tuesday the internet monitoring service NetBlocks said Viasat’s KA-SAT network in Europe was still heavily impacted.
Attention printer administrators: HP has issued security advisories for three vulnerabilities in a wide range of its devices. They must be patched immediately. They include Color LaserJet Enterprise, Pro, Flow and Managed printers as well as Deskjet, OfficeJet Pro and DesignJet printers.
Earlier this month Dell warned IT departments of multiple vulnerabilities that had to be patched in the BIOS firmware of a number of products. These included Alienware, Edge Gateway, Inspirion, Vostro, Latitude, Wyse and XPS devices. This week security researchers at a code analysis called Binarly, who discovered the bugs, explained the background. It’s another example, the company said, of a variants of a particular vulnerability that was discovered in 2016 but is still found in computing devices today. The company argues device manufacturers aren’t examining their source code thoroughly enough.
Finally, I’ve warned before that crooks often are able to sneak malware-filled utilities and games into Google’s Android app store. The latest example of bad app was found by researchers at Pradeo. It had been downloaded over 100,000 times. The app is called Craftsart Cartoon Photo Tools. It purports to be a legitimate photo editing app with a similar name. But this version has an Android trojan that forces users to log in with their Facebook username and password. There’s no logical reason for that, except for stealing Facebook credentials. Which is what it does. This app has now been deleted from the Play Store, but it may still be available on third-party app sites. Google tries hard to screen apps for malware, but some slip through the checks.
Remember links to details about podcast stories are in the text version at ITWorldCanada.com.
You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.