Russia warns West: We can target your commercial satellites
This from senior Russian foreign ministry official Konstantin Vorontsov, deputy director of the Russian foreign ministry’s department for non-proliferation and arms control, speaking to the United Nations. He stated that commercial satellites from the United States and its allies could become legitimate targets for Russia if they were involved in the war in Ukraine. Vorontsov did not mention any specific satellite companies though Elon Musk said earlier this month that his rocket company SpaceX would continue to fund its Starlink internet service in Ukraine, citing the need for “good deeds.”
(Reuters)
New York Post says its site was hacked after posting offensive tweets
The New York Post said it was hacked on Thursday after several articles and tweets that were racist and violent in nature, were published to the newspaper’s website and Twitter account. They were pulled a short time later. It’s believed the New York Post’s content management system, which is used for publishing stories and articles, may have been breached. In addition, the tweets were sent via SocialFlow, a website plugin used to deliver stories to social media sites.
White House announces 100-day cyber sprint for chemical sector
This is the most recent sector to be targeted by President Biden’s 100-day cybersecurity sprint. Announced on Wednesday, this is an effort designed to “sharpen operators’ focus on the most significant risks from a digital attack such as gas leaks and other contaminations.” It also seeks to improve information sharing and coordination between public and private sectors and to “encourage chemical manufacturers to deploy threat detection on control systems.” This is one of a number of initiatives launched by the Biden administration, following ones aimed at the electrical, pipeline, water and railway sectors.
Pizza123 password takes momentum out of Fast Company
The breach of the Fast Company news channel that occurred in late September was achieved by exploiting an easily guessed default password, “pizza123.” The magazine reused this password across a dozen WordPress accounts, according to the hackers themselves, who goes by the handle “Thrax” and who described the attack as “ridiculously easy” in an article published on FastCompany.com before the publication took the site down. The hackers claimed to have used the vulnerable password pizza123 to access authentication tokens, Apple News API keys, and Amazon Simple Email Service (SES) tokens. Then they sent offensive push notifications to the home screens of subscribers of the FastCompany channel on the Apple News service.
Thanks to this week’s episode sponsor, Votiro
They’re in your applications, cloud storage, endpoints, and emails.
That’s right – UFOs – Unidentified File Objects – are hiding in files across your organization.
UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can’t be detected by traditional scanning solutions like Anti-Virus and Sandboxing.
That’s where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files – without detection, and without slowing down business.
Do you believe? Learn more at Votiro.com/UFOs.
Apple iOS and macOS flaw could have let apps eavesdrop on Siri conversations
A security flaw in Apple’s iOS and macOS operating systems, now patched, could potentially have enabled apps with Bluetooth access to eavesdrop on conversations with Siri. Apple said “an app may be able to record audio using a pair of connected AirPods,” adding it addressed the Core Bluetooth issue in iOS 16.1 with improved entitlements. The bug, dubbed SiriSpy, has been assigned the identifier CVE-2022-32946.
Cisco warns of active exploitation attempts targeting Cisco AnyConnect Secure Mobility Client for Windows
The warning speaks to two security flaws, tracked as CVE-2020-3153 (CVSS score: 6.5) and CVE-2020-3433 (CVSS score: 7.8), in the Cisco AnyConnect Secure Mobility Client for Windows. Both are dated from 2020 and are now patched. According to Security Affairs, “the CVE-2020-3153 flaw resides in the installer component of AnyConnect Secure Mobility Client for Windows, an authenticated local attacker can exploit the flaw to copy user-supplied files to system level directories with system level privileges. The CVE-2020-3433 vulnerability resides in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows. An authenticated, local attacker can exploit the issue to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system.”
Chrome extensions with 1 million installs hijack targets’ browsers
According to Bleeping Computer, “researchers at Guardio Labs have discovered a new malvertizing campaign pushing Google Chrome extensions that hijack searches and insert affiliate links into webpages. Because all these extensions offer color customization options and arrive on the victim’s machine with no malicious code to evade detection, the analysts named the campaign ‘Dormant Colors.'” Thirty variants of the browser extensions have become available on both the Chrome and the Edge web stores, leading to over a million installs. When these extensions are first installed, they will redirect users to various pages that side-load malicious scripts that instruct the extension on how to perform search hijacking and on what sites to insert affiliate links.
New cryptojacking campaign targeting vulnerable Docker and Kubernetes instances
The campaign, named Kiss-a-dog, has has a command-and-control infrastructure overlapping with other groups like TeamTNT, which is known to strike misconfigured Docker and Kubernetes instances. The intrusions, which were identified first in September, get their name from a domain named “kiss.a-dog[.]top” used to trigger a shell script payload on the compromised container.