Russia’s satellite warning, New York Post hacked, Fast Company breach
Russia warns the West: We can target commercial satellites
This from senior Russian Foreign Minister Konstantin Vorontsov, Deputy Director of the Russian Foreign Ministry’s Department for Non-Proliferation and Arms Control, speaking to the UN. He stated that commercial satellites from the US and its allies could become legitimate targets for Russia if they were involved in the war in Ukraine. Vorontsov did not name any specific satellite companies, although Elon Musk said earlier this month that his rocket company SpaceX would continue to fund its Starlink Internet service in Ukraine, citing the need for “good works.”
The New York Post says its website was hacked after posting offensive tweets
The New York Post said it was hacked Thursday after several offensive articles and tweets were published on the paper’s website and Twitter account. The articles and tweets, which were racist and violent, were pulled a short time later. It is believed that the New York Post’s content management system, which is used to publish stories and articles, may have been breached. The offending tweets were sent via SocialFlow, a popular website plugin used to send stories to social media. The tweets also contained links that pointed to websites on Posten’s website, but which soon became unavailable.
White House announces 100-day cyber sprint for chemical sector
It is the latest sector to address President Biden’s 100-day cybersecurity sprint, the administration announced Wednesday, an effort designed to sharpen operators’ focus on the most important risks from a digital attack such as gas leaks and other contamination. The sprint also aims to improve information sharing and “analytical coordination” between the public and private sectors and encourage chemical manufacturers to deploy threat detection on control systems. The sprints were first launched as a pilot with the electricity sector in April 2021 and followed up with the pipes, water and rail sectors.
Pizza123 password takes off from Fast Company
The breach of the Fast Company news channel that occurred in late September was accomplished by exploiting an easily guessed default password, “pizza123.” The business magazine reused the weak password across a dozen WordPress accounts, according to the hacker, who goes by the handle “Thrax” and described the attack as “ridiculously simple” in an article published on FastCompany.com before the publication took the site down. The hackers claimed to have used the vulnerable password pizza123 to gain access to authentication tokens, Apple News API keys, and Amazon Simple Email Service (SES) tokens. They then sent offensive push notifications to the home screens of subscribers to the FastCompany channel on the Apple News service.
Thanks to this week’s episode sponsor, Votiro
Apple iOS and macOS flaws could have allowed apps to eavesdrop on Siri conversations
A now-fixed security flaw in Apple’s iOS and macOS operating systems could have potentially enabled apps with Bluetooth access to eavesdrop on conversations with Siri. Apple said that “an app may be able to record audio using a connected pair of AirPods,” adding that it addressed the Core Bluetooth issue in iOS 16.1 with enhanced permissions. Credited for discovering and reporting the bug in August 2022 is app developer Guilherme Rambo. The flaw, called SiriSpy, has been assigned the identifier CVE-2022-32946.
(The Hacker News)
Cisco warns of active exploit attempts targeting the Cisco AnyConnect Secure Mobility Client for Windows
Cisco warns of exploit attempts targeting two security flaws, tracked as CVE-2020-3153 (CVSS score: 6.5) and CVE-2020-3433 (CVSS score: 7.8), in the Cisco AnyConnect Secure Mobility Client for Windows. Both vulnerabilities are dated 2020 and have now been fixed. The CVE-2020-3153 flaw resides in the installation component of the AnyConnect Secure Mobility Client for Windows, an authenticated local attacker could exploit the flaw to copy user-supplied files to system-level directories with system-level privileges. The CVE-2020-3433 vulnerability resides in the interprocess communication (IPC) channel of the Cisco AnyConnect Secure Mobility Client for Windows. An authenticated, local attacker could exploit the issue to perform a DLL hijacking attack. To exploit this vulnerability, an attacker must have valid credentials on the Windows system.
Chrome extensions with 1 million installs hijack browsers to target
Researchers at Guardio Labs have discovered a new malvertising campaign that runs Google Chrome extensions that hijack searches and insert affiliate links on web pages. Because all of these extensions offer color customization options and arrive on the victim’s machine without malicious code to avoid detection, the analysts dubbed the campaign “Sleeping Colors.” According to the Guardio report, as of mid-October 2022, 30 variants of the browser extensions were available on both the Chrome and Edge web stores, amassing over a million installs. When these extensions are first installed, they will redirect users to various pages that sideload malicious scripts that instruct the extension on how to perform search hijacking and on which sites to insert affiliate links.
New cryptojacking campaign targeting vulnerable Docker and Kubernetes instances
Cybersecurity firm CrowdStrike called the activity Kiss-a-dog, with its command-and-control infrastructure overlapping with those linked to other groups such as TeamTNT, which are known to target misconfigured Docker and Kubernetes instances. The hacks, discovered in September, take their name from a domain called “kiss.a-dog”[.]top” which is used to launch a shell script payload on the compromised container using a Base64-encoded Python command.
(The Hacker News)