Cyber Security Headlines: Boeing subsidiary incident, Stripe job cuts, news website malware

Cyber incident at Boeing subsidiary causes flight planning disruptions

Jeppesen, a wholly-owned Boeing subsidiary that provides navigation and flight planning tools, confirmed on Thursday that it is dealing with a cybersecurity incident that has caused some flight disruptions. A red banner was added to the company’s website on Wednesday, warning that the Colorado-based firm was experiencing “technical issues with some of our products, services, and communication channels.” Although the extent of the disruptions is unclear, the incident is at least impacting the receipt and processing of current and new Notice to Air Missions (NOTAMs) — an industry term for notices filed with aviation authorities to alert pilots of potential hazards along a flight route. Matthew Klint, who runs the Live And Let’s Fly travel blog, reported that the incident was believed to be ransomware.

(The Record)

Stripe to lay off 14% of workforce

The digital payments giant, which was valued at $95 billion in its last funding round, is cutting its headcount by about 14% as startups try to navigate a tough investment market rush to rein in costs. After the job cuts, Stripe will have about 7,000 employees, according to an email to employees from founders Patrick and John Collison on Thursday, adding, “we were much too optimistic about the internet economy’s near-term growth in 2022 and 2023 and underestimated both the likelihood and impact of a broader slowdown.” U.S. technology stocks have been crushed this year as tightening monetary policy and worries of a looming recession soured investor sentiment. The layoffs come months after Stripe cut its internal valuation by 28%, according to a report.


Over 250 US news websites deliver malware via supply chain attack

Hundreds of regional and national news websites in the United States are delivering malware as a result of a supply chain attack involving one of their service providers. Cybersecurity company Proofpoint reported on Wednesday that a threat actor it tracks as TA569 appears to be behind the attack. The hackers have targeted an unnamed media company that serves many news outlets in the US. The service provider delivers content to its partners via a JavaScript file. The attacker modified the codebase of that script to push a piece of malware known as SocGholish to the affected news websites’ visitors. 

(Security Week)

Hackers use rogue versions of KeePass and SolarWinds to distribute RomCom RAT

Targets of the operation consist of victims in Ukraine and select English-speaking countries like the U.K. “While downloading a free trial from a spoofed SolarWinds site, a legitimate registration form appears,” researchers at Blackberry explained. This leads to a malware-laced installer bundle of malicious software, and then sending phishing emails to targeted victims. The twist is that the malware triggers follow-up calls from real SolarWinds sales personnel who might contact the victim to follow up on the product trial. That technique misleads the victim into believing that the recently downloaded and installed application is completely legitimate.” 

(The Hacker News)

Thanks to this week’s episode sponsor, Votiro

UFOs are everywhere.
They’re in your applications, cloud storage, endpoints, and emails.
That’s right – UFOs – Unidentified File Objects – are hiding in files across your organization. 
UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can’t be detected by traditional scanning solutions like Anti-Virus and Sandboxing.
That’s where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files – without detection, and without slowing down business.
Do you believe? Learn more at

Royal Mail customer data leak shutters online Click and Drop

A technical SNAFU shut down the UK’s Royal Mail Click and Drop website on Tuesday after a security “issue” allowed some customers to see others’ order information. The service allows customers to print labels and pay for postage online, and then track packages until they reach their destination. The data leak started around 13:00 GMT, and according to an alert posted on Click and Drop’s status page, Royal Mail shut down the website about an hour later. Royal Mail did not immediately respond to The Register‘s questions about how many customers’ data was exposed, or whether the incident was due to a mistake or something more malicious.

(The Register)

Cyber threat landscape shaped by Ukraine conflict, ENISA report reveals

The European Cybersecurity Agency (ENISA)’s threat landscape annual report 2022 is heavily influenced by the impact of the Russian invasion of Ukraine on the cyber landscape, which it describes as a “game changer, showing an increase in February and March 2022, around the time the Russian invasion of Ukraine in late February. With more than 10 TB of data stolen monthly during the covered period, ransomware remains a prime threat, ENISA said. More generally, the use of malware was on the rise again after the decrease that was noticed in 2021 and linked to the COVID-19 pandemic. ENISA also noticed an increase in denial-of-service attacks from the summer of 2022. Noticeably, a DDoS attack that targeted an Eastern European customer of the American firm Akamai in July 2022 proved to be the largest ever launched in Europe.

(InfoSecurity Magazine)

White House ransomware summit highlights need for borderless solutions

The US White House this week convened its Second International Counter Ransomware Initiative Summit (CRI), bringing together leaders from 36 countries and the European Union in person to build on the work of its first ransomware summit in 2021. Later, the White House issued a fact sheet stating that throughout the summit, CRI and private-sector partners discussed and developed concrete, cooperative actions to counter the spread and impact of ransomware around the globe. In closing remarks at the summit, US National Security Advisor Jake Sullivan stressed the importance of international collaboration in tackling the ongoing ransomware crisis. Some of the companies that participated in the event included Crowdstrike, Mandiant, Microsoft, Palo Alto Networks, SAP, Siemens, and Telefonica.

(CSO Online)

Drones now deliver security loophole to see through walls

A research team based out of the University of Waterloo has developed a drone-powered device that can use Wi-Fi networks to see through walls. The device, nicknamed Wi-Peep, can fly near a building and then use the inhabitants’ Wi-Fi network to identify and locate all Wi-Fi-enabled devices inside in a matter of seconds. The Wi-Peep exploits a loophole even if a network is password protected, smart devices will automatically respond to contact attempts from any device within range. The Wi-Peep sends several messages to a device as it flies and then measures the response time on each, enabling it to identify the device’s location to within a meter. This could allow thieves to triangulate the location and type of smart devices.”