Cyber Security Headlines: Boeing subsidiary incident, Stripe job cuts, news website malware

Cyber incident at Boeing subsidiary causes flight planning disruptions

Jeppesen, the navigation and flight planning tools company owned by Boeing, confirmed on Thursday that it is “dealing with a cybersecurity incident that has caused some flight disruptions.” A warning was issued on its website on Wednesday, stating that the Colorado-based firm was experiencing “technical issues with some of our products, services, and communication channels.” According to The Record, “although the extent of the disruptions is unclear, the incident is at least impacting the receipt and processing of current and new Notice to Air Missions (NOTAMs) — an industry term for notices filed with aviation authorities to alert pilots of potential hazards along a flight route.” Matthew Klint, author of the Live And Let’s Fly travel blog, stated that the incident was believed to be ransomware.

(The Record)

Stripe to lay off 14% of workforce

The digital payments company plans to reduce its staff numbers by 14% in response to startups seeking to rein in costs. This will leave Stripe with 7,000 employees, according to an internal email from founders Patrick and John Collison on Thursday. The Collisons added, “we were much too optimistic about the internet economy’s near-term growth in 2022 and 2023 and underestimated both the likelihood and impact of a broader slowdown.” The layoffs come just months after the company cut its internal valuation by 28%, according to a Julky 14 report from the Wall Street Journal.

(Reuters)

Over 250 US news websites deliver malware via supply chain attack

It is being reported by Proofpoint that a threat actor tracked as TA569, was responsible for targeting “an unnamed media company that serves many news outlets in the US,” which turned into a supply chain attack. According to Proofpoint, the service provider delivers content to its partners via a JavaScript file. “The attacker modified the codebase of that script to push a piece of malware known as SocGholish to the affected news websites’ visitors.” 

(Security Week)

Hackers use rogue versions of KeePass and SolarWinds to distribute RomCom RAT

Targets of the operation are victims in Ukraine and select English-speaking countries like the U.K. Researchers at Blackberry explained, “while downloading a free trial from a spoofed SolarWinds site, a legitimate registration form appears.” This leads to a “malware-laced installer bundle of malicious software, and then sending phishing emails to targeted victims.” The twist is that the malware triggers follow-up calls from real SolarWinds sales personnel who might contact the victim to follow up on the product trial. That technique misleads the victim into believing that the recently downloaded and installed application is completely legitimate.” 

(The Hacker News)

Thanks to this week’s episode sponsor, Votiro

UFOs are everywhere.
They’re in your applications, cloud storage, endpoints, and emails.
That’s right – UFOs – Unidentified File Objects – are hiding in files across your organization. 
UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can’t be detected by traditional scanning solutions like Anti-Virus and Sandboxing.
That’s where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files – without detection, and without slowing down business.
Do you believe? Learn more at Votiro.com/UFOs.

Royal Mail customer data leak shutters online Click and Drop

The UK’s Royal Mail Click and Drop website was closed down on Tuesday after a “security issue” allowed some customers to see order information belonging to other customers. The Click and Drop service allows customers to print labels, pay for postage online, and track packages. According to an alert posted on Click and Drop’s status page, the data leak started around 13:00 GMT, and, Royal Mail shut down the website about an hour later. Royal Mail did not immediately respond to questions regarding the number of customers whose data was exposed, or whether the incident was due to a mistake or something more malicious.

(The Register)

Cyber threat landscape shaped by Ukraine conflict, ENISA report reveals

It may come as no surprise that the European Cybersecurity Agency (ENISA)’s threat landscape annual report 2022 is heavily influenced by the impact of the Russian invasion of Ukraine on the cyber landscape, which it describes as a “game changer,” showing an increase in cyber incidents in February and March 2022. The report also points out that with more than 10 TB of data stolen monthly during the covered period, ransomware remains a prime threat. More generally, it stated that the use of malware was on the rise again after a decrease that occurred in 2021, which was and linked to the COVID-19 pandemic. ENISA also noticed an increase in denial-of-service attacks from the summer of 2022. Noticeably, a DDoS attack that targeted an Eastern European customer of the American firm Akamai in July 2022 proved to be the largest ever launched in Europe.

(InfoSecurity Magazine)

White House ransomware summit highlights need for borderless solutions

The White House held its Second International Counter Ransomware Initiative Summit (CRI) this past week, which included leaders from 36 countries as well as the European Union. The goal of the summit was to build on the work of its 2021 predecessor. A subsequent fact sheet stated that “throughout the summit, CRI and private-sector partners discussed and developed concrete, cooperative actions to counter the spread and impact of ransomware around the globe.” US National Security Advisor Jake Sullivan stressed the importance of international collaboration in tackling the ongoing ransomware crisis during the session’s closing remarks. Some of the companies participating in the event were Crowdstrike, Mandiant, Microsoft, Palo Alto Networks, SAP, Siemens, and Telefonica.

(CSO Online)

Drones now deliver security loophole to see through walls

Researchers from Canada’s University of Waterloo have developed a drone-powered device that can use Wi-Fi networks to see through walls. Nicknamed Wi-Peep, the device “can fly near a building and then use the inhabitants’ Wi-Fi network to identify and locate all Wi-Fi-enabled devices inside in a matter of seconds.” It then exploits a technical loophole that means even if a network is password protected, smart devices will automatically respond to contact attempts from any device within range. “The Wi-Peep sends several messages to a device as it flies and then measures the response time on each, enabling it to identify the device’s location to within a meter. This could allow thieves to triangulate the location and type of smart devices.”

(Techxplore.com)

Steve Prentice
Author, speaker, expert in the area where people and technology crash into each other, viewed from the organizational psychology perspective. Host of many podcasts, voice actor and narrator for corporate media and audiobooks. Ghost-writer for busy executives.