Weekly Axis Of Easy #234
Last Week’s Quote was “The idea that everybody you do business or interact with has a moral obligation to share your political views is the height of grandiosity and narcissism. When that is weaponized, you have #CancelCulture.” … was by Mark Jeftovic. No one got it.
This Week’s Quote: “The small fringe minority of people who are on their way to Ottawa, who are holding unacceptable views that they are expressing, do not represent the views of Canadians,”… by???
THE RULES: No searching up the answer, must be posted to the blog – the place to post the answer is at the bottom of the post, in the comments section.
The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.
In this issue:
- Google Chrome announces the first Zero-Day of the year
- Several eCommerce stores running outdated software hit by MageCart Attacks
- Ukrainian Ministry of Defense and state-owned banks targeted by DDoS attacks
- Russian hackers stole sensitive defense information from US contractors
- European Data Protection Supervisor calls for an end to Pegasus spyware
- Facebook settles decade-old privacy violation suit for $90 million
- Researchers discover a high-impact web security vulnerability in Grafana
- Cloud computing company VMware releases security patches for high-severity vulnerabilities
- What’s up with Firefox?
- Researchers reported details of a patched high-severity vulnerability in Apache Cassandra Database Software
Google Chrome announces the first Zero-Day of the year
Google’s Chrome browser received 11 security patches on Monday, including its first zero-day exploit of the year.
According to Google’s brief update, the weakness is a use-after-free vulnerability named CVE-2022-0609, which could allow arbitrary code to be executed on vulnerable systems and lead to all sorts of problems. Browser security sandboxes are also exploitable through these kinds of flaws.
Given that this vulnerability is currently being exploited, Google researchers advise users to update Google Chrome immediately to prevent further security issues.
The company’s brief update also included information about four other high-severity use-after-free flaws found in the browser’s website API, File Manager, Angle, and GPU.
Clément Lecigne and Adam Weidemann, both from Google’s Threat Analysis Group, were responsible for the Animation zero-day fix.
Several eCommerce stores running outdated software hit by MageCart Attacks
Sansec, an eCommerce security consultancy, reported that several online stores using Magento 1 e-commerce system were being targeted by a web skimmer.
According to the company, their crawler program detected approximately 374 infections in one day. The infected files were downloaded from a currently unavailable domain.
In Magento stores susceptible to the Quickview plugin vulnerability, an attacker infiltrates rogue admin users using this vulnerability as the initial intrusion vector. In this case, the flaw was exploited to add a default value, which led to a file carrying a simple backdoor to the database. The code execution is initiated when a prospective consumer navigates to the Magento login page and meets the validation requirements.
Sansec reports that the intruders created 19 backdoors on the compromised system, which means the hacked sites must remove them all to avoid being targeted in future attacks.
Ukrainian Ministry of Defense and state-owned banks targeted by DDoS attacks
The Ministry of Defense and the Armed Forces of Ukraine and two of the country’s state-owned banks were hit by Distributed Denial-of-Service (DDoS) attacks. According to Netblocks, an internet monitoring organization, the incident occurred on Tuesday afternoon and lasted several hours.
“DDoS probably attacked the MOU website. An excessive number of requests per second were recorded. Technical works on restoring regular functioning are being carried out,” the Defense Ministry said on Tuesday afternoon.
No direct attribution has been made for the attacks, but they were likely coordinated from Moscow. The conflict between these two nations has been escalating for months now. Russia intensifies its pressure against the Ukrainian nation after a build-up of tens of thousands of Russian troops near the border with Ukraine.
On this matter, President Biden has warned of consequences against Russia.
“If Russia attacks the United States or our allies through asymmetric means, like disruptive cyber-attacks against our companies or critical infrastructure, we are prepared to respond,” he said.
Russian hackers stole sensitive defense information from US contractors
In a joint statement released on Wednesday, the FBI, alongside CISA and the NSA, has warned that Russian state-sponsored hackers target US contractors for sensitive defense information.
Some of these threat actors have been successful. As a result, they have gained “significant insight into the development and deployment of US weapons platforms, vehicle specifications, and plans for communications infrastructure and information technology.”
The agencies stated that large and small cleared defense contractors (CDC) had been the subjects of “regular targeting” from January 2020 to February 2022. In some cases, these hackers would even keep continued access to several CDC networks for at least six months, according to CISA.
According to the release, threat actors, for instance, exfiltrated hundreds of documents related to the company’s products, relationships with other countries, as well as personnel and legal matters during a compromise in 2021.
The Russian hackers used several hacking methods such as spear phishing or credential harvesting to access these documents. The agencies reported the attacker took advantage of simple passwords, unpatched systems, and innocent workers to “gain initial access before moving laterally through the network to establish persistence and exfiltrate data.”
The FBI, NSA, and CISA expect these attacks to continue targeting CDCs for US defense information and encourage contractors to apply several recommended mitigations to prevent further issues.
European Data Protection Supervisor calls for an end to Pegasus spyware
The European Data Protection Supervisor (EDPS) has called for a ban on controversial Pegasus spyware in the region, warning that NSO’s spyware tool goes against the user’s “fundamental rights,” making it incompatible with the EU’s democratic values.
Developed by the Israeli company NSO Group, Pegasus is a highly sophisticated piece of intrusion software made for phones running Android and iOS that can be used to monitor users and extract sensitive information, record conversations, and monitor location.
The software has been the central piece in a recent controversy sparked by a series of disclosures published by Calcalist, an Israeli day business newspaper. As revealed in the news, the Israel Police collected intelligence about dozens of Israeli citizens by using the NSO Group’s spyware without a search warrant. There’s also evidence that the spyware has been used to hack into the phones of journalists, dissidents, activists, and political figures from several countries.
On this matter, the EDPS has stated that the spyware should not be compared to law enforcement interception tools and that “national security cannot be used as an excuse for the extensive use of such technologies nor as an argument against the involvement of the European Union.“
The EU Data Protection Supervisor called for a better understanding and supervision of surveillance measures. The watchdog proposed a “stricter implementation of data regulations and strengthening legislation outlawing the use of sophisticated hacking tools such as Pegasus to safeguard against unlawful use.”
Facebook settles decade-old privacy violation suit for $90 million
Researchers discover a high-impact web security vulnerability in Grafana
Cloud computing company VMware releases security patches for high-severity vulnerabilities
What’s up with Firefox?
Researchers reported details of a patched high-severity vulnerability in Apache Cassandra Database Software
Previously on #AxisOfEasy
If you missed the previous issues, they can be read online here:
- February 14th, 2022: OilRig Hackers Develop New Backdoor In ‘Out To Sea’ Espionage Campaign
- February 7th, 2022: GoFundMe Shuts Down Trucker Convoy Fundraiser
- January 31st, 2022: North Korean Hackers Hijacked Windows Update To Infect PCs With Malware
- January 25th, 2022: False QR Codes Can Steal Your Money And Passwords
- January 17th, 2022: Hackers Impersonated Amazon To Deploy Ransomware