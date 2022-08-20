This week, we have some very unusual news that surprised us. First, a hacker announced that he hacked a website that allows users to send poop to anyone. According to the hacker’s statement, he is also a customer. Second, a music video became a vulnerability officially. Janet Jackson’s song has a CVE now. Another weird news is that a hacker group claims that they breached a UK water company’s systems. While that company denies the allegations, another UK water company admitted that they suffered the attack.

Russian hackers are still focusing on Ukraine

Symantec announced that they discovered a series of attacks using information-stealing malware is still targeting Ukraine. Russia-linked group, Shuckworm is still using information-stealing malware, a self-extracting 7-Zip file. Subsequently, mshta.exe downloaded an XML file, which was likely masquerading as an HTA file. Files were downloaded from a0698649[.]xsph[.]ru, which is associated with Shuckworm activity.

Cybercriminals target UK water company

South Staffordshire PLC, the company, which provides drinking water for 1.6 million people, has been targeted in a cyber attack. Although South Staffordshire Water didn’t share the details of the cyber attack that the company suffered, the situation became more confusing. Clop ransomware gang claimed that they hacked a water company. However, the gang claims that they have hacked into Thames Water, another UK water company. These are two separate companies providing water to different parts of the UK. But the company declined the allegations.

KDE Frameworks 5.97 is released

KDE Project has announced the release of the KDE Frameworks 5.97, delivering some new features and improvements. KDE Frameworks 5.97 brings F5, Fortinet, and Array protocols support for the OpenConnect VPN plugin in the Plasma Network Manager. Kickoff, KDE Plasma’s application launcher, now has a new Compact mode. This mode squeezes more applications in the same screen space, and it is disabled automatically when Touch Mode is activated. KDE’s file sharing application Samba‘s share permissions can now be remotely managed.

Janet Jackson’s music video gets a CVE

Janet Jackson’s music video from 1989, Rhythm Nation has officially been declared a security vulnerability that causes denial of service. The unusual power of Janet Jackson’s song is revealed by Raymond Chen, in a blog post on Microsoft. According to his claims, one of his colleagues shared the story from Windows XP product support. A major computer manufacturer discovered that playing the music video for Janet Jackson’s “Rhythm Nation” would crash certain models of laptops. Playing the music video on one laptop caused a laptop sitting nearby to crash, even though that other laptop wasn’t playing the video.

Feces delivery service hacked

The popular prank web service, ShitExpress was hacked by a customer while sending feces to a cybersecurity researcher. According to a forum post published

by pompompurin, a notorious hacker who is responsible for stealing private data from companies, the hacker visited ShitExpress to send feces to cybersecurity researcher Vinny Troia. While he is sending feces, he noticed a vulnerability on the website, allowing the hacker to make an SQL injection attack. The hacker managed to download the entire database from the website, including customer messages, email addresses, and other customer order data. Pompompurin shared a small sample data set from the stolen database.

GNOME 43 beta is available for testing

The GNOME Project released the beta version of GNOME 43 on its 25th birthday, bringing many enhancements and bug fixes. GNOME 43 beta takes additional steps with GTK4/Adwaita porting on gnome-console, gnome-initial-setup, and sysprof components of the desktop environment. WebExtensions support has received some improvements alongside GNOME Boxes, which is now capable of fetching operating systems from remote addresses. GNOME Calls has now improved scrolling performance with large call histories, Epiphany web browser removes PDF.js, and GJS comes with additional JavaScript features because of its updated base, SpiderMonkey 102.

Critical Realtek vulnerability leaves networking devices at risk

Researchers announced a critical vulnerability that affects networking devices with Realtek’s RTL819x system on a chip. Octavio Gianatiempo and Octavio Galland announced that the exploit code for a flaw that affects networking devices with Realtek’s RTL819x system on a chip has been released. The researchers stated that this functionality is not documented and can’t be disabled via the router’s web interface. The stack-based buffer overflow vulnerability has a severity score of 9.8. It enables attackers to execute code with specially crafted SIP packets, without authentication. The issue was addressed in March by Realtek. The company stated that it affects rtl819x-eCos-v0.x series and rtl819x-eCos-v1.x series and confirmed that it can be exploited through a WAN interface.

