Daily NCSC-FI news followup 2019-06-22

NASA hacked because of unauthorized Raspberry Pi connected to its networkA:

www.zdnet.com/article/nasa-hacked-because-of-unauthorized-raspberry-pi-connected-to-its-network/ A report published this week by the NASA Office of Inspector General reveals that in April 2018 hackers breached the agency’s network and stole approximately 500 MB of data related to Mars missions. The point of entry was a Raspberry Pi device that was connected to the IT network of the NASA Jet Propulsion Laboratory (JPL) without authorization or going through the proper security review.

WeTransfer Security Incident Sent Files to the Wrong People

www.bleepingcomputer.com/news/security/wetransfer-security-incident-sent-files-to-the-wrong-people/ In an embarrassing security incident, the WeTransfer file sharing service announced that for two days it was sending it’s users shared files to the wrong people. As this service is used to transfer what are considered private, and potentially sensitive files, this could be a big privacy issue for affected users.

Data of 645k Oregonians exposed after nine DHS employees fell for a phishing attack

www.zdnet.com/article/data-of-645k-oregonians-exposed-after-nine-dhs-employees-fell-for-a-phishing-attack/ The personal information of over 645,000 Oregonians who signed up for benefits with the state’s Department of Human Services (DHS) was inadvertently exposed to hackers after nine DHS employees were fooled by phishing emails. The phishing attack happened on January 8, 2019, according to a news release from the Oregon DHS this week.

PoC Released for Outlook Flaw that Microsoft Patched 6 Month After Discovery

thehackernews.com/2019/06/microsoft-outlook-vulnerability.html As we reported two days ago, Microsoft this week released an updated version of its Outlook app for Android that patches a severe remote code execution vulnerability (CVE-2019-1105) that impacted over 100 million users. However, at that time, very few details of the flaw were available in the advisory, which just revealed that the earlier versions of the email app contained a cross-site scripting (XSS) flaw that could allow attackers to run scripts in the context of the current user just by sending a specially crafted email to the victims. Now, Bryan Appleby from F5 Networks, one of the security researchers who reported this issue independently to Microsoft, released more details and proof-of-concept for the Outlook vulnerability that he reported to the tech giant almost six months ago.. See also:

www.f5.com/labs/articles/threat-intelligence/how-i-hacked-the-microsoft-outlook-android-app-and-found-cve-2019-1105

You might be interested in …

Daily NCSC-FI news followup 2020-08-21

Outlook mail issues phishing dont fall for this scam! nakedsecurity.sophos.com/2020/08/21/outlook-mail-issues-phishing-dont-fall-for-this-scam/ Heres a phish that our own security team received themselves. Apart from some slightly clumsy wording (but when was the last time you received an email about a technical matter that was plainly written in perfect English?) and a tiny error of grammar, we thought […]

Read More

Daily NCSC-FI news followup 2019-06-11

Wi-Fi in the office convenient but risky www.kaspersky.com/blog/vulnerable-wi-fi/27250/ Almost every office has a Wi-Fi network today, and sometimes more than one. Who wants to connect laptops with a cable? And forget about smartphones and tablets! However, a wireless network can be a weak point in your IT infrastructure. Not all companies use complex and unique […]

Read More

Daily NCSC-FI news followup 2020-07-12

TrickBot malware mistakenly warns victims that they are infected www.bleepingcomputer.com/news/security/trickbot-malware-mistakenly-warns-victims-that-they-are-infected/ The notorious TrickBot malware mistakenly left a test module that is warning victims that they are infected and should contact their administrator. Testissä 6 salasanojen hallintasovellusta – näillä helpotat elämää tuntuvasti www.tivi.fi/uutiset/tv/b5c602b4-8ed5-46d9-aa32-8bc76ce4298a Satojen eri käyttäjätunnusten ja salasanojen yhdistelmiä on lähes mahdoton muistaa. Miksi edes pitäisi […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.