Daily NCSC-FI news followup 2019-06-22

NASA hacked because of unauthorized Raspberry Pi connected to its networkA:

www.zdnet.com/article/nasa-hacked-because-of-unauthorized-raspberry-pi-connected-to-its-network/ A report published this week by the NASA Office of Inspector General reveals that in April 2018 hackers breached the agency’s network and stole approximately 500 MB of data related to Mars missions. The point of entry was a Raspberry Pi device that was connected to the IT network of the NASA Jet Propulsion Laboratory (JPL) without authorization or going through the proper security review.

WeTransfer Security Incident Sent Files to the Wrong People

www.bleepingcomputer.com/news/security/wetransfer-security-incident-sent-files-to-the-wrong-people/ In an embarrassing security incident, the WeTransfer file sharing service announced that for two days it was sending it’s users shared files to the wrong people. As this service is used to transfer what are considered private, and potentially sensitive files, this could be a big privacy issue for affected users.

Data of 645k Oregonians exposed after nine DHS employees fell for a phishing attack

www.zdnet.com/article/data-of-645k-oregonians-exposed-after-nine-dhs-employees-fell-for-a-phishing-attack/ The personal information of over 645,000 Oregonians who signed up for benefits with the state’s Department of Human Services (DHS) was inadvertently exposed to hackers after nine DHS employees were fooled by phishing emails. The phishing attack happened on January 8, 2019, according to a news release from the Oregon DHS this week.

PoC Released for Outlook Flaw that Microsoft Patched 6 Month After Discovery

thehackernews.com/2019/06/microsoft-outlook-vulnerability.html As we reported two days ago, Microsoft this week released an updated version of its Outlook app for Android that patches a severe remote code execution vulnerability (CVE-2019-1105) that impacted over 100 million users. However, at that time, very few details of the flaw were available in the advisory, which just revealed that the earlier versions of the email app contained a cross-site scripting (XSS) flaw that could allow attackers to run scripts in the context of the current user just by sending a specially crafted email to the victims. Now, Bryan Appleby from F5 Networks, one of the security researchers who reported this issue independently to Microsoft, released more details and proof-of-concept for the Outlook vulnerability that he reported to the tech giant almost six months ago.. See also:

www.f5.com/labs/articles/threat-intelligence/how-i-hacked-the-microsoft-outlook-android-app-and-found-cve-2019-1105

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.