A report published this week by the NASA Office of Inspector General
reveals that in April 2018 hackers breached the agency’s network and
stole approximately 500 MB of data related to Mars missions.
The point of entry was a Raspberry Pi device that was connected to the IT network of the NASA Jet Propulsion Laboratory (JPL) without authorization or going through the proper security review.
Web-based DNA sequencer applications are under attack from a
mysterious hacker group using a still-unpatched zero-day to take control
of targeted devices.
The attacks have started two days ago, on June 12, and are still going on, according to Ankit Anubhav, a security researcher with NewSky Security, who shared his findings with ZDNet.
Anubhav says the group, which operates from an Iran-based IP address, has been scanning the internet for dnaLIMS, a web-based application installed by companies and research institutes to handle DNA sequencing operations.
The researcher told ZDNet the hacker is exploiting CVE-2017-6526, a vulnerability in dnaLIMS that has not been patched to this day after the vendor was notified back in 2017.
A young Czech bug hunter has found a security flaw in one of Google’s backend apps. If exploited by a malicious threat actor, the bug could have allowed hackers a way to steal Google employee cookies for internal apps and hijack accounts, launch extremely convincing spear-phishing attempts, and potentially gain access to other parts of Google’s internal network.
This attack vector was discovered by security researcher Thomas Orlita in February, this year, and has been patched in mid-April, but only now made public.
ASCO, one of the world’s largest suppliers of airplane parts, has ceased production in factories across four countries due to a ransomware infection reported at its plant in Zaventem, Belgium.
As a result of having IT systems crippled by the ransomware infection, the company has sent home approximately 1,000 of its 1,400 workers.
Microsoft’s security researchers have issued a warning on Friday
afternoon about an ongoing spam wave that is spreading emails carrying
malicious RTF documents that infect users with malware without user
interaction, once users open the RTF documents.
Microsoft said the spam wave appears to target European users, as the emails are sent in various European languages.
For more than two hours on Thursday, June 6, a large chunk of
European mobile traffic was rerouted through the infrastructure of China
Telecom, China’s third-largest telco and internet service provider
The incident occurred because of a BGP route leak at Swiss data center colocation company Safe Host, which accidentally leaked over 70,000 routes from its internal routing table to the Chinese ISP.
The Border Gateway Protocol (BGP), which is used to reroute traffic at the ISP level, has been known to be problematic to work with, and BGP leaks happen all the time.
there are safeguards and safety procedures that providers usually set
up to prevent BGP route leaks from influencing each other’s networks.
But instead of ignoring the BGP leak, China Telecom re-announced Safe Host’s routes as its own, and by doing so, interposed itself as one of the shortest ways to reach Safe Host’s network and other nearby European telcos and ISPs.
The German Federal Office for Information Security (or the Bundesamt
für Sicherheit in der Informationstechnik — BSI) has issued security
alerts today warning about dangerous backdoor malware found embedded in
the firmware of at least four smartphone models sold in the country.
Impacted models include the Doogee BL7000, the M-Horse Pure 1, the Keecoo P11, and the VKworld Mix Plus (malware present in the firmware, but inactive). All four are low-end Android smartphones.
Russian authorities have moved closer to implementing their plan of replacing the Windows OS on military systems with a locally-developed operating system named Astra Linux.
Last month, the Russian Federal Service for Technical and Export Control (FSTEC) granted Astra Linux the security clearance of “special importance,” which means the OS can now be used to handle Russian government information of the highest degree of secrecy.
At least one Chinese hacking crew is currently scanning the internet
for Windows servers that are running MySQL databases so they can infect
these systems with the GandCrab ransomware.
These attacks are somewhat unique, as cyber-security firms have not seen any threat actor until now that has attacked MySQL servers running on Windows systems to infect them with ransomware.