Do you know about all equipment connected in you operation, really?

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Pen Test Partners has a great blog-post about one of their recent adventures.

This is a little bit out of the normal scenario for many, but this is regarding a finding they did on a ship. This is a good reminder to all to cover critical control number 1, inventory and control of hardware assets. It is not so easy to track this down on the spot when you got unlabeled shielded cables and deck penetration to deal with, no known paperwork or invoices related to the thing they found. They have a nice write up of what they did, what considerations they had to make.

Spoiler: In the end they figure out it is an outdated Windows machine, complete with TeamViewer installed, originating from a contract that had been expired for several years. And this machine had direct connection to the main engine of the ship.

Top 5 Security News
Sudo vulnerability discovered in Linux (CVE-2019-14287)
Cozy Bear Russian Hackers Spotted After Staying Undetected for Years
Researchers at Adaptive Mobile security release report concerning SimJacker attacks
What Your Personal Information is Worth to Cybercriminals
Help! I bought a domain and ended up with a stranger’s PayPal! And I can’t give it back

 

Photo by Vidar Nordli-Mathisen on Unsplash