[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Email based attack on University

On 10/2/19, Henning Follmann <hfollmann@itcfollmann.com> wrote:
> On Wed, Oct 02, 2019 at 10:40:34AM +0100, Jeremy Nicoll wrote:
>> On Wed, 2 Oct 2019, at 10:03, Keith Bainbridge wrote:
>>
>> > Details are at
>> >
>> > https://www.abc.net.au/news/2019-10-02/anu-cyber-hack-how-personal-information-got-out/11550578
>> > https://www.abc.net.au/news/2019-10-02/the-sophisticated-anu-hack-that-compromised-private-details/11566540
>>
>> It seems to me that everything follows from whatever access the initial
>> 'unclicked email' malware
>> gave to the hackers.
>>
>> But how can malware jump from an email that's not "clicked", into some
>> part of the university's
>> systems?
>
> Well, somebody is not telling the truth.

With so much left out of the public report, lying hardly seems necessary.

Take a look at
  https://portal.msrc.microsoft.com/en-us/security-guidance
select severity: critical & remote code execution, security feature
bypass & information disclosure inpacts.
Which security patches seem applicable here?

>> Unless... the email was being viewed via a webmail system running on a
>> server not owned by the
>> university?

What if the email was being viewed via webmail using Windows Internet Explorer?

Regards,
Lee
Reply to: