Sunday, February 28, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

NASA internal app leaked employee emails, project names

January 12, 2019
in Internet Security
NASA internal app leaked employee emails, project names
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

A NASA web app leaked details such as employee usernames, names, email addresses, and project names, ZDNet has learned today from bug hunter Avinash Jain.

The exposure originated from one of NASA’s Jira installations, a web app that most companies use for tracking projects or internal bugs and issues.

You might also like

Cybercrime groups are selling their hacking skills. Some countries are buying

Why would you ever trust Amazon’s Alexa after this?

Microsoft: We’ve open-sourced this tool we used to hunt for code by SolarWinds hackers

In a report detailing his finding published today and shared with ZDNet, Jain said the reason for the leak was Jira’s visibility controls, which a NASA system admin appears to have mixed up.

The issue is a well-known one and is related to Jira’s usage of the terms “Everyone” and “All users” for selecting user access rights. In the past, there have been many Jira admins who have mixed up the two terms by accidentally selecting “Everyone” when setting the visibility of various Jira sections. The “Everyone” permission grants access to anyone on the internet to the project tracker’s data, and not everyone in an organization, as some Jira admins might believe.

This is what appears to have happened with this particular NASA Jira installation as well. Jain says that various sections of this app were exposed online and accessible to anyone.

While the exposed data does not include highly-detailed personally-identifiable information (PII), an attacker could have used the leaked data to refine the targeting of spear-phishing emails, to targetgo after employees working on sensitive projects by spoofing the emails of known colleagues.


Image: Avinash Jain

Jain says he notified NASA and US-CERT of the leak on September 3, however, the leaky Jira instance was only fixed on September 25, more than three weeks later.

“They don’t seem to have a dedicated team working on responsible disclosure,” Jain told ZDNet today. The researcher says that NASA never replied to his emails, they didn’t notify him when they fixed the leaky server, nor did they bother to thank him for his report, although he did get a thank you from the US-CERT team.

This was Jain’s first time reporting a security issue to NASA, but the agency’s silence was not a surprise to other researchers who reported similar dead-wall experiences when disclosing security issues to NASA, ZDNet understands.

This doesn’t bode well for the agency, which less than a month ago notified employees of a major security breach during which intruders made off with the personal data of past and current employees.

A NASA spokesperson was not available for comment. However, the two security incidents don’t appear to be related.

The breach that NASA informed employees about last month also exposed Social Security numbers. This type of information wasn’t available on the Jira server that Jain discovered, which was a mere bug tracker for other NASA apps and projects.

More data breach coverage:


Credit: Source link

Previous Post

Real-time data processing just got more options: LinkedIn releases Apache Samza 1.0 streaming framework

Next Post

Introducción a los controladores distribuidos

Related Posts

Cybercrime groups are selling their hacking skills. Some countries are buying
Internet Security

Cybercrime groups are selling their hacking skills. Some countries are buying

February 28, 2021
Why would you ever trust Amazon’s Alexa after this?
Internet Security

Why would you ever trust Amazon’s Alexa after this?

February 28, 2021
Microsoft: We’ve open-sourced this tool we used to hunt for code by SolarWinds hackers
Internet Security

Microsoft: We’ve open-sourced this tool we used to hunt for code by SolarWinds hackers

February 27, 2021
Oxford University lab with COVID-19 research links targeted by hackers
Internet Security

Oxford University lab with COVID-19 research links targeted by hackers

February 27, 2021
Fastest VPN in 2021 | ZDNet
Internet Security

Fastest VPN in 2021 | ZDNet

February 27, 2021
Next Post
Introducción a los controladores distribuidos

Introducción a los controladores distribuidos

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Cybercrime groups are selling their hacking skills. Some countries are buying
Internet Security

Cybercrime groups are selling their hacking skills. Some countries are buying

February 28, 2021
New AI Machine Learning Reduces Mental Health Misdiagnosis
Machine Learning

Machine Learning May Reduce Mental Health Misdiagnosis

February 28, 2021
Why would you ever trust Amazon’s Alexa after this?
Internet Security

Why would you ever trust Amazon’s Alexa after this?

February 28, 2021
AI & ML Are Not Same. Here's Why – Analytics India Magazine
Machine Learning

AI & ML Are Not Same. Here's Why – Analytics India Magazine

February 27, 2021
Microsoft: We’ve open-sourced this tool we used to hunt for code by SolarWinds hackers
Internet Security

Microsoft: We’ve open-sourced this tool we used to hunt for code by SolarWinds hackers

February 27, 2021
Is Wattpad and its machine learning tool the future of TV? — Quartz
Machine Learning

Is Wattpad and its machine learning tool the future of TV? — Quartz

February 27, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Cybercrime groups are selling their hacking skills. Some countries are buying February 28, 2021
  • Machine Learning May Reduce Mental Health Misdiagnosis February 28, 2021
  • Why would you ever trust Amazon’s Alexa after this? February 28, 2021
  • AI & ML Are Not Same. Here's Why – Analytics India Magazine February 27, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates