Week in Review: Issue #2

Issue #2 of Jason’s Week in Review, a consolidated source of news I found interesting over the past week.

• https://github.com/oskarsve/ms-teams-rce - Zero-click, wormable, cross-platform remote code execution in Microsoft Teams. Opening a message from an attacker is all that is necessary to remotely execute code on the victims computer.
• https://arstechnica.com/tech-policy/2020/12/spacex-gets-886-million-from-fcc-to-subsidize-starlink-in-35-states/ -SpaceX has been awarded $885.51 million by the Federal Communications Commission to provide Starlink broadband to 642,925 rural homes and businesses in 35 states.
• https://lists.centos.org/pipermail/centos-announce/2020-December/048208.html - CentOS is making a significant shift from their current OS offering. Instead of producing a production clone of RedHat Linux, after 2021 CentOS Linux 8, will cease as a rebuild of RHEL 8. CentOS Stream continues after that date, serving as the upstream (development) branch of Red Hat Enterprise Linux. In laymen’s terms, CentOS will no longer be a stable RedHat clone.
• https://arstechnica.com/information-technology/2020/12/default-password-in-radiology-devices-leaves-healthcare-networks-open-to-attack/ - Dozens of radiology products from GE Healthcare contain a critical vulnerability that threatens the networks of hospitals and other health providers that use the devices, officials from the US government and a private security firm said on Tuesday. The devices—used for CT scans, MRIs, X-Rays, mammograms, ultrasounds, and positron emission tomography—use a default password to receive regular maintenance. The passwords are available to anyone who knows where on the Internet to look.
• https://blog.youtube/news-and-events/supporting-the-2020-us-election - Youtube will start blocking misinformation by removing any piece of content uploaded that misleads people by alleging widespread fraud or errors changed the outcome of the 2020 U.S.
• https://arstechnica.com/science/2020/12/starship-rises-high-performs-a-flawless-flip-but-doesnt-quite-stick-the-landing/, https://www.spacex.com/vehicles/starship/, https://www.youtube.com/watch?v=ap-BkkrRg-o - On Wednesday, December 9, Starship serial number 8 (SN8) lifted off from our Cameron County launch pad and successfully ascended, transitioned propellant, and performed its landing flip maneuver with precise flap control to reach its landing point. SpaceX’s Starship spacecraft and Super Heavy rocket (collectively referred to as Starship) represent a fully reusable transportation system designed to carry both crew and cargo to Earth orbit, the Moon, Mars and beyond.
• https://2020.kringlecon.com/❄🎁⛄🎄🎅❄, https://www.youtube.com/watch?v=8e0SZrbWFuU - KringleCon3, the 2020 SANS Holiday Hack Challenge, is officially open this week.