Orome1 shares a report from Help Net Security: IOActive security consultant Mario Ballano has discovered two critical cybersecurity vulnerabilities affecting Stratos Global’s AmosConnect communication shipboard platform. The platform works in conjunction with the ships’ satellite equipment, and integrates vessel and shore-based office applications, as well as provides services like Internet access for the crew, email, IM, position reporting, etc. The first vulnerability is a blind SQL injection in a login form. Attackers that successfully exploit it can retrieve credentials to log into the service and access sensitive information stored in it. The second one is a built-in backdoor account with full system privileges. “Among other things, this vulnerability allows attackers to execute commands with SYSTEM privileges on the remote system by abusing AmosConnect Task Manager, ” Bellano shared. The found flaws can be exploited only by an attacker that has access to the ship’s IT systems network, he noted, but on some ships the various networks might not be segmented, or AmosConnect might be exposed to one or more of them. The vulnerabilities were found in AmosConnect 8.4.0, and Stratos Global was notified a year ago. But Inmarsat won’t fix them, and has discontinued the 8.0 version of the platform in June 2017. Read more of this story at Slashdot.
More:
Critical Flaws In Maritime Communications System Could Endanger Entire Ships
An anonymous reader writes: Universal Music Group is being sued by HypeForType, which accuses the record label of using “pirated” copies of its fonts for the logo of The Vamps. The font is widely used for artwork, promotion material and merchandising of the popular British band, and the font creator is looking for a minimum of $1.25 million in damages. The font maker has filed a lawsuit accusing the major label of using its “Nanami Rounded” and “Ebisu Bold” fonts without permission. According to a complaint, filed in a New York federal court, Universal failed to obtain a proper license for its use, so they are essentially using pirated fonts. Read more of this story at Slashdot. 
Home Depot confirmed today that the company was, indeed, the victim of a large credit card breach reported by many customers last week. An estimated 60 million card numbers were stolen, which would make it the biggest such hack in retail history. Read more… 
Planes are giving passengers less and less leg room so it’s no surprise that quarrels break out between passengers over space. Yesterday, one such altercation got so heated that a plane was diverted to Chicago. And at the heart of the conflict? A nifty little device called the Knee Defender , which prevents seats from reclining. Read more… 
