On Kryptera.se, writes the IT security specialist Jonas Lejon who has worked with encryption and qualified IT security for over 18 years. The site is independent and non-profit.
Jonas is one of Sweden's foremost experts in cyber security. Feel free to contact him on telephone number 010 1889848 or firstname.lastname@example.org if your organization needs help with cyber security. You can also contact me on LinkedIn or Twitter.
This article has been reposted with permission from Jonas Lejon.
Ubiquiti hacked - the extent of the breach is still unclear
Yesterday I received an email that the American company Ubiquiti has been hacked. Ubiquiti is i.a. one of the world's largest manufacturers of base devices for WiFi communication. The email contains relatively little information because the company states that they do not know the extent yet.
Although it has been a long time since I myself used Ubiquiti's cloud service, I assume that it is entirely possible to gain access to the local network via Ubiquiti's central service, hence this is extra serious. I can also imagine that DNS can be reconfigured, firmware can be changed, etc.
What appears in the email is that the username, hashed password, address and telephone number may have been leaked. It also appears that this is a third-party supplier where the leak must have taken place.
The mailing has also been confirmed by Ubiquiti themselves, see forum thread here (via the Security Bubble). The mailing went via Mailchimp and used i.a. tracking links, which made it initially difficult to determine the authenticity of the email.