Sign in / up

back to article US Cyber Command warns that the Outlook is not so good - Iranians hitting email flaw

An ongoing Iranian government-backed hacking campaign is now trying to exploit a Microsoft Outlook flaw from 2017. The US Cyber Command has issued an alert that hackers have been actively going after CVE-2017-11774. The flaw is a sandbox escape bug in Outlook that allows an attacker who already possesses the victim's Outlook …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    Are they sure it's the Iranian's?

    The example Cyber Command gave of a malicious delivery address is from Massachusetts.

    (Sorry, no joke icon as Anon)

    3 0 Reply
  2. sanmigueelbeer
    Pint

    C'mon. The Iranians are just trying to "send a message'.

    8 0 Reply
  3. Potemkine! Silver badge
    Holmes

    Bad iranians, bad!

    I guess that in the same time the US does not try to hack every Iranian device with an embedded chipset , does it?

    6 3 Reply
    1. Pascal Monett Silver badge
      Reply Icon

      Re: Bad iranians, bad!

      Well, the thing is, the US is quick to point out how much other countries are wreaking havoc, but it is veeery quiet on what the NSA is doing abroad.

      Not to excuse foreign hackers, but I have a feeling that they're just giving back, so to speak.

      8 2 Reply
    2. Claptrap314 Silver badge
      Reply Icon

      Re: Bad iranians, bad!

      And? The US government is warning US businesses (and everyone else) about an active cyberattack. From the story, they are not even directly blaming Iran.

      Certainly, the offensive arm of the cybercommand is doing its job. What is your point?

      2 1 Reply
      1. Potemkine! Silver badge
        Reply Icon

        Re: Bad iranians, bad!

        My point is this information is another element in the story the US is building to start a war with Iran, as it did with Iraq 16 years ago. Depicting them as bad guys, as if the US was a lilly-white angel regarding attacks against foreign countries, even allied ones.

        7 4 Reply
        1. Claptrap314 Silver badge
          Reply Icon

          Re: Bad iranians, bad!

          Except that they did NOT blame Iran! Or Iran's hacking teams! Others are suggesting that.

          1 0 Reply
      2. martinusher Silver badge
        Reply Icon

        Re: Bad iranians, bad!

        The US federal government is currently cultivating a paranoid Cold War mindset to sell an interventionist agenda. It might pass muster in the heartlands but where things are a little bit more diverse it sounds quite racist. The Federal government is currently about as functional as the UK government -- they're both captive to commercial interests and have absolutely no interest in furthering the welfare of their people, its just getting, retaining and using power that's important.

        Yes, there is a lot of software out there that's vulnerable. Ultimately its the price we pay for allowing our world to be dominated by remote execution -- "to enhance the user experience". We have to tolerate this to monetize websites, to allow users to be tracked and generally keep the wheels of commerce greased. Currently the biggest headache is ransomware. The biggest nuisance is robocalls and the scams that they perpetuate. Iranians come far, far, down the list of problems.

        0 2 Reply
  4. Blockchain commentard

    Can you apply a patch Microsoft released nearly 2 years ago? Hmmm.

    2 0 Reply
    1. Kevin Johnston
      Reply Icon

      Don't forget that it is not unusual for patches/updates released by Microsoft to not be perfect on the first attempt (or 2nd/3rd/4th etc) so you just have to weigh the risks of avoiding the early adoptor route

      2 1 Reply
  5. Herby

    Now where is the patch for.....

    That Windows XP machine that is still being used by my bank... Fixed two years ago, we can't do that...

    Oh, yes, I don't use any Microsoft products at home. Work, another matter (*SIGH*).

    2 2 Reply
    1. bombastic bob Silver badge
      Reply Icon
      Unhappy

      Re: Now where is the patch for.....

      maybe at some point, perhaps the near future, people will realize the INsecurity of using 'Virus Outbreak' aka 'MS Outlook' for e-mail...

      Or even LESS likely, Micro-shaft produces something WITHOUT exploitable security craters built in.

      'Virus Outbreak' has been one of the WORST applications for SECURITY CRATERS, *EVAR*. Why are people still using this steaming pile of excrement, again?

      0 1 Reply
  6. MrKrotos

    ?

    Whats with the picture of Matt Berry?

    0 0 Reply
    1. fgduarte
      Reply Icon

      Re: ?

      Did you not read the caption? and I quote "No, Douglas. It's not malware from "a man""

      0 0 Reply
      1. aks
        Reply Icon

        Re: ?

        Still no clue. Who's Matt Berry? Is this a catchphrase?

        0 1 Reply
        1. fgduarte
          Reply Icon

          Re: ?

          Okay, fine, here it is:

          https://www.youtube.com/watch?v=g2KsZHRrFpU

          0 0 Reply
  7. Aussie Doc
    Coat

    I wonder...

    If it's the Iranians and they email Trump directly, will there be hell toupee?

    I'll get my coat.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like