Security News > 2021

On the heels of last week's lye-poisoning attack against a small water plant in Florida, the U.S. government's cybersecurity agency is pleading with critical infrastructure defenders to rip-and-replace Windows 7 from their networks as a matter of urgency. The government's latest appeal, issued via a joint advisory from the Cybersecurity and Infrastructure Security Agency, comes amidst reports that the remote hack of the water plant near Tampa Bay was being blamed on poor password hygiene and attacks on systems running Microsoft's out-of-service Windows 7 operating system.

This week the United States sentenced a Ukrainian man to prison for his involvement in a scheme to steal money from the bank accounts of U.S. victims and launder the funds to bank accounts overseas. The man, Aleksandr Musienko, 38, of Odessa, Ukraine, was extradited to the United States in 2019, after being arrested in South Korea.

These npm packages are identical to the proof-of-concept packages created by Alex Birsan, the researcher who had recently managed to infiltrate over major 35 tech firms and walk away with over six-figures in bug bounty rewards. Birsan tells BleepingComputer he is not behind these copycat "Research" packages, although he did admit to uploading a few more packages today under his real npm account.

These npm packages are identical to the proof-of-concept packages created by Alex Birsan, the researcher who had recently managed to infiltrate over major 35 tech firms and walk away with over six-figures in bug bounty rewards. Birsan tells BleepingComputer he is not behind these copycat "Research" packages, although he did admit to uploading a few more packages today under his real npm account.

The statement coincided with Accellion's own public acknowledgment that an ongoing vulnerability in FTA eventually led to an information compromise with Singtel and other customer systems. "The Accellion file transfer product used by Singtel is 20 years old, and continues to be used by many organizations in the financial, governmental and commercial sector to transfer large files, despite Accellion's offering of newer and more secure file-sharing solutions," Chloé Messdaghi, chief strategist, Point3 Security, said via email.

Russian internet and search company Yandex announced today that one of its system administrators had enabled unauthorized access to thousands of user mailboxes. The investigation revealed that the employee's actions led to the compromise of almost 5,000 Yandex email inboxes.

Russian internet and search company Yandex announced today that one of its system administrators had enabled unauthorized access to thousands of user mailboxes. The investigation revealed that the employee's actions led to the compromise of almost 5,000 Yandex email inboxes.

Improperly generated ISNs in nine TCP/IP stacks could be abused to hijack connections to vulnerable devices, according to new research from Forescout. TCP/IP stacks are critical components that provide basic network connectivity for a broad range of devices, IoT and OT included, and which process all incoming frames and packets.

Researchers say they found several stolen and leaked credentials for a Florida water-treatment plant, which was hacked last week. Researchers at CyberNews said they found 11 credential pairs linked to the Oldsmar water plant, in a 2017 compilation of stolen breach credentials.

The device at the heart of the controversy was essentially a Raspberry Pi in a fancy enclosure, as Laurens Leemans of SignIPS, who analysed a sample Footfallcam 3D Plus product, told The Register. Footfallcam responded to this by setting up a bunch of Twitter accounts to hurl accusations of extortion at him and SignIPS. Kao later acknowledged these accounts originated from the company and blamed them on "One of our employees," adding: "It's not upon our management. It's definitely not me nor Edward. It is an immature behaviour by an immature person. You know, I couldn't tell you names, but it's one of the engineers."