Security News > 2021

Centrais Eletricas Brasileiras and Companhia Paranaense de Energia, two major electric utilities companies in Brazil have announced that they suffered ransomware attacks over the past week. Copel being the largest in the state of Paraná while Eletrobras is the largest power utility company in Latin America and also owns Eletronuclear, a subsidiary involved in the construction and operations of nuclear power plants.

Register reader "Jim" was the recipient of today's super-urgent callout, which occurred during his final week of paid employment ahead of a well-earned retirement. Describing himself as the resident PostgreSQL evangelist, he'd been given "The talk" by his boss and, like so many in the IT world, found his department was to be dissolved and the work sent abroad. Luckily, he was near enough to retirement to opt for a life not spent toiling under The Man and used his remaining six months of employment to wind things down.

We spend a lot of time each month discussing the technical details surrounding vulnerabilities, software updates, and the tools we use for patch management in our organizations. It is critical that these application owners and administrators have a direct and ongoing channel of communication with the security analysts and IT administrators to ensure they are in 'lock step' as they identify critical vulnerabilities, prioritize the patches, and execute the updates to protect their infrastructure.

Cisco has addressed a clutch of critical vulnerabilities in its small business and VPN routers that can be exploited by an unauthenticated, remote attacker to execute arbitrary code as the root user. Some of the affected devices are also Wi-Fi routers, so could well be in everyday use.

Despite small setbacks caused by COVID-19 that impacted the automotive industry at large, analysts predict electric vehicle demand will continue on its upward trajectory in 2021, driven by new models, improved batteries, more readily available charging infrastructure, new markets, and price parity with traditional gas-powered vehicles. As more countries adopt aggressive climate goals and announce plans to phase out gas-powered vehicles, demand for EVs will only continue to rise, jumping from 10% of vehicle sales to 58% by 2040.

Employees commonly and inadvertently compromise company data through poor password hygiene, accidental data sharing, improper technology use, phishing scams, and more. Some employees will also act maliciously, intentionally stealing company data for profit, retribution, or fun.

The report also revealed a 25% increase in ICS vulnerabilities disclosed compared to 2019, as well as a 33% increase from 1H 2020. During 2H 2020, 449 vulnerabilities affecting ICS products from 59 vendors were disclosed.

Enterprises average 2.5 root access keys per server analyzed. Root access keys provide the highest levels of access to machines; if a threat actor gains access to root privileges, they can access anything on a remote server, or on multiple servers if the server has been cloned.

Organizations of all sizes from a wide range of industries plan to join the API economy this year, and API testing and security were top concerns among survey respondents. Participation in the API economy is a priority across industries: Overall, 58% of executives said participating in the API economy was a top priority for their organization.

Otorio, a provider of OT security and digital risk management solutions, released an open-source tool designed for hardening the security of GE Digital's CIMPLICITY, one of the most commonly used HMI/SCADA systems. Over the past several months, Otorio's researchers worked closely with GE Digital engineers to deliver a first of its kind open-source tool designed to identify GE CIMPLICITY misconfigurations.