Security News

U.S. Gov Warning on Water Supply Hack: Get Rid of Windows 7
2021-02-12 18:24

On the heels of last week's lye-poisoning attack against a small water plant in Florida, the U.S. government's cybersecurity agency is pleading with critical infrastructure defenders to rip-and-replace Windows 7 from their networks as a matter of urgency. The government's latest appeal, issued via a joint advisory from the Cybersecurity and Infrastructure Security Agency, comes amidst reports that the remote hack of the water plant near Tampa Bay was being blamed on poor password hygiene and attacks on systems running Microsoft's out-of-service Windows 7 operating system.

Florida Water Plant Hack: Leaked Credentials Found in Breach Database
2021-02-12 15:34

Researchers say they found several stolen and leaked credentials for a Florida water-treatment plant, which was hacked last week. Researchers at CyberNews said they found 11 credential pairs linked to the Oldsmar water plant, in a 2017 compilation of stolen breach credentials.

Industry Reactions to U.S. Water Plant Hack: Feedback Friday
2021-02-12 13:44

The attack, which targeted the water supply in Oldsmar, a small city in Florida, was discovered by staff at the plant - they noticed the mouse moving on the screen - and they rushed to take action before any damage was caused. The attackers breached the facility via TeamViewer, which staff had been using to monitor systems remotely and respond to issues related to the water treatment process.

Poor Password Security Led to Recent Water Treatment Facility Hack
2021-02-11 21:32

New details have emerged about the remote computer intrusion at a Florida water treatment facility last Friday, highlighting a lack of adequate security measures needed to bulletproof critical infrastructure environments. The breach involved an unsuccessful attempt on the part of an adversary to increase sodium hydroxide dosage in the water supply to dangerous levels by remotely accessing the SCADA system at the water treatment plant.

What’s most interesting about the Florida water system hack? That we heard about it at all.
2021-02-10 22:13

Stories about computer security tend to go viral when they bridge the vast divide between geeks and luddites, and this week's news about a hacker who tried to poison a Florida town's water supply was understandably front-page material. "A supervisor working remotely saw the concentration being changed on his computer screen and immediately reverted it, Gualtieri said. City officials on Monday emphasized that several other safeguards are in place to prevent contaminated water from entering the water supply and said they've disabled the remote-access system used in the attack."

Supply-Chain Hack Breaches 35 Companies, Including PayPal, Microsoft, Apple
2021-02-10 13:49

These installers-such as Python Package Index for Python or npm and the npm registry for Node-are usually tied to public code repositories where anyone can freely upload code packages for others to use, Birsan noted. Birsan decided to answer this question last summer while attempting to hack PayPal with another ethical hacker, Justin Gardner, who shared with him "An interesting bit of Node.js source code found on GitHub," Birsan said.

Hack Exposes Vulnerability of Cash-Strapped US Water Plants
2021-02-10 02:02

A hacker's botched attempt to poison the water supply of a small Florida city is raising alarms about just how vulnerable the nation's water systems may be to attacks by more sophisticated intruders. The nation's 151,000 public water systems lack the financial fortification of the corporate owners of nuclear power plants and electrical utilities.

Researcher hacks over 35 tech firms in novel supply chain attack
2021-02-09 18:04

A researcher managed to breach over 35 major companies' internal systems, including Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, and Uber, in a novel software supply chain attack. Unlike traditional typosquatting attacks that rely on social engineering tactics or the victim misspelling a package name, this particular supply chain attack is more sophisticated as it needed no action by the victim, who automatically received the malicious packages.

Researcher hacks Microsoft, Apple, more in novel supply chain attack
2021-02-09 18:04

A researcher managed to breach over 35 major companies' internal systems, including Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, and Uber, in a novel software supply chain attack. Unlike traditional typosquatting attacks that rely on social engineering tactics or the victim misspelling a package name, this particular supply chain attack is more sophisticated as it needed no action by the victim, who automatically received the malicious packages.

Cyberpunk 2077 Video Game Developer Hit by Hack Attack
2021-02-09 15:47

Polish video game maker CD Projekt RED, the company behind The Witcher and Cyberpunk 2077, said Tuesday hackers had stolen data in a "Targeted cyber attack". "An unidentified actor gained unauthorized access to our internal network, collected certain data belonging to CD PROJEKT capital group, and left a ransom note," the company said on Twitter.