Security News
On the heels of last week's lye-poisoning attack against a small water plant in Florida, the U.S. government's cybersecurity agency is pleading with critical infrastructure defenders to rip-and-replace Windows 7 from their networks as a matter of urgency. The government's latest appeal, issued via a joint advisory from the Cybersecurity and Infrastructure Security Agency, comes amidst reports that the remote hack of the water plant near Tampa Bay was being blamed on poor password hygiene and attacks on systems running Microsoft's out-of-service Windows 7 operating system.
Researchers say they found several stolen and leaked credentials for a Florida water-treatment plant, which was hacked last week. Researchers at CyberNews said they found 11 credential pairs linked to the Oldsmar water plant, in a 2017 compilation of stolen breach credentials.
The attack, which targeted the water supply in Oldsmar, a small city in Florida, was discovered by staff at the plant - they noticed the mouse moving on the screen - and they rushed to take action before any damage was caused. The attackers breached the facility via TeamViewer, which staff had been using to monitor systems remotely and respond to issues related to the water treatment process.
New details have emerged about the remote computer intrusion at a Florida water treatment facility last Friday, highlighting a lack of adequate security measures needed to bulletproof critical infrastructure environments. The breach involved an unsuccessful attempt on the part of an adversary to increase sodium hydroxide dosage in the water supply to dangerous levels by remotely accessing the SCADA system at the water treatment plant.
Stories about computer security tend to go viral when they bridge the vast divide between geeks and luddites, and this week's news about a hacker who tried to poison a Florida town's water supply was understandably front-page material. "A supervisor working remotely saw the concentration being changed on his computer screen and immediately reverted it, Gualtieri said. City officials on Monday emphasized that several other safeguards are in place to prevent contaminated water from entering the water supply and said they've disabled the remote-access system used in the attack."
These installers-such as Python Package Index for Python or npm and the npm registry for Node-are usually tied to public code repositories where anyone can freely upload code packages for others to use, Birsan noted. Birsan decided to answer this question last summer while attempting to hack PayPal with another ethical hacker, Justin Gardner, who shared with him "An interesting bit of Node.js source code found on GitHub," Birsan said.
A hacker's botched attempt to poison the water supply of a small Florida city is raising alarms about just how vulnerable the nation's water systems may be to attacks by more sophisticated intruders. The nation's 151,000 public water systems lack the financial fortification of the corporate owners of nuclear power plants and electrical utilities.
A researcher managed to breach over 35 major companies' internal systems, including Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, and Uber, in a novel software supply chain attack. Unlike traditional typosquatting attacks that rely on social engineering tactics or the victim misspelling a package name, this particular supply chain attack is more sophisticated as it needed no action by the victim, who automatically received the malicious packages.
A researcher managed to breach over 35 major companies' internal systems, including Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, and Uber, in a novel software supply chain attack. Unlike traditional typosquatting attacks that rely on social engineering tactics or the victim misspelling a package name, this particular supply chain attack is more sophisticated as it needed no action by the victim, who automatically received the malicious packages.
Polish video game maker CD Projekt RED, the company behind The Witcher and Cyberpunk 2077, said Tuesday hackers had stolen data in a "Targeted cyber attack". "An unidentified actor gained unauthorized access to our internal network, collected certain data belonging to CD PROJEKT capital group, and left a ransom note," the company said on Twitter.