Security News

A former Kansas utility worker has been charged with remotely tampering with a public water system's cleaning procedures, highlighting the difficulty smaller utilities face in protecting against hackers. Wyatt Travnichek, 22, was charged last month with remotely accessing the Post Rock Rural Water District's systems in March 2019, about two months after he quit his job with the utility.

A group of security researchers known as the Secret Club took to Twitter to report a remote code execution bug in the Source 3D game engine developed by Valve and used for building games with tens of millions of unique players. Exceptions are games built with Source 2 or those that run a modified version of the Source engine, like Titanfall.

On the first day of the Pwn2Own 2021 hacking competition, participants earned more than half a million dollars, including $440,000 for demonstrating exploits against Microsoft products. The competition's organizer, Trend Micro's Zero Day Initiative, said there were seven attempts on the first day and five of them were successful.

From the Facebook data samples seen by BleepingComputer, almost every user record had a mobile phone number, a Facebook ID, a name, and the member's gender associated with it. Facebook has shed some light on the recent data leak comprising 533 million Facebook user profiles, data from which was posted on a hacker forum last week.

A 22-year-old man from the U.S. state of Kansas has been indicted on charges that he unauthorizedly accessed a public water facility's computer system, jeopardizing the residents' safety and health in the local community. Wyatt A. Travnichek, 22, of Ellsworth County, Kansas, has been charged with one count of tampering with a public water system and one count of reckless damage to a protected computer during unauthorized access, according to the Department of Justice.

Lukasz Olejnik has a good essay on hacking weapons systems. Basically, there is no reason to believe that software in weapons systems is any more vulnerability free than any other software.

A former CIA employee cannot get espionage charges against him dismissed on the grounds that there weren't enough Hispanic or Black individuals on the grand jury that indicted him, a judge ruled Wednesday. U.S. District Judge Paul A. Crotty issued his ruling in the case against Joshua Schulte, finding that there was nothing illegal about a suburban grand jury in White Plains returning the indictment during the coronavirus pandemic rather than a grand jury in Manhattan that normally would have done so.

MangaDex, the online repository of manga animation comics, will be closed until further notice following a hacking incident. The attacker's likely motivation was to cause "Maximum disruption" to the site, according to MangaDex.

Cybersecurity researchers on Sunday disclosed multiple critical vulnerabilities in remote student monitoring software Netop Vision Pro that a malicious attacker could abuse to execute arbitrary code and take over Windows computers. The vulnerabilities, tracked as CVE-2021-27192, CVE-2021-27193, CVE-2021-27194, and CVE-2021-27195, were reported to Netop on December 11, 2020, after which the Denmark-based company fixed the issues in an update released on February 25.

Project Zero, Google's zero-day bug-hunting team, discovered a group of hackers that used 11 zero-days in attacks targeting Windows, iOS, and Android users within a single year. The Project Zero team revealed that the hacking group behind these attacks ran two separate campaigns, in February and October 2020.