📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #06/2024 is out! It includes the following and much more:
➝ 🔓 #Juniper Support Portal Exposed Customer Device Info
➝ 🔓 🇹🇭 Major #DataBreach in #Thailand Exposes Personal Data of 20 Million Elderly Citizens
➝ 🔓 🇫🇷 Millions at risk of fraud after massive health data hack in #France
➝ 🔓 🇺🇸 #Verizon employee inadvertently leaks data of 63 thousand colleagues
➝ 🔓 🖥️ #AnyDesk Hacked: Revokes Passwords, Certificates in Response
➝ 🔓 🇺🇸 #Clorox says #cyberattack caused $49 million in expenses
➝ 💸 📈 #Ransomware Payments Exceed $1 Billion in 2023, Hitting Record High After 2022 Decline
➝ 🇺🇸 💰 US offers $10 million for tips on #Hive ransomware leadership
➝ 🇨🇳 🇺🇸 #China-backed Volt Typhoon hackers have lurked inside US #criticalinfrastructure for ‘at least five years’
➝ 🇨🇳 🇳🇱 Chinese Hackers Exploited #FortiGate Flaw to Breach Dutch #Military Network
➝ 🇮🇷 🇮🇱 #Iran accelerates cyber ops against #Israel from chaotic start
➝ 🇧🇾 🇺🇸 Belarusian National Linked to BTC-e Faces 25 Years for $4 Billion #Crypto Money Laundering
➝ 🇭🇰 💸 #Finance worker pays out $25 million after video call with #deepfake ‘chief financial officer’
➝ 🇺🇦 #ukraine is Creating a ‘Cyber Diplomat’ Post
➝ 🇩🇰 #Denmark orders schools to stop sending student data to #Google
➝ 🇪🇺 ⚖️ #EU proposes criminalizing AI-generated child sexual abuse and deepfakes
➝ 🇳🇱 💰 #Uber Fined 10 Million Euros by Dutch Data Regulator
➝ 🇺🇸 🛂 US to Roll Out Visa Restrictions on People Who Misuse #Spyware to Target Journalists, Activists
➝ 🦠 💬 Raspberry Robin #Malware Upgrades with #Discord Spread and New Exploits
➝ 🦠 🍎 New #macOS Backdoor Linked to Prominent Ransomware Groups
🦠 🪥 Surprising 3 Million Hacked #Toothbrushes Story Goes Viral—Is It True?
➝ 🇨🇦 🐬 #Canada declares #FlipperZero public enemy No. 1 in car-theft crackdown
➝ 🩹 #Ivanti: Patch new Connect Secure auth bypass bug immediately
➝ 🐛 📍 Security flaw in a popular smart helmet allowed silent location tracking
➝ 🩹 Critical Patches Released for New Flaws in #Cisco, #Fortinet, #VMware Products
➝ 🐛 🐧 Critical Boot Loader #Vulnerability in Shim Impacts Nearly All #Linux Distros
➝ 🐛 ✈️ #Airbus App Vulnerability Introduced Aircraft Safety Risk
➝ 🩹 #QNAP Patches High-Severity Bugs in QTS, Qsync Central
--
📚 This week's recommended reading is: "x86 Software Reverse-Engineering, Cracking, and Counter-Measure" by Stephanie Domas & Christopher Domas
--
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
China is hacking Wi-Fi routers for attack on US electrical grid and water supplies, FBI warns. Hacks likened to “placing bombs in water treatment facilities, and power plants”
Worst idea ever? Using Windows 98 as an embedded operating system for an oscilloscope. It takes five minutes for the oscilloscope to boot. DID YOU NOT NOTICE THAT, TEKTRONIX? Anyway... Yeah. I fell sorry for the engineer who had to implement that idea. #RetroTechnology#EmbeddedSystems#BadIdea#Windows98
The ease with which we leave #criticalinfrastructure like our water supply systems open to Internet hacking reads like an article from The Onion, but it’s reality.
Another hack against a #water utility, this time in Ireland.
As an aside, the article calls out “Eurotronics” Israeli-made water pump system, but I’m having trouble finding a “Eurotronics” PLC or electronics manufacturer based in Israel. Possibly a misinterpretation of “Unitronics”? I see a Eurotronics circuit board manufacturer based in Belgium, but that doesn’t seem quite right. “Eurotronix” appears to be based in Spain. So 🤷♀️
Polish hackers figured out that a train manufacturer had programmed its trains to break down after certain dates, or if they were serviced at another company's workshop.
Also OS/1337 intents to be fully transparent in the sense that it can be used for #CriticalInfrastructure by virtue of being fully-automateable "#BuildFromSource" so on fully #airgapped systems and networks it can be deployed after it went through the ardourous #audit pipeline said users demand.
Daixin Team leaked the rest of the North Texas Municipal Water District data. As they had indicated to me, there doesn't seem to be residents' data in the dump. It is mostly internal documents, but some of the files do have employee info.
As a reminder: thankfully, they did not hit the water supply system.
A #PumpStation in #Aliquippa#Pennsylvania was hacked by #IranianHackers simply because they used electronics made in #Israel. Obviously, they were just probing to gain #intel for a future attack against a larger critical infrastructure target. Thankfully, no one was hurt, and the town's water supply isn't tainted. The #hackers even threatened that "Israel-made gear is fair game" pointing to continued aggressions.
Woke up to an advisory from #CISA on #UnitronicPLCs using in Water and Wastewater Systems: Cyber threat actors are targeting #PLCs associated with #WWS facilities, including an identified Unitronics PLC, at a U.S. water facility.