A #PumpStation in #Aliquippa#Pennsylvania was hacked by #IranianHackers simply because they used electronics made in #Israel. Obviously, they were just probing to gain #intel for a future attack against a larger critical infrastructure target. Thankfully, no one was hurt, and the town's water supply isn't tainted. The #hackers even threatened that "Israel-made gear is fair game" pointing to continued aggressions.
Woke up to an advisory from #CISA on #UnitronicPLCs using in Water and Wastewater Systems: Cyber threat actors are targeting #PLCs associated with #WWS facilities, including an identified Unitronics PLC, at a U.S. water facility.
#DaixinTeeam gave me some additional info on this one. From what I have been able to determine and from the NTMWD's statement to DataBreaches.net, Daixin did not hit the water supply system, but got the business system.
But this is the second municipal water district attack in about a week. The first was politically motivated, or so the attackers claimed. This one is allegedly financially motivated.
Denmark's CERT (SektorCERT) reported that 22 companies that operate parts of Danish energy infrastructure were compromised in a May 2023 coordinated attack, linked to SANDWORM actors. Sandworm is a state-sponsored APT publicly attributed to Russian General Staff Main Intelligence Directorate’s Russian (GRU’s) Main Centre for Special Technologies (GTsST) by the U.S. government. The attackers leveraged a Zyxel vulnerability CVE-2023-28771 (9.8 critical) to gain control of the firewall. SektorCERT's incident response report includes a detailed analysis and timeline of the attack, recommendations and IOC. Link:https://media.licdn.com/dms/document/media/D4D1FAQG-Qsry8BH9dg/feedshare-document-pdf-analyzed/0/1699785104486?e=1700697600&v=beta&t=icNMQ-rDYgeSojoaax-1KpC7YrCF7MVtkrDClSFiKIY
"Hackers potentially linked to the Russian GRU Main Intelligence Directorate carried out a series of highly coordinated cyberattacks targeting Danish critical infrastructure in the nation's largest cyber incident on record, according to a new report.
SektorCERT, a nonprofit cybersecurity center for critical sectors in Denmark, reported that attackers gained access to the systems of 22 companies overseeing various components of Danish energy infrastructure in May. The report published Sunday says hackers exploited zero-day vulnerabilities in Zyxel firewalls, which many Danish critical infrastructure operators use to protect their networks."
We're watching Secret City on Netflix. In episode 4, the air traffic control radio system is shut down by hackers. There is no clearer illustration of the dangers of using Software Defined Radio (SDR) for critical infrastructure systems and public safety systems. Traditional radio systems can be jammed at their specific geographic location, but they can't be compromised by someone sitting at a computer terminal in a hostile nation 5,000 miles away.
(Preemptive reply to the highly technical people who will feel like correcting me and saying, "But Bob, SDR can be done without an Internet connection." Yes, of course, but it almost never is. The large SDR systems are sold with centralized management as part of the package, and every agency wants to save money on administration. If you can tell me about a critical infrastructure SDR system that isn't centrally managed, I'll be overjoyed).
"The European Union's Cyber Resilience Act's requirement to disclose vulnerabilities within 24 hours of exploitation could potentially expose organizations to attacks from adversaries or government surveillance."
Also I think #CriticalInfrastructure should mandate #OpenSourceHardware and #OpenSourceSoftware for everything wothout exceptioms, including the requirement to provide free, unrestructed and non-paywalled #APIs that are dpculented to interface with required systems.
Whenever I see comments like this about #Wayland I always have to ask, who do you think would be developing this new protocol? Every single #Linux graphics developers agrees that Wayland is where we're going, the problem is nobody agrees on how it should look
@rdfhrn@BrodieOnLinux#HPUX and #Solaris are rounding errors AFAICT both are only on life support due to existing contracts and not because #HPE or #Oracle actually want to improve them.
That being said I've seen Solaris & HP-UX in #CriticalInfrastructure (sadly can't say where due to NDAs!) but not as a #Desktop, so I'm pretty shure they don't even have #Xorg installed at all...
If you have your users access critical systems like infrastructure or anything that in case of a breach could result in a catastrophe for your organization
For the love of god don't use passwords
Use certificates, hardware-based passwordless factors, and maybe then also passwords