Latest News

2021/02/12

Poor Password Security Led to Recent Water Treatment Facility Hack

New details have emerged about the remote computer intrusion at a Florida water treatment facility last Friday, highlighting a lack of adequate security measures needed to bulletproof critical infrastructure environments.

The breach involved an unsuccessful attempt on the part of an adversary to increase sodium hydroxide dosage in the water supply to dangerous levels by remotely accessing the SCADA system at the water treatment plant. The system's plant operator, who spotted the intrusion, quickly took steps to reverse the command, leading to minimal impact.

Now, according to an advisory published on Wednesday by the state of Massachusetts, unidentified cyber actors accessed the supervisory control and data acquisition (SCADA) system via TeamViewer software installed on one of the plant's several computers that were connected to the control system.
2021/02/08

Google Chrome Zero-Day Afflicts Windows, Mac Users

Google warns of a zero-day vulnerability in the V8 open-source engine that’s being actively exploited by attackers.

Google is warning of a zero-day vulnerability in its V8 open-source web engine that’s being actively exploited by attackers.

A patch has been issued in version 88 of Google’s Chrome browser — specifically, version 88.0.4324.150 for Windows, Mac and Linux. This update will roll out over the coming days and weeks, said Google. The flaw (CVE-2021-21148) stems from a heap-buffer overflow, said Google.
2021/01/27

Apple says iOS 14.4 fixes three security bugs ‘actively exploited’ by hackers

Apple has released iOS 14.4 with security fixes for three vulnerabilities, said to be under active attack by hackers.

The technology giant said in its security update pages for iOS and iPadOS 14.4 that the three bugs affecting iPhones and iPads “may have been actively exploited.” Details of the vulnerabilities are scarce, and an Apple spokesperson declined to comment beyond what’s in the advisory.

It’s not known who is actively exploiting the vulnerabilities, or who might have fallen victim. Apple did not say if the attack was targeted against a small subset of users or if it was a wider attack. Apple granted anonymity to the individual who submitted the bug, the advisory said.
2021/01/27

Cisco DNA Center Bug Opens Enterprises to Remote Attack

A cross-site request forgery (CSRF) vulnerability in the Cisco Digital Network Architecture (DNA) Center could open enterprise users to remote attack and takeover.

The flaw, tracked as CVE-2021-1257, exists in the web-based management interface of the Cisco DNA Center, which is a centralized network-management and orchestration platform for Cisco DNA. It carries a CVSS vulnerability-severity score of 7.1, making it high-severity.

Cisco DNA is the networking giant’s software-defined approach for aligning campus, branch, WAN and remote-worker elements of enterprise networks. The DNA Center allows admins to provision and configure all network devices, and it uses artificial intelligence (AI) and machine learning (ML) to proactively monitor, troubleshoot and optimize networks. It also integrates with third-party systems. In short, the DNA Center allows deep reach and visibility into an organization’s network, all from one point of entry.
2021/01/08

New Year, New Ransomware: Babuk Locker Targets Large Corporations

Despite being a mostly run-of-the-mill ransomware strain, Babuk Locker’s encryption mechanisms and abuse of Windows Restart Manager sets it apart.

Only a few days into the new year, one of the first new ransomware strains of 2021 has been discovered. Dubbed Babuk Locker, the ransomware appears to have successfully compromised five companies thus far, according to new research.

The research author, Chuong Dong, a computer science student at Georgia Tech, said that he first saw the ransomware mentioned in a tweet by a security researcher who goes by “Arkbird” on Twitter. He then discovered information about Babuk on RaidForums, which is a forum for sharing databases of breaches and leaks.