Metacurity

Share this post
Hackers' Breach of Australian Regional Water Supplier Went Undetected for Nine Months
metacurity.substack.com

Hackers' Breach of Australian Regional Water Supplier Went Undetected for Nine Months

NSO CEO quits job before his start date, Grief ransomware group exposed a wealth of sensitive financial and personal from NRA hack, U.S. joins 80-nation cybersecurity agreement, much more

Cynthia Brumfield
Nov 11, 2021
1
Share this post
Hackers' Breach of Australian Regional Water Supplier Went Undetected for Nine Months
metacurity.substack.com

Australia’s Queensland's largest regional water supplier, Sunwater, says hackers targeted it in a cyber security breach that went undetected for nine months.

Last year, the hackers left suspicious files on a webserver to redirect visitor traffic to an online video platform. The breach occurred between August 2020 and May 2021 and involved unauthorized access to the entity's web server that stored customer information. Weaknesses in an older, more vulnerable Sunwater system had allowed the cyber breach to remain undetected for nine months.

Sunland said no financial or customer data had been compromised, and it took immediate steps to improve security once it detected the unauthorized access. The Sunwater revelation followed a Queensland's Audit Office report into the state's water authorities that did not name Sunwater. That report called for immediate action to fix "ongoing security weaknesses in information systems.” (Rory Callinan / ABC News)

Twitter avatar for @girlgerms👩‍💻🧙‍♀️ Jess "GirlGerms" Dodson 💉💉💉 @girlgerms
This is why we say "Assume Breach". There are likely threat actors already in your network and infrastructure. You just don't know it yet.
Major Queensland water supplier targeted by hackers in cyber breach that went undetected for monthsIt has been revealed that hackers left suspicious files on a webserver to redirect visitor traffic from Sunwater, Queensland’s largest regional water supplier, to an online video platform last year.abc.net.au

November 11th 2021

3 Retweets30 Likes

Itzik Benvenisti, the former co-president of Israeli spyware company NSO Group who had been named CEO on October 31st, resigned from the company even before he assumed his new position.

Benevenisti informed the Chairman of the company that in light of the circumstances that had arisen and given that the company had been blacklisted in the United States, he decided that he could not enter the CEO position. The U.S. Commerce Department earlier this month blacklisted the company and accused it of harming the national interest. (Golan Gozani / Calcalist)

Related: Al Bawaba, Associated Press, The New Arab, The Independent, Al Bawaba, RT USA, The Guardian, Hamodia

A ransomware group that operates under the name Grief but previously used the name Evil Corp has exposed sensitive personal and financial information in the latest round of guns advocacy group NRA internal document dumps.

The group also published the NRA’s bank account information and the social security numbers or home addresses for dozens of its staff members. Documents with details on NRA employees who’ve paid tax liens, child support, or had their wages garnished are included in the leak. Dozens of internal documents, including the 2021 directors and officers insurance policy and several reports detailing the group’s confidential cyber security protocols, were also included in the leaks. NRA was hit by the group’s ransomware attack in late October. (Steven Gutowski / The Reload)

Twitter avatar for @StephenGutowskiStephen Gutowski @StephenGutowski
The NRA did not provide a statement on the leaked personal information or answer questions about what it's doing to assist those whose information has been exposed. The documents have already been viewed thousands of times on the hacker's website.
thereload.com/nra-bank-accou…

November 11th 2021

3 Retweets9 Likes

Following a meeting with French President Emmanuel Macron, Vice President Kamala Harris announced that the United States has joined an 80-country agreement known as the Paris Call for Trust and Security in Cyberspace. The agreement condemns reckless behavior in cyberspace and seeks to mobilize resources to secure the software supply chain. The Trump administration declined to sign the agreement first begun by the French government in 2018.

The Paris Call agreement follows efforts by the Biden administration to look for international help in cracking down on Eastern European and Russian ransomware gangs that have hacked major US firms. (Sean Lyngaas / CNN)

Related: The Hill, InsideCyberSecurity.com, White House.gov

Twitter avatar for @C_PainterChris Painter @C_Painter
The US joining is a great and welcome thing, both because the Paris Call principles reflect the kinds of things the US has fought for and because it makes them part of, & gives them access to, a vibrant Multistakeholder community that endorses cyber stability. https://t.co/0BfY5fM0xQ

Joseph Marks @Joseph_Marks_

Inbox: In another cyber break with the Trump admin., @VP Harris delivered a U.S. endorsement of the Paris Call for Trust and Security in Cyberspace - basically a set of norms govs and other organizations pledge to uphold in cyberspace. https://t.co/D2bfGUf5PI

November 10th 2021

9 Retweets38 Likes

Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly plans to invite members of the private hacking community to join an advisory committee at the Cybersecurity and Infrastructure Security Agency.

The advisory committee would find and report vulnerabilities that the government would be obligated to address. “I want to make sure we are tapping into the brilliance and the goodness of those communities to help us identify and close those vulnerabilities. So please partner with us and bring it on,” Easterly said at a conference hosted by Wired. (Graham Hacia / Wired)

Related: NextGov, Roll Call, The Hill: Cybersecurity, Defense Daily Network

Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly said that her agency is working on establishing new directives for the water and chemical industries as part of a federal effort to protect critical infrastructure from increasing cyber threats.

Speaking at a Wired conference, Easterly said that she has been "spending a huge amount of time on that critical infrastructure mission, both working off some of the sprints that the White House has directed with the electricity sector, the pipeline sector, and soon-to-be the water and chemical sectors." (Chris Riotta / FCW)

Related: Meritalk

Telnyx, a voice over Internet Protocol (VoIP) company that provides worldwide telephony services over the Internet, including in the Americas, EMEA, APAC, and Australia regions, is the latest victim of telco-targeted distributed denial-of-service (DDoS) attacks, causing worldwide outages in its network.

The attack started on November 9th at approximately 11 PM EST, causing all telephony services to fail or be delayed. The company’s status page says that it has concluded the migration of global network traffic routes behind CloudFlare's DDoS protection systems, and all services are now operational. (Lawrence Abrams / Bleeping Computer)

Related: Cybersecurity Intelligence, Telnyx

According to screenshots obtained by Motherboard, the hackers behind the breach of app-based broker Robinhood had access to an internal tool that presented them the option of tampering with user accounts, including removing specific users’ multi-factor authentication protections.

On top of providing the ability to tamper with user accounts, the tool provides notes on specific accounts generated by Robinhood’s fraud team; the devices used to log into Robinhood; the user’s IP addresses; whether the devices are trusted; their balances such as net cash as well as their buying power; and their phone number and whether that number is verified. Robinhood had not previously specified that some users' phone numbers might have been exposed. A source who presented themselves as a proxy for the hackers provided the screenshots. (Joseph Cox / Motherboard)

Related: The Verge, reddit TECH NEWS, CNN

Researchers at Zimperium discovered an ongoing spyware campaign that steals user data dubbed PhoneSpy that targets South Korean users via a range of lifestyle apps that nest in the device and silently exfiltrate data.

The PhoneSpy spyware comes disguised as a Yoga companion app, the Kakao Talk messaging app, an image gallery browser, a photo editing tool, and more. The stolen data can be used to support almost any malicious activity, from spying on spouses and employees to conducting corporate cyber-espionage and blackmailing people. Zimperium reported their findings to the US and South Korean authorities, but the host that supports the C2 server is yet to be taken down. (Bill Toulas / Bleeping Computer)

Related: ZDNet, Zimperium, The Hacker News, Security Week, Threatpost

Share Metacurity

According to public records obtained by the EFF, data broker Veraset shared billions of “highly sensitive” phone-location records with the D.C. government last year that revealed how people moved about the city.

According to internal emails, Veraset offered the city a free trial of its tracking services for covid-tracking purposes only and did not include people’s names and personal details. EFF calls the free trial a “covid-washing” effort in a bid to forge new relationships with government authorities. (Drew Harwell / Washington Post)

Related: EFF

The Missouri Department of Elementary and Secondary Education (DESE) has apologized for a"data vulnerability incident” that exposed the personal data of 620,000 teachers, administrators, and other education personnel.

Missouri Governor Mike Parson previously and falsely pinned blamed for the exposure on a“hack” by St. Louis Post-Dispatch reporters. DESE did not, however, apologize to the reporters for the governor’s false allegation. The State of Missouri is offering 12 months of credit and identity theft monitoring resources through IDX to past and present certificated educators whose PII was contained in the DESE certification database. (Mike Masnick / Techdirt)

Related: Missouri Education Department

HPE revealed that a threat actor obtained an"access key" to compromise repositories for their Aruba Central network monitoring platform, enabling the malicious hacker to access collected data about monitored devices and their locations.

The exposed repositories contained two datasets, one for network analytics and the other for Aruba Central's 'Contract Tracing' feature. The threat actor had access for 18 days between October 9th, 2021, and October 27th, when HPE revoked the key. (Lawrence Abrams / Bleeping Computer)

Related: Aruba Networks

Twitter avatar for @Ax_SharmaAx Sharma @Ax_Sharma
Hewlett Packard Enterprise says threat actor obtained an "access key" that let them view customer data stored in the Aruba Central environment. The #databreach lasted 18 days: Oct 9th-27th, after which HPE revoked the key.
bleepingcomputer.com/news/security/… via @LawrenceAbramsHPE says hackers breached Aruba Central using stolen access keyHPE has disclosed that data repositories for their Aruba Central network monitoring platform were compromised, allowing a threat actor to access collected data about monitored devices and their locations.bleepingcomputer.com

November 11th 2021

4 Retweets2 Likes

IT asset discovery platform company Lucidem announced it had raised $15 million in a Series A venture funding round.

Point72 Ventures led the round, which included investments from GGV Capital, Silicon Valley CISO Investments, and leading angel investors. (Business Wire)

Photo by Ivan Bandura on Unsplash

Share this post
Hackers' Breach of Australian Regional Water Supplier Went Undetected for Nine Months
metacurity.substack.com
TopNew

No posts

Ready for more?

© 2022 DCT Associates
Privacy ∙ Terms ∙ Collection notice
Publish on Substack Get the app
Substack is the home for great writing