Oldsmar Water Treatment Facility Used Windows 7, Had No Firewall and Shared Single TeamViewer Password Among Employees
Anne Neuberger tapped to oversee the government's response to SolarWinds, CD Projekt Red hacker leaks files online, Tenable to buy Alsid for $98 million, New Chinese APT Bendy Bear discovered, more
Do you like Metacurity? We offer 50% discounts to organizations that deliver the latest cybersecurity news and insight, along with our premium content, for as little as $2.50 per employee per month. Check out our special offer below.
Government officials say the Oldsmar, Florida water treatment facility that was hacked, with the intruder attempting to alter the levels of a deadly chemical in the water supply, used an unsupported version of Windows with no firewall and shared the same TeamViewer password among its employees.
An advisory from the State of Massachusetts, as well as a private industry notification from the FBI, said that the Oldsmar facility was using Windows 7 to access SCADA controls remotely, lacked a firewall, and permitted all employees to use the same TeamViewer password. Separately, in a hearing before the House Homeland Security Committee, the former head of the Cybersecurity and Infrastructure Security Agency Chris Krebs said that the Oldsmar breach was “very likely” the work of “a disgruntled employee.” (Dan Goodin / Ars Technica)
Related: CNN.com, SC Magazine, Cyberscoop, Law & Disorder – Ars Technica, DataBreachToday.com, Associated Press, The Hacker News, E Hacking News, Daily Mail, Fudzilla, TechTarget, HOTforSecurity, TechDator, Engadget, The Register - Security, Slashdot, Mass.gov, TechDator, The Verge, Engadget, Fudzilla, The Hacker News, TechTarget, E Hacking News, DataBreachToday.com, Slashdot
Google, which had not pushed updates to its flagship apps since before a December 8 privacy label deadline by Apple, told its users that all Google apps are out of date.
For a brief period of time, Google was warning users that it should update its apps but provided them with no means of doing so. (Spencer Dailey / Product Considerations)
Under criticism by the Senate Intelligence Committee, which believes the U.S. government’s response to the SolarWinds hacks has been too disjointed, the White House announced that the NSC’s deputy national security adviser for cyber and emerging technology, Anne Neuberger, will now oversee the SolarWinds incident security response.
Intelligence committee chairman Mark Warner (D-VA) and vice-chairman Senator Marco Rubio (R-FL) issued a statement saying that Neuberger’s leadership is “welcome news.” (Julian E. Barnes and David E. Sanger / New York Times)
The names and Social Security numbers of about 9,800 Syracuse University students, alumni, and applicants were exposed when someone gained unauthorized access to an employee’s email account. However, the university has yet to issue a campus-wide announcement of the breach.
The breach occurred in late-September. The university sent an email to affected students, alerting them that the university had investigated a data security breach involving personal information. (The Daily Orange Editorial Board)
Hackers who hit Cyberpunk 2077 and Witcher 3 developer CD Projekt Red (CDPR) with a ransomware attack have leaked at least some of the ransomed data online.
The hackers are also reportedly auctioning code for the Witcher 3 and Cyberpunk 2077 on another forum. (Joseph Cox / Motherboard)
The 1st U.S. Circuit Court of Appeals in Boston ruled that U.S. border agents do not need warrants to search travelers’ smartphones and laptops at airports and other U.S. ports of entry.
Rejecting arguments by the ACLU and EFF, U.S. Circuit Judge Sandra Lynch said basic border searches do not need to be supported by reasonable suspicion and said a warrant requirement would “hamstring” agents at the busy borders. (Nate Raymond / Reuters)
A ransomware operation called RansomExx, which is a rebranded version of the Defray777 ransomware, has hit French health insurance company Mutuelle Nationale des Hospitaliers (MNH) and severely disrupted the company's operations.
MNH posted notices online saying that a cyberattack hit it on February 5th and that computer systems have been disconnected for security reasons. (Lawrence Abrams / Bleeping Computer)
Researchers from Palo Alto’s Unit 42 have discovered a new “highly malleable, highly sophisticated” malware from Chinese hacking group BlackTech they have dubbed Bendy Bear.
Unit 42 says the malware “stands in a class of its own in terms of being one of the most sophisticated, well-engineered and difficult-to-detect samples of shellcode employed by an Advanced Persistent Threat (APT).” (Zach Dorfman / Axios)
The House Homeland Security Committee said it is preparing legislation that would expand the Cybersecurity and Infrastructure Security Agency (CISA) powers, similar to a bill introduced during the last Congress.
That bill aimed to enhance national cybersecurity through the creation of a public-private workforce exchange program and empower CISA through increased stability in leadership positions and funding. During hearings before the Homeland Security Committee, former CISA Director Chris Krebs called for enhanced governance, increased funding, and centralized services offered by CISA. (Ed Roberts / Homeland Preparedness News)
Singapore telco Singtel said that it is investigating a February 9 cybersecurity breach that may have compromised customer data with some files taken from a file-sharing system developed two decades ago by a third-party vendor Accellion.
Accellion notified Singtel that the file-sharing system, called FTA (File Transfer Appliance), had been breached by unidentified hackers. (Eileen Yu / ZDNet)
The Trump administration’s stunt-based forced sale of TikTok to Oracle and Walmart has been reportedly shelved indefinitely, sources say.
The deal, which theoretically was based on the Trump administration’s worries over security concerns surrounding the China-based app, has fallen by the wayside in the midst of successful legal challenges to the U.S. government’s effort by TikTok’s owner, China’s ByteDance Ltd. (John D. McKinnon and Alex Leary / Wall Street Journal)
Related: Ars Technica
Cybersecurity company Tenable has agreed to buy vulnerability management start-up Alsid for $98 million to help customers fix security weaknesses in Microsoft’s Active Directory in real-time.
The deal is expected to close early in the second quarter of 2021 and contribute approximately 1 percentage point of growth to Tenable’s revenue this year. (Michael Novinson / CRN)
Israeli enterprise cybersecurity firm CYE Ltd. announced it had raised $100 million in a funding round led by EQT AB with participation from 83North Ltd.
The company aims to combine technology and “white hat” hacking to help enterprises identify their most serious vulnerabilities. (Paul Gillin / Silicon Angle)
Related: Dark Reading
South Korea-based autonomous driving security solutions provider Autocrypt has raised $13 million in a Series A funding round that included major Korean investors KB Investment, Pathfinder H, Ulmus Investment, Korea Asset, Hyundai Venture Investment Corp., and IBK.
The company plans to use its funds to enhance its V2X security technology and expand security operations into more Intelligent Transportation Systems (ITS) projects. (FinSMEs)
A critical flaw in Adobe Reader, which has been exploited in the wild, was patched in the company’s latest batch of Patch Tuesday updates.
The vulnerability (CVE-2021-21017) is a critical-severity heap-based buffer overflow flaw. (Lindsey O’Donnell / Threatpost)
Nicholas Faber of Rochester, NY, pleaded guilty of hacking into the email and online accounts of female students at SUNY Plattsburgh, where he was a student, stealing their nude photos and videos, and trading them with others.
Faber pleaded guilty to one count of computer intrusion causing damage and one count of aggravated identity theft. and could be sentenced to up to 12 years behind bars. (Kieren McCarthy / The Register)
Researchers at Anomali say that UAE and Kuwait government agencies are targets of a new cyberespionage campaign potentially carried out by an Iranian threat group called Static Kitten (aka MERCURY or MuddyWater).
The group is sending out phishing emails to install a remote management tool called ScreenConnect (acquired by ConnectWise 2015) by posing as the Ministry of Foreign Affairs (MOFA) of Kuwait and the UAE National Council. (Ravie Lakshmanan / The Hacker News)