A hacker gained access to the water treatment system for the city of Oldsmar, Florida, and attempted to increase the concentration of sodium hydroxide (NaOH), also known as lye and caustic soda, to extremely dangerous levels.
Sodium hydroxide is commonly found in household cleaners, but can be very dangerous if ingested in high concentrations. However, in lower levels it is used by water treatment facilities to adjust acidity (pH) and remove heavy metals.
Access via remote desktop software
The attack on the computer system at Oldsmar water treatment system happened on Friday at 1:30 PM, through a remote desktop software that allowed authorized users to troubleshoot system problems remotely. Read more »
Ερευνητές της εταιρείας κυβερνοασφάλειας ESET ανέλυσαν κακόβουλο λογισμικό που στοχεύει συμπλέγματα συστημάτων υψηλής υπολογιστικής απόδοσης (HPC), ανάμεσα σε άλλους στόχους υψηλού προφίλ. Μετά από αντίστροφη μηχανική (reverse engineering) αυτού του μικρού, αν και περίπλοκου, κακόβουλου λογισμικού, το οποίο μπορεί να μεταφερθεί σε πολλά λειτουργικά συστήματα, συμπεριλαμβανομένων Linux, BSD, Solaris, και πιθανότατα ΑΙΧ και Windows. Η εταιρεία έδωσε την ονομασία Kobalos σε αυτό το κακόβουλο λογισμικό.
Read more »
Ο μέσος όρος λύτρων που καταβάλλεται σε κυβερνοεγκληματίες μετά από επίθεση ransomware μειώνεται καθώς όλο και περισσότερες εταιρείες αρνούνται να υποκύψουν σε απαιτήσεις για καταβολή λύτρων.
Read more »
A SonicWall SMA 100 zero-day vulnerability is being actively exploited in the wild, according to a tweet by cybersecurity firm NCC Group.
On January 22nd, SonicWall disclosed that they suffered an attack on their internal systems using a “probable” zero-day vulnerability in specific SonicWall networking devices.
While SonicWall investigates the vulnerability and has not provided many details, they state that it likely affects their SMA 100 series (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v) line of remote access appliances.
As mitigation against the attack, SonicWall states that administrators need to enable multi-factor authentication (MFA) on the devices and recommend setting up IP address restrictions to the management interface. Read more »
Law enforcement and judicial authorities worldwide have this week disrupted one of most significant botnets of the past decade: EMOTET. Investigators have now taken control of its infrastructure in an international coordinated action.
This operation is the result of a collaborative effort between authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada and Ukraine, with international activity coordinated by Europol and Eurojust. This operation was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).
EMOTET has been one of the most professional and long lasting cybercrime services out there. First discovered as a banking Trojan in 2014, the malware evolved into the go-to solution for cybercriminals over the years. The EMOTET infrastructure essentially acted as a primary door opener for computer systems on a global scale. Once this unauthorised access was established, these were sold to other top-level criminal groups to deploy further illicit activities such data theft and extortion through ransomware. Read more »