Pinellas County, Florida: the latest on the water treatment attack.
A Hacker Tried to Poison a Florida City's Water Supply (Wired) The attacker upped sodium hydroxide levels in the Oldsmar, Florida, water supply to extremely dangerous levels.
Someone tried to poison Oldsmar’s water supply during hack, sheriff says (Tampa Bay Times) Pinellas Sheriff Bob Gualtieri said the attacker tried to raise levels of sodium hydroxide, also known as lye, by a factor of more than 100.
Sheriff: Hacker tried to taint Florida city's water with lye (AP) A hacker gained unauthorized into a remote access software system shared by workers at a Florida city’s water treatment plant in an unsuccessful attempt to fill the water...
Hacker Boosts Toxic Chemical Level 100-Fold at Water Plant (Bloomberg) Sodium hydroxide increased at Florida facility near Tampa. Operator responded immediately to prevent public harm.
‘Dangerous Stuff’: Hackers Tried to Poison Water Supply of Florida Town (New York Times) For years, cybersecurity experts have warned of attacks on small municipal systems. In Oldsmar, Fla., the levels of lye were changed and could have sickened residents.
Sheriff: Investigation underway after hacker attempts to poison Florida town’s water supply (My Sun Coast) Authorities in Pinellas County are investigating after an unknown individual attempted to hack the City of Oldsmar’s water treatment plant system.
Hacker Tried to Poison Florida City's Water Supply, Police Say (Vice) The hacker tried to drastically increase sodium hydroxide levels in the water, Pinellas County, Florida, officials said on Monday.
Hacker breached Florida water facility to alter sodium hydroxide level, police say (CyberScoop) An unidentified hacker on Feb. 5 broke into the computer system of a water treatment plant for a town outside of Tampa, Florida, and temporarily changed the plant’s sodium hydroxide setting to a potentially dangerous level, local authorities said Monday.
Hacker Changed Chemical Level in Florida City’s Water System (Wall Street Journal) While the Pinellas County sheriff said the public was never in danger, a criminal investigation has been launched.
Recommendations Following the Oldsmar Water Treatment Facility Cyber Attack | Dragos (Dragos | Industrial (ICS/OT) Cyber Security) Today a press conference was held by the City of Oldsmar where they disclosed ‘the unlawful intrusion of the City of Oldsmar’s water treatment system.’ The City of Oldsmar should be commended on their transparent briefing and level of detail. The case is evolving and details are ongoing but this blog is intended to share what’s known currently with some defensive recommendations. Details of What Happened It has been publicly acknowledged...
Cyber Attacks, Threats, and Vulnerabilities
MAR-10318845-1.v1 - SUNBURST (CISA) This report provides detailed analysis of several malicious artifacts associated with a sophisticated supply chain compromise of SolarWinds Orion network management software, identified by the security company FireEye as SUNBURST.
MAR-10320115-1.v1 - TEARDROP (CISA) This report provides detailed analysis of malicious artifacts associated with a sophisticated supply chain compromise of Solar Winds Orion network management software, identified by the security company FireEye as TEARDROP.
Installed Chinese-made transformers can impact the grid today (Control Global) Presidential Executive Order (EO) 13920 was issued not as a whim but because the Chinese effectively did a “Stuxnet” to a large electric transformer installed at a US utility.
BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech (Unit42) The novel Chinese shellcode "BendyBear" is one of the most sophisticated, well-engineered and difficult-to-detect samples employed by an APT.
Attackers Leverage Locally-Loaded Chrome Extension for Data Exfiltration (SecurityWeek) A malicious extension was being loaded in Chrome locally, after Developer mode had been enabled.
Over 1,200 Iranians Targeted in Domestic Surveillance Campaign (SecurityWeek) Domestic Kitten, backed by the Iranian government, launches extensive surveillance operations against Iranian citizens.
After Lightning Comes Thunder: The Most Persistent Iranian APT Rumbling Agai (Check Point and SafeBreach Labs) Cyber warfare has long become a common practice in the arsenal of governments, armies, and intelligence agencies around the world.
Billions of Passwords Offered for $2 in Cyber-Underground (Threatpost) About 3.27 billion stolen account logins have been posted to the RaidForums English-language cybercrime community in a 'COMB' collection.
SitePoint discloses data breach after stolen info used in attacks (BleepingComputer) The SitePoint web professional community has disclosed a data breach after their user database was sold and eventually leaked for free on a hacker forum.
Barcode Scanner app on Google Play infects 10 million users with one update (Malwarebytes Labs) In a single update, a popular barcode scanner app that had been on Google Play for years turned into malware.
Web Developer Hub SitePoint Discloses Data Breach (SecurityWeek) Web development resources provider SitePoint has notified users of a data breach that resulted in some of their information being stolen.
Data of thousands of Dutch citizens leaked from government Covid-19 systems (ComputerWeekly.com) Weak access controls and outdated systems blamed for leaking of the personal details of thousands of Dutch citizens tested for Covid-19.
Security breach may have exposed 36,000 UPMC patients' info (Becker's Hospital Review) UPMC began notifying patients Feb. 5 that their protected health information may have been exposed through a data breach at the Pittsburgh-based health system's billing and legal services provider last year.
Hackers leak thousands of incidents in Austin surveillance, Statesman reports (KVUE) The list was leaked by a hacker group last summer in the wake of protests against police brutality.
Tokyo Gas discloses data breach impacting anime-style dating simulation game (The Daily Swig) Developed by Japan’s largest gas utility, ‘Furo Koi’ was created to offer bathing advice to users
Medical cannabis company Cann Group loses $3.6 million in cyber attack (SmartCompany) Medicinal cannabis company Cann Group has been hit with a cyber attack, losing $3.6 million in transactions to an unknown third party.
Cyberpunk 2077 maker suffers ransomware attack (Computing) Attackers claim that they accessed source code for Cyberpunk 2077, Gwent, Witcher 3 and an 'unreleased version of Witcher 3'
Hackers behind British Mensa breach publish private messages of forum members on dark web (Computing) Some messages include email addresses and contact numbers of Mensa forum members
Vulnerability Summary for the Week of February 1, 2021 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.
Cyber Trends
Data breaches are increasing people’s exposure to cyber crime (News Powered by Cision) 7 out of 10 parents using online services breached by attackers experience cyber crime, according
Mobile Health Apps Systematically Expose PII and PHI Through APIs, New Findings from Knight Ink and Approov Show (BusinessWire) Mobile Health Apps Systematically Expose PII and PHI Through APIs, New Findings from Knight Ink and Approov Show #Approov #Cybersecurity #APIsecurity
MetricStream Global Survey Reveals Chasm Between IT Cyber Risk Management Strategy and Actual Practice (PR Newswire) /PRNewswire/ -- MetricStream, the market leader in governance, risk, and compliance (GRC), and integrated risk management products and solutions, today...
Delta Web: Established security firms war with disruptive AI rivals (Computing) Computing is the leading information resource for UK technology decision makers, providing the latest market news and hard-hitting opinion.
Security Software Revenues to Hit $45.5B in 2021, a 20% Jump in Two Years (StockApps) The digital transformation accelerated by the pandemic and the growing number of data breaches and cyberattacks has forced online users, companies, and organizations to increase...Read more
TransUnion Analysis Finds Synthetic Fraud Dropping During Pandemic, But New Research Forecasts Future Rise (TransUnion) New TransUnion (NYSE: TRU) research finds instances of synthetic fraud and outstanding balances for suspected synthetic accounts at U.S. financial institutions have declined significantly after the World Health Organization (WHO) declared COVID-19 a global pandemic on March 11, 2020. However, new analysis by technology analyst firm Aite Group fi...
Spirent Report: 5G Activity Accelerates as Operators Look to Differentiate (Spirent) Insights from over 600 global 5G engagements in 2020 reveal roll-outs continue to gather pace, despite the challenges of the global pandemic
Marketplace
Appgate, a Leading Cybersecurity Company, to Merge With Public Company Newtown Lane Marketing (Appgate) Appgate provides secure access to your network and for your consumers using leading Zero Trust network security and fraud protection solutions
SentinelOne to acquire high-speed logging startup Scalyr for $155M (TechCrunch) SentinelOne, a late-stage security startup that helps customers make sense of security data using AI and machine learning, announced today that it is acquiring Scalyr, the high-speed logging startup for $155 million in stock and cash. SentinelOne sorts through oodles of data to help customers under…
We are going fulltime (ProjectDiscovery) Most of you probably don't know, but ProjectDiscovery has been maintained in free-time, and we have been doing it so for the past 2 years. It was initially started when we met through the subfinder repository where we exchanged our ideas and started creating solutions out of a passion for
Air Force Awards $95M For Cyber Intelligence (Breaking Defense) The investment is a sign of the Air Force’s commitment to fighting war effectively across all domains, including cyber and its electronic warfare cousin.
Palantir Surges on Deal to Offer Software Through IBM (Bloomberg) IBM gains tools to make own AI software easier for customers. Palantir sales crew, now at 30, gains access to force of 2,500.
Facebook says it plans to remove posts with false vaccine claims. (New York Times) The move, which applies to anti-vaccine posts unrelated to Covid as well, targets unpaid posts to the site and particularly Facebook pages and groups.
Nixu renews its operating model to increase client centricity and transfers to international business units (News Powered by Cision) Nixu Corporation, Stock Exchange release, February 9, 2021 at 10:00 AM EET
Nixu renews its
Avast Joins Coalition Against Stalkerware (PR Newswire) Avast (LSE:AVST), a global leader in digital security and privacy products, today announced that it has joined the Coalition Against...
Proofpoint: Mixed Guidance But Great Long-Term Play (Seeking Alpha) Proofpoint reported Q4 revenue and EPS that came in above expectations despite continued challenges with the economic environment.
CloudSphere’s New CEO Puts VMware, Rapid7 on Notice (SDxCentral) When CloudSphere’s new CEO Jane Gilson takes the reins, she’ll join the exclusive club of female tech chief executives.
TrueFort Adds Lane Bess to Board of Directors (Yahoo) Lane Bess, former CEO of Palo Alto Networks will be an invaluable asset to the Board.
VMware ANZ channel chief Neels Du Plooy departs (CRN Australia) Neels Du Plooy leaves after nearly nine years with the vendor.
Former DHS CIO John Zangardi Joins LookingGlass Advisory Board (Homeland Security Today) LookingGlass Cyber Solutions, a leader in operationalizing threat intelligence, announced the appointment today of Dr. John Zangardi to its Advisory Board.
Castellum, Inc. Announces Hiring of Glen Ives to Build Navy and Marine Corps Division of Company (StreetInsider.com) Castellum, Inc. (OTC: ONOV) announces that Glen Ives has joined the Company as Chief Growth Officer and Divisional...
Cambridge Quantum Computing Welcomes Dr. Stefano Pironio as Scientific Advisor for Quantum Cryptography (HPCwire) Cambridge Quantum Computing (CQC) is pleased to announce the addition of Dr. Stefano Pironio as Scientific Advisor on
Products, Services, and Solutions
Google Launches Database for Open Source Vulnerabilities (SecurityWeek) Google announces OSV (Open Source Vulnerabilities), a database for triaging vulnerabilities in open source projects.
Radical New Training Bolsters Weakest Link in Cybersecurity (PRWeb) The cost of a data breach, in terms of revenue, reputation, legal exposure, and operational disruption, can be devastating; 60% of small-and medium-sized
Axon and Cellebrite Partner to Help Manage and Safeguard Digital Intelligence (Cellebrite) Data collected and reviewed with Cellebrite Solutions now seamlessly unified in Axon Evidence, allowing investigators to reshape how digital evidence is managed
Technologies, Techniques, and Standards
French military orders first sigint suite to work across all services (C4ISRNET) Early capabilities of the new system will be delivered in 2023, and full capabilities by 2025, officials said.
Why Are Remote Access Policies Important? (Reciprocity) When the COVID-19 pandemic arrived and forced the closure of offices around the world, many companies that hadn’t previously allowed remote access to servers and various IP addresses in their corporate network had to do so—and quickly. Trying to maintain business operations in that new manner, while also protecting data against unauthorized access, put many …
Security Compass Releases “The 2021 State of DevSecOps” Study Highlighting the Need for Automation in Secure Software Development (BusinessWire) Security Compass today published the results of its 2021 State of DevSecOps report, highlighting the need for automation in software development.
12 Best Donor Management Software Comparison (The Lead Pastor) Donor management software is critical for non-profit orgs and churches to keep track of donors and fundraising. Here's the best options on the market for 2021.
()
Preparing for the Google Partner Program Security Test (Bishop Fox) This Self-Assessment covers common threats to prep for the Google Partner Program assessment, that validates the security of Google partners’ applications.
Design and Innovation
Google Moves Away From Diet of 'Cookies' to Track Users (SecurityWeek) Federated Learning of Cohorts (FLoC) will allow improve online privacy while still enabling advertisers to serve up relevant messages and replace third-party cookies in it's Chrome web browser
Creating an Ethical Artificial Intelligence System: The Key Role of Counsel | New York Law Journal (New York Law Journal) This article will review the key steps to follow for a successful implementation of an ethical AI system. The critical role of lawyers in this process will be highlighted.
Research and Development
()
Researchers Say Machine Learning Boosts Defense Against Multi-Stage Cyber Attacks (Insurance Journal) A machine learning algorithm may give organizations a powerful and cost-effective tool for defending against attacks on vulnerable computer networks and
Legislation, Policy, and Regulation
The Cybersecurity 202: 'This Is How They Tell Me The World Ends' sheds new light on a global cyberweapons arms race (Washington Post) The U.S. government is paying hackers for vulnerabilities it finds in software and hardware used by corporations and governments. Once they've bought those vulnerabilities, they're turning them into cyberweapons employed in attacking or spying on adversaries.
The New Never-Ending War (The Cipher Brief) Walter Pincus is a contributing senior national security columnist for The Cipher Brief. He spent forty years at The Washington Post, writing on topics from nuclear weapons to politics. In 2002, he and a team of Post reporters won the Pulitzer Prize for national reporting. OPINION — The worldwide cyber war was on full display last … Continue reading "The New Never-Ending War"
Big Data Is Booming in the U.S., but Other Countries Are Making the Rules (Wall Street Journal) Lawmakers and regulators in some of the world’s largest countries are ramping up enforcement of privacy laws, revising statutes or debating new rules.
Biden Admin. To Weigh Risk Of Unleashing Cyberweapons (Law360) President Joe Biden has pledged to respond with force to hacking campaigns carried out by the country's enemies, but his administration may want to proceed with caution given the risks of launching weapons into the digital ecosystem, ex-government lawyers say.
The Right Response to SolarWinds (Council on Foreign Relations) A strongly worded message has been sent to Moscow, but a forcible response that changes minds is elusive.
A Key Step in Preventing a Future SolarWinds (Just Security) Federal action is needed to establish a cloud security certification that can applies across the ecosystem of information and communications technology.
Sweden to establish national cyber security centre (ComputerWeekly) Sweden becomes latest Nordic state to establish a national cyber security centre as the threat landscape grows.
China Ends the Clubhouse Spring (Foreign Policy) Beijing has blocked the social app after a brief flowering of open discussion.
China Appears to Block Social-Media Platform Clubhouse After Brief Flourishing of Debate (Wall Street Journal) The Silicon Valley audio-chat app had attracted thousands of users in China, who used it to discuss taboo topics including Xinjiang and human rights.
Clubhouse is now blocked in China after a brief uncensored period (TechCrunch) Thousands of Chinese users suddenly found themselves unable to access Clubhouse on early Monday evening as the country prepared to start the week-long Lunar New Year holiday. Inside WeChat groups, Clubhouse users rushed to report the situation and help each other with ways to get back onto the red …
Clubhouse’s moment of free speech in China is over (Quartz) On the Chinese messaging app WeChat, many shared their regret at seeing the app being blocked, and said they now need to use virtual private networks—a tool for circumventing China's great firewall—to access it.
The Kremlin May Make Foreign Internet Companies Open Offices in Russia (Slate Magazine) Having personnel on the ground would make it easier for Russia to pressure companies.
5G : French constitutional court backs provisions of 'anti-Huawei law' (Euractiv) France's highest court ruled on Friday (5 February) that the law introduced by the government on the security of 5G networks - dubbed 'anti-Huawei law' - is consistent with the Constitution. EURACTIV France reports.
Huawei ban timeline: Follow the saga of the Chinese telecommunications giant (CNET) Here's a breakdown of the controversy surrounding Huawei.
Huawei CEO says he'd welcome phone call from Biden in first remarks on new U.S. president (CNBC) Huawei CEO Ren Zhengfei is hoping for a softer approach from President Joe Biden after the company was labeled a national security threat under Trump.
Biden officials believe China to be 'greatest long-term national security threat' to the US, McCaul says (Fox News) President Biden’s Secretary of State Tony Blinken and White House national security adviser Jake Sullivan believe that China poses the "greatest long-term national security threat to the United States," Republican Rep. Michael McCaul told Fox News after speaking with the officials, but McCaul said they will have a "different approach" to China than the Trump administration.
Proposal gives incentives for electric companies to improve cybersecurity (Washington Technology) The new rule, proposed by the Federal Energy Regulatory Commission, would subsidize electric companies that upgrade their cybersecurity infrastructure beyond the minimum requirements.
EU ready to follow Australia’s lead on making Big Tech pay for news (Financial Times) Move by lawmakers would strengthen hand of publishers against Google and Facebook
House Armed Services Adds Cybersecurity-focused Panel for Technology Oversight (MSSP Alert) House Armed Services Committee forms cybersecurity-focused subcommittee to oversee the Department of Defense’s use of cyber, emerging tech & information systems.
How Will the DOTGOV Act Strengthen Government Website Security? (StateTech) The new law makes it easier for state and local agencies to migrate to secure and trusted .gov domains.
()
Litigation, Investigation, and Law Enforcement
Jammu and Kashmir Police looking to recruit 'cyber volunteers' who'll report 'anti national' content to govt (MediaNama) The Jammu and Kashmir Police is looking for “cyber volunteers”, who can flag content on social media that is “anti national”, or promotes “radicalisation”, among other things, and report those to the government.
Can The FBI Hack Into Private Signal Messages On A Locked iPhone? Evidence Indicates Yes (Forbes) Signal is one of the most secure apps in the world. But if FBI agents have access to a device, they can still access supposedly-encrypted messages, even on a locked iPhone.
Biden’s Justice Department Drops Legal Challenge to California Net Neutrality Law (Variety) In a signal of things to come from the Biden administration, the Justice Department on Monday dropped out of a lawsuit that seeks to block California from enacting its own net neutrality law. The a…
BREAKING: DOJ Drops Challenge To Calif. Net Neutrality Law (Law360) The U.S. Department of Justice on Monday ended its Trump-era challenge to California's net neutrality statute, which bars internet service providers from speeding up, slowing down or showing priority to web traffic.
DOJ Accelerates Enforcement Efforts Against Cybercriminals Who Engage in Ransomware Attacks (JD Supra) On successive days last week, the Department of Justice (DOJ) unveiled enforcement actions against international cybercriminal organizations that...
Chubb Beats Target's Data Hack Coverage Bid (Law360) A Minnesota federal judge freed two Chubb Ltd. units from paying for Target Corp.'s losses from $138 million in bank settlements over a 2013 data breach, holding Monday that the retail giant failed to allege "loss of use damages" covered under the policy.
Exclusive: EU's Vestager warns Apple to treat all apps equally amid privacy dispute (Reuters) Europe's antitrust chief, Margrethe Vestager, has warned Apple Inc to give equal treatment to all apps on its platform amid the iPhone maker's privacy changes that have drawn charges of anti-competitive practices from rival Facebook Inc.
Army Cyber Command major gets 30 years on child porn charge (Army Times) An Army officer in Georgia who held a top-secret security clearance has been sentenced to serve three decades in federal prison for producing child pornography, authorities said Monday.