Authorities in Florida continue their inquiry into the Oldsmar water utility cybersabotage incident, but beyond expressing the hope that they'll be able to discuss the attack more once the investigation is complete, they've had little to say. Water systems in other parts of the US continue to look to their defenses, and seem to be using recent Federal advice as their guide to doing so. Until more information is available, we'll return news about Oldsmar to its usual place in our selected reading.
Do you know if your organization should be worried about advanced persistent threat actors, cyber criminals, or hacktivists? Do you know the different capabilities or attacks each group might use? LookingGlass can help you build customized, evolving threat models to assess cybersecurity threats that your organization could actually face and inform which cyber investments would improve your defenses. Find out how you can build tailored threat models in our white paper.
Centreon discusses the Sandworm incident. Skepticism about the "Big Hack." Patch news.
Centreon, the firm whose IT resource monitoring tool France's ANSSI identified as compromised in what appears to be a Russian operation, yesterday provided an update on its own investigation. The software in question is an older version of the tool that's been unsupported for the last five years. (There have been eight updates since that version reached its end-of-life.) The company says that none of its current customers were affected, and that the fifteen "entities" that were afflicted by Sandworm's backdoor were all using open source versions of the obsolete software.
ZDNet reports that the backdoor found in the open source version of Centreon software was Exaramel, malware that bears some similarity to Industroyer. ESET offers some background and context, describing how they found Exaramel "at the heart of Industroyer" during their 2018 investigation of Russia's 2016 cybersabotage of Ukraine's power grid. As BleepingComputer reports, it's unclear how the threat actor succeeded in compromising the software.
Fortune summarizes the current state of opinion about Bloomberg's renewal of its story on alleged discovery of Chinese hardware backdoors into Supermicro chips. Fortune notes that the current version relies on secondhand and anonymous sources, "which does not inspire confidence."
Microsoft has pulled and issued an update for one of the fixes it published on Patch Tuesday last week. Threatpost reports that "This particular defective update (KB4601392) applied to Windows 10 users (version 1607 for 32-bit and x64-based systems) and Windows Server 2016 users."
CISA yesterday issued four new Advisories on industrial control systems.
Today's issue includes events affecting Australia, China, the Dominican Republic, the European Union, France, the Democratic Peoples Republic of Korea, the Republic of Korea, Myanmar, Russia, Singapore, the United Kingdom, and the United States.
Get 40% off on CyberWire Pro.
Presidents Day may be in the rear view mirror, but our Presidents Day sale is still running. It's your chance to accelerate your cybersecurity awareness and education. For this week only, our Daily Briefing and Week That Was subscribers can enjoy 40% off on their first year of an annual CyberWire Pro subscription. That includes exclusive content, live event participation, and access to our extraordinary archives, all within one clean platform. This offer expires on February 19th and is for new customers only. Visit the CyberWire Pro page, select Annual Subscription, and enter code YDHVORO22L during checkout.
Join Rick at the CSO Perspectives Hash Table as he and our table of experts discuss Identity Management, its role as a first principle idea, and what they worry about as authentication becomes an increasingly complex issue. To learn more about Pro and listen to all CSO Perspectives episodes, visit our CyberWire Pro page and click on the Contact Us button.