On Feb. 5, an unidentified hacker broke into the computer system of a treatment plant in the Florida town of Oldsmar and temporarily changed the plant's sodium hydroxide setting to a potentially dangerous level, according to local officials. It turns out that hacker wasn't alone on the network. Industrial security firm Dragos on Tuesday revealed a separate suspected intrusion that same day of one of the Oldsmar Water Treatment Facility's computers. READ MORE...
Ireland's department of health services continues to grapple with a ransomware attack that occurred last week by the Conti gang. Officials state the attack will cost tens of millions to repair, even though attackers were not successful in their attempt to encrypt systems on Ireland's Department of Health (DoH) systems. "Hundreds of people" are still "working flat out" to get all Ireland DoH services and systems up and running, Irish Health Minister Stephen Donnelly tweeted late Monday. READ MORE...
The DarkSide ransomware gang has collected at least $90 million in ransoms paid by its victims over the past nine months to multiple Bitcoin wallets. Around 10% of the profit came in one week from attacking just two companies: Colonial Pipeline, the largest oil pipeline system in the United States, and Brenntag, a large chemical distribution company in Germany. Blockchain analysis company Elliptic found and analyzed ransom payments made to DarkSide from 47 distinct Bitcoin wallets. READ MORE...
The MountLocker ransomware operation now uses enterprise Windows Active Directory APIs to worm through networks. MountLocker started operating in July 2020 as a Ransomware-as-a-Service (RaaS) where developers are in charge of programming the ransomware software and payment site, and affiliates are recruited to hack businesses and encrypt their devices. As part of this arrangement, the MountLocker core team receives a smaller cut of 20-30% of a ransom payment, while the affiliate gets the rest. READ MORE...
Owners of Eufy home security cameras were warned this week of an internal server bug that allowed strangers to view, pan and zoom in on their home-video feeds for approximately one day. Inversely, customers were also suddenly given access to do the same to other users. The SNAFU, according to experts, is a stark reminder of the security-challenged consumer market for wireless cameras that have caused major headaches for a long list of vendors including Amazon, Google and ADT. READ MORE...
Following an eight-month audit of the code in the latest infotainment system in Mercedes-Benz cars, security researchers with Tencent Security Keen Lab identified five vulnerabilities, four of which could be exploited for remote code execution. The vulnerabilities were found in the Mercedes-Benz User Experience (MBUX), the infotainment system initially introduced on A-class vehicles in 2018, but has since been adopted on the car maker's entire vehicle line-up. READ MORE...