Cyber Security Today, Dec. 4, 2023 – A warning to water treatment utilities, a boot vulnerability could affect millions of PCs, and more.

Share post:

A warning to water treatment utilities, a boot vulnerability could affect millions of PCs, and more.

Welcome to Cyber Security Today. It’s Monday, December 4th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

American water treatment utilities are increasingly being targeted by threat actors. You may recall that on Friday afternoon’s Week in Review podcast, I reported that a hacking group believed to be from Iran called CyberAv3ngers claimed credit for taking control of the internet-connected system of a municipal water authority in Pennsylvania. It is believed this group targeted the utility because of a vulnerability in a programmable logic controller it uses from an Israeli company called Unitronics. Three new things have happened since that report: First, late Friday American and Israeli cyber authorities issued an advisory that CyberAv3ngers and its affiliates are going after any organization using Unitronics devices. It says that since November 22nd several wastewater treatment plants have been compromised. How? Likely because the default passwords on the Unitronics devices weren’t changed, says the alert. The gang considers every piece of equipment made in Israel is a legal target. It’s not clear if CyberAv3ngers did any damage in these attacks. But three U.S. Congressmen have asked the U.S. Justice Department to investigate.

The third piece of related news is that the Hunters International ransomware gang has listed Florida’s St. Johns River Water Management District as one of its victims.

Cyber authorities urge any critical infrastructure provider to take security precautions including making sure as few IT devices as possible are open to the internet. And to make sure default passwords that come with internet-connected equipment are changed.

IT administrators and home computer owners should be watching this week for firmware patches from device manufacturers. Scheduled for Wednesday, the BIOS updates will plug vulnerabilities discovered in computers’ Unified Extensible Firmware Interface, or UEFI. The UEFI is part of a computer’s boot-up process. The holes were discovered by researchers at Binarly. The vulnerabilities, dubbed LogoFail, allow an attacker to get around crucial security boot protections. Researchers believe computers and servers from Intel, Acer, Lenovo and others running x86 or ARM processors are potentially vulnerable. Details will be revealed at this week’s Black Hat Europe conference, but you can get a preview in a Binarly blog.

About 60 American credit unions are dealing with the aftereffects of a ransomware attack one of their IT service providers. According to the news site The Record, the provider is called Ongoing Operations, which is owned by a credit union technology firm called Tellance. The news site quotes the National Credit Union Administration saying the incident happened November 26th. Not only have some credit unions been having IT trouble, so are other companies that rely on the same provider. It’s another example of the risks that an organization’s IT partners can bring unless there is built-in resilience.

It’s important organizations hit by a data breach don’t make things worse for the victims. Like accidentally publishing the names of those whose personal information was stolen. The latest example comes from MGM Resorts. You may recall it was hit by the BlackCat/AlphV ransomware gang in September. One of the victims was the wife of a Canadian-based cybersecurity researcher. On Saturday she was emailed a data theft notice by the hotel. However, while the email address was right the letter itself was addressed to another woman, presumably also a victim. So now at least one person knows that someone else’s personal information was stolen.

Are you still running a version of Microsoft Exchange email server that’s no longer supported with security updates? If so you’re foolish. And apparently, you’re not alone. According to a site called Shadow Server, almost 20,000 out-of-date Exchange Servers are open to the internet. About 6,000 of them are in the U.S. and Canada, and about 10,000 of them are in Europe. Versions no longer supported by Microsoft include Exchange Server 2013 and prior. If you’re administering an old version of any software and it gets hacked your excuse to the CEO is …

The U.S. headquarters of office supply chain Staples said it had to temporarily take some of its IT systems offline after a cybersecurity incident. It issued few other details.

Finally, a Russian man extradited from South Korea to the U.S. will be sentenced in March after pleading guilty for his role in developing and deploying the Trickbot malware. Trickbot is used by crooks to steal money and install ransomware. In June one of the convict’s partners was sentenced to two years and eight months in prison. This is the latest move in law enforcement’s attack on the distribution of Trickbot. The Russian man was extradited in 2021. Earlier this year U.S. named and sanctioned several suspected Trickbot gang members.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Dec. 4, 2023 – A warning to water treatment utilities, a boot vulnerability could affect millions of PCs, and more. first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Russian threat actor expanding its target list, warns Five Eyes report

APT29 is increasingly going after cloud services in mo

Canada’s privacy watchdog investigating hack at Global Affairs

Inquiry will look into adequacy of data safeguards at the federal

Hashtag Trending Feb.27- Will AI enable a four-day week?; SpaceX under scrutiny for allegedly blocking satellite internet services in Taiwan; How much does it...

Prelude: Just a note out there. We’ve been having problems with some of our podcasts. Our hosting partner Libsyn says they are working on this. We hope it’s not inconveniencing you. But we’ll push to get this fixed.  If you are having issues, please write me at jlove@itwc.ca  Any data we can gather will be

Sidebar: The powerful Digital Safety Commission

A look at the powers of the proposed five-person body charged with overseeing the Online

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways