02-13-2021, 07:52 AM
CyberScoop Wrote:Three federal agencies teamed up with an organization that shares threat information between states to issue an alert late Thursday explaining how the breach, in which a hacker allegedly tried to raise sodium hydroxide levels to amounts that are harmful to humans, might have unfolded. Initial clues suggest the incident, which was detected before it amounted to a threat to public drinking water, was made possible by lax data protection strategies and exploitation of a software tool.
How do the authorities believe the hackers managed to vulnerate the water facility?
Well, this time they didn't really rely on overly complex methods, for a hacker that is.
Several US Authorities Wrote:The cyber actors likely accessed the system by exploiting cybersecurity weaknesses, including poor password security, and an outdated operating system.
Early information indicates it is possible that a desktop sharing software, such as TeamViewer, may have been used to gain unauthorized access to the system.
Based on an earlier report regarding a similar incident, CyberScoop made a plausible description of what might have happened in Oldsmar, Florida.
Several US Authorities Wrote:The unidentified actors accessed the water treatment plant’s SCADA controls via remote access software, TeamViewer, which was installed on one of several computers the water treatment plant personnel used to conduct system status checks and to respond to alarms or any other issues that arose during the water treatment process.
All computers used by water plant personnel were connected to the SCADA system and used the 32-bit version of the Windows 7 operating system.
Further, all computers shared the same password for remote access and appeared to be connected directly to the Internet without any type of firewall protection installed.
Take a look at the fake websites they had created.
CyberScoop Wrote:A spokesperson for the Massachusetts department said they had received the details from the EPA or Environmental Protection Agency.
Email addresses and passwords with the domains ci.oldsmar.fl.us and myoldsmar.com surfaced days before the breach in what’s being called the COMB data leak, for “Compilation of Many Breaches.” Credentials belonging to Oldsmar city employees were included in that leak as CyberNews first revealed and CyberScoop confirmed with Allan Liska, a senior security architect at Recorded Future who tracks dark web acitivity.
CyberScoop Wrote:President Joe Biden is giving a reprieve to Chinese apps that his predecessor’s administration had put on the defensive.Depending on your viewpoint, this article might feel like a real relief or a terrible disappointment.
On Thursday, the Commerce Department said in a court filing that it was reviewing the Trump administration’s bid to ban WeChat. It comes one day after a similar court filing where Commerce said it was reviewing the proposed ban on TikTok, and after the Biden administration has reportedly “indefinitely” placed on hold the plans to force the sale of TikTok’s American division to Oracle and Walmart.
In Thursdays’ filing, the department asked the Ninth Circuit Court of Appeals to pause a court case challenging the WeChat ban, which the Trump administration sought to implement in response to what it deemed the national security threat the app posed.
So for those that had installed WeChat already, I can only say "Fear not!"
Just keep in mind that the CCP can legally ask them to retrieve your data at any given time... and nope, they don't really need an authorization or a warrant to get it.
"For God has not destined us for wrath, but for obtaining salvation through our Lord Jesus Christ," 1 Thessalonians 5:9
Maranatha!
The Internet might be either your friend or enemy. It just depends on whether or not she has a bad hair day.
My Original Stories (available in English and Spanish)
List of Compiled Binary Executables I have published...
HiddenChest & Roole
Give me a free copy of your completed game if you include at least 3 of my scripts!
Just some scripts I've already published on the board...
KyoGemBoost XP VX & ACE, RandomEnkounters XP, KSkillShop XP, Kolloseum States XP, KEvents XP, KScenario XP & Gosu, KyoPrizeShop XP Mangostan, Kuests XP, KyoDiscounts XP VX, ACE & MV, KChest XP VX & ACE 2016, KTelePort XP, KSkillMax XP & VX & ACE, Gem Roulette XP VX & VX Ace, KRespawnPoint XP, VX & VX Ace, GiveAway XP VX & ACE, Klearance XP VX & ACE, KUnits XP VX, ACE & Gosu 2017, KLevel XP, KRumors XP & ACE, KMonsterPals XP VX & ACE, KStatsRefill XP VX & ACE, KLotto XP VX & ACE, KItemDesc XP & VX, KPocket XP & VX, OpenChest XP VX & ACE
Maranatha!
The Internet might be either your friend or enemy. It just depends on whether or not she has a bad hair day.
My Original Stories (available in English and Spanish)
List of Compiled Binary Executables I have published...
HiddenChest & Roole
Give me a free copy of your completed game if you include at least 3 of my scripts!
Just some scripts I've already published on the board...
KyoGemBoost XP VX & ACE, RandomEnkounters XP, KSkillShop XP, Kolloseum States XP, KEvents XP, KScenario XP & Gosu, KyoPrizeShop XP Mangostan, Kuests XP, KyoDiscounts XP VX, ACE & MV, KChest XP VX & ACE 2016, KTelePort XP, KSkillMax XP & VX & ACE, Gem Roulette XP VX & VX Ace, KRespawnPoint XP, VX & VX Ace, GiveAway XP VX & ACE, Klearance XP VX & ACE, KUnits XP VX, ACE & Gosu 2017, KLevel XP, KRumors XP & ACE, KMonsterPals XP VX & ACE, KStatsRefill XP VX & ACE, KLotto XP VX & ACE, KItemDesc XP & VX, KPocket XP & VX, OpenChest XP VX & ACE