Kansas water plant breached. KIA cars remotely accessible. NIST common sense password guidelines.  

News

Hi folks,

I had my exam today, and I passed! Before you sits a happy but thoroughly exhausted newsletter writer ^^ I'm happy to present you with this week's issue though! There's some interesting tidbits in there. Enjoy the read, I'm off to start my weekend a little early :-)

Cheers!

Dieter

Kansas water plant cyberattack forces switch to manual operations

Most of you will know by now that attacks on water treatment plants are a trigger for me :-) So I'll highlight this one out of the breaches list.

bleepingcomputer.com

Kia dealer portal flaw could let attackers hack millions of cars

Another one worth highlighting. "Security researchers discovered flaws in Kia's dealer portal that could let hackers locate and steal millions of Kia cars using just the vehicle's license plate.". Wonderful. It also allowed one to track any KIA car without the customer being notified.

bleepingcomputer.com

NIST proposes barring some of the most nonsensical password rules

The new guidelines now explicitly state to NOT mandate password rotation or the use of certain characters. Instead focus on password length (and uniqueness). Here's hoping that companies at large take notice.

arstechnica.com

Research on automated tank gauge systems

Very nice technical deep-dive on the security of tank gauge systems. Not something you think about every day :-) But I enjoyed the extensive write-up.

bitsight.com

Quick stories

  • Kaspersky deletes itself, installs UltraAV antivirus without warning: link.
  • Tails OS joins forces with Tor Project in merger: link.
  • US proposes ban on connected vehicle tech from China and Russia: link.
  • Infostealer malware bypasses Chrome’s new cookie-theft defenses: link.
  • Google calls for halting use of WHOIS for TLS domain verifications: link.

Breaches and leaks

  • 100 million+ US citizens have records leaked by background check service: link.
  • Dell investigates data breach claims after hacker leaks employee info: link.
  • Disney ditching Slack after massive July data breach: link.
  • MoneyGram confirms a cyberattack is behind dayslong outage: link.
  • U.S. govt agency CMS says data breach impacted 3.1 million people: link.
  • AutoCanada says ransomware attack "may" impact employee data: link.
  • More than $44 million in cryptocurrency stolen from Singaporean platform BingX: link.

Issues and fixes

  • Automattic blocks WP Engine’s access to WordPress resources (including security updates): link.
  • macOS Sequoia change breaks networking for VPN, antivirus software: link.
  • Critical Ivanti vTM auth bypass bug now exploited in attacks: link.
  • Windows 10 KB5043131 update released with 9 changes and fixes: link.
  • HPE Aruba Networking fixes critical flaws impacting Access Points: link.
  • CUPS flaws enable Linux remote code execution, but there’s a catch: link.

1Password: the password manager with (to me) the best UX

I'm not going to write a long marketing-heavy paragraph on this one. I just love using 1Password. The UX, the support, the integrations, it all works wonderfully. Highly recommended. (Sponsored)

1password.com

No spam, ever. We'll never share your email address and you can opt out at any time.