Language Selection

English French German Italian Portuguese Spanish

Security: SCADA, Police, Cisco and LibreOffice

Filed under
Security
  • Water Utility in Europe Hit by Cryptocurrency Malware Mining Attack

    At this point, Radiflow's investigation indicates that the cryptocurrency mining malware was likely downloaded from a malicious advertising site. As such, the theory that Kfir has is that an operator at the water utility was able to open a web browser and clicked on an advertising link that led the mining code being installed on the system. The actual system that first got infected is what is known as a Human Machine Interface (HMI) to the SCADA network and it was running the Microsoft Windows [...]

  • In a first, cryptocurrency miner found on SCADA network

    Windows malware that mines for cryptocurrencies has, for the first time, been found in the network of an industrial control system at an operational treatment plant for a water utility, Radiflow, a security provider for critical infrastructure, says.

  • Tech site seeks probe into London cops' malware purchase

    The tech website Motherboard has asked London's Metropolitan Police Service and an independent government organisation to institute a probe into why an MPS officer bought malware that can intercept messages on Facebook, steal passwords and operate a smartphone camera remotely.

  • Motherboard Files Legal Complaint Against Metropolitan Police for Malware Purchase

    London police have refused to explain why an officer bought powerful spyware that was marketed for spying on a user's spouse.

  • That mega-vulnerability Cisco dropped is now under exploit

    When Cisco officials disclosed the bug last week in a range of Adaptive Security Appliance products, they said they had no evidence anyone was actively exploiting it. Earlier this week, the officials updated their advisory to indicate that was no longer the case.

  • libreoffice-remote-arbitrary-file-disclosure

    LibreOffice through 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.

More in Tux Machines

Honor 9 Lite review: Leader of the affordable Android pack

As Huawei's budget brand, Honor handsets are well known for offering good value for money. With the Honor 9 Lite the 'good value' theme is raised a notch, thanks to an 18:9 aspect ratio 5.65-inch screen and no fewer than four cameras. Judging by its name, you might expect the Honor 9 Lite to be a trimmed-down version of the Honor 9, but there are some significant variances that suggest the new handset is a step sideways rather than a step down. The Honor 9's 5.15-inch 1,080-by-1,920 (16:9) screen is trumped here by a bigger, taller 5.65-inch 1,080-by-2,160 (18:9) display. There are also dual cameras front and back, whereas the Honor 9 only has dual rear cameras. At the time of writing the Honor 9 is selling for £349 (inc. VAT) direct from Honor, so the Honor 9 Lite's £199.99 looks very appealing. Read more

Linux command history: Choosing what to remember and how

Linux history – the record of commands that you’ve used on the command line – can simplify repeating commands and provide some very useful information when you’re trying to track down how recent system or account changes might have come about. Two things you need to understand before you begin your sleuthing, however, are that the shell’s command memory can be selective and that dates and times for when commands were run are optional. Read more

Security: Voting Machines With Windows and Back Doors in Windows Help Crypto-jacking

  • Election Security a High Priority — Until It Comes to Paying for New Voting Machines [Ed: Sadly, the US has outsourced its voting machines to a private company whose systems are managed by Microsoft]
    When poll workers arrived at 6 a.m. to open the voting location in Allentown, New Jersey, for last November’s gubernatorial election, they found that none of the borough’s four voting machines were working. Their replacements, which were delivered about four hours later, also failed. Voters had to cast their ballots on paper, which then were counted by hand. Machine malfunctions are a regular feature of American elections. Even as worries over cybersecurity and election interference loom, many local jurisdictions depend on aging voting equipment based on frequently obsolete and sometimes insecure technology. And the counties and states that fund elections have dragged their heels on providing the money to buy new equipment.
  • Congress Can Act Right Now to Prevent Interference in the 2018 Elections [Ed: "confidence" is not security]

    To create that confidence the SAFE Act would: [...]

  • America’s Election Meddling Would Indeed Justify Other Countries Retaliating In Kind
    There is still no clear proof that the Russian government interfered with the 2016 U.S. election in any meaningful way. Which is weird, because Russia and every other country on earth would be perfectly justified in doing so.
  • NSA Exploit Now Powering Cryptocurrency Mining Malware [Ed: Microsoft Windows back door]
    You may have been asked if you'd like to try your hand at mining cryptocurrency. You may have demurred, citing the shortage in graphics cards or perhaps wary you were being coaxed into an elaborate Ponzi scheme. So much for opting out. Thanks to the NSA, you may be involved in mining cryptocurrency, but you're likely not seeing any of the benefits.
  • Cryptocurrency-mining criminals that netted $3 million gear up for more
    Separately, researchers from security firm FireEye said attackers, presumably with no relation to the one reported by Check Point, are exploiting unpatched systems running Oracle's WebLogic Server to install cryptocurrency-mining malware. Oracle patched the vulnerability, indexed as CVE-2017-10271, in October.

today's howtos