Florida Water Treatment Plant Hacked, Chrome Browser Vulnerability, Security Researchers were targeted, Social Media Etiquette, CISCO’s VPN Flaws, Happy Safe Internet Day and more!
Hello and welcome to Simplified Security bits Episode Number 7. I am your host, Durgesh and today is Feb 9th 2021, coming to you straight from Houston Texas.
Today is Safe Internet Day. Celebrated around the world. In the US, you can find more information for more information on how you can get involved and spread the word by going to https://saferinternetday.us/ [https://saferinternetday.us/]
Tags: Podcast, Cybersecurity Podcast, Durgesh Kalya, Simplified Security,
The Florida Water Treatment Plant was hacked and the attacker managed to increase the amount of Sodium Hydroxide levels from 100 parts per million to 11,100 parts per million. The attacker was able to compromise the remote access system and managed to change parameters for the lye component. This is the worst case scenario for Industrial Control Systems which could have led to a dangerous situation. An operator was able to spot the increase in levels and was able to turn it down.
https://www.nbcnews.com/tech/security/florida-near-miss-cybersecurity-worst-case-scenario-n1257091 [https://www.nbcnews.com/tech/security/florida-near-miss-cybersecurity-worst-case-scenario-n1257091]
Project Zero Team at Google have found a zero day bug on Chrome, Which is being actively exploited and you need to update your browser now. Both Chrome and Edge browsers use the Chromium Engine. So patch now. Simply go to your browser, and click About to initiate the update.
https://nakedsecurity.sophos.com/2021/02/05/chrome-zero-day-browser-bug-found-patch-now/ [https://nakedsecurity.sophos.com/2021/02/05/chrome-zero-day-browser-bug-found-patch-now/]
Cisco reported several vulnerabilities which are tracked in various CVEs. The vulnerabilities allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. Patch them Routers Now!
https://thehackernews.com/2021/02/critical-flaws-reported-in-cisco-vpn.html [https://thehackernews.com/2021/02/critical-flaws-reported-in-cisco-vpn.html]
Google bans the Spanish Certificate Authority (CA) -Camerfirma. CAs In cryptography are certification authority is an entity that issues digital certificates. While this is nothing new, in the past major browsers have issued warnings and requested CAs to fix issues with verification and validation of certificates. The result is that the websites and services that use certificates that were issued by Camerfirma will start to get flagged on Chrome browsers and will start showing a Certificate Error with the release of the new browser version Chrome 90 which will be available in April of 2021.
https://www.zdnet.com/article/google-bans-another-misbehaving-ca-from-chrome/ [https://www.zdnet.com/article/google-bans-another-misbehaving-ca-from-chrome/]
Google and Microsoft have reported various instances of ongoing attacks on security researchers. Microsoft has outlined the threat actors behind this targeted attack in their security blog. They attribute the attacks to a group called ZINC. More information is in the show notes.
https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/ [https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/]
Facebook etiquette:
I am always keen to learn more about how one can improve our interactions and behaviors that can benefit the society as a whole. When it is really at a click of a button you can send communication across the wire and increasingly with very little thought or consequence. As today is Safe Internet Day, I wanted to feature an article written by ESET security blogger Amer Owaida. He very beautifully outlines some of the strategies to apply to strengthen your privacy, security and most importantly to remember the famous Vegas Line, what happens on the internet stays on the internet. Link is in the show notes.
https://www.welivesecurity.com/2021/02/04/facebook-etiquette-behaviors-avoid/ [https://www.welivesecurity.com/2021/02/04/facebook-etiquette-behaviors-avoid/]
That is it for this episode.
Please provide me your feedback by reaching out on my twitter @durgeshkalya. All the links to anything I have discussed in this episode is in the show notes of this podcast.
Make sure you subscribe to simplified security episodes available as podcast and on YouTube. Go to icsbits.com/simplified for more details. I am your host Durgesh Kalya. Catch me on my next episode on your favorite podcast app or YouTube, until then be safe and think before you click.
