Firewall Firm is a Managed Cyber Security Company in India
Home » Tag: cyber security news

Tag Archives: cyber security news

Home » Tag: cyber security news

Critical security flaw found in control systems of several hospitals and supermarket chains

  • Research study exposed a security flaw existing in temperature control systems manufactured by Resource Data Management.
  • Many popular names that incorporate these control systems include Marks & Spencer, Ocado & Way-on.

Resource Data Management (RDM), a Scottish firm engaged in providing remote monitoring solutions, was found to have security loopholes in its temperature control systems (TCS).

According to security researchers Noam Rotem and Ran L who conducted a detailed analysis, there may be thousands of organizations using these systems affected by the security vulnerabilities.

Hospitals and supermarket chains including Marks & Spencer, Ocado, and Way-on, use TCS built by RDM. From the report, it is evident that these systems use unsecured HTTP protocol and the 9000 port (or sometimes 8080, 8100, or even simply 80).

On top of this, all of them had default usernames and passwords, which are left unchanged by administrators. Thus, anyone with the right URL could easily access these systems.

Thousands of vulnerable systems

The researchers warned about the number of vulnerable system stating, “A basic scan reveals hundreds of installations in the UK, Australia, Israel, Germany, the Netherlands, Malaysia, Iceland, and many other countries around the world. As each installation has dozens of machines under it, we’re looking at many thousands of vulnerable machines.”

The researchers found over 7,000 installations with vulnerabilities through Shodan. The scary part is some of the devices installed with these control systems could even be found by a Google search.

In their research, Rotem and Ran also demonstrated how RDM-made control systems in a hospital as well as a supermarket, could be easily accessed. All they had to do was find the device URL and input the default username and password combination. Similarly, they even got into systems of Marks and Spencer and other companies from Italy, Germany, and Malaysia.

Change the credentials

Meanwhile, Rotem and Ran informed RDM of these security issues. However, the company first fended off the researchers without showing interest in the incident but later responded saying that they have no control over how their customer configure their TCS installations.

Furthermore, RDM has notified of an update to resolve this issue and has urged user admins to change default credentials in TCS.

CYBERSECURITY WORKERS SCRAMBLE TO FIX A POST-SHUTDOWN MESS

TWO WEEKS OUT from the longest government shutdown in United States history—and with the possibility of another still looming—government employees are still scrambling to mitigate impacts on federal cybersecurity defenses. And the stakes are high.

Furloughed cybersecurity employees returned to expired software licenses and web encryption certificates, colleagues burned out from working on skeleton crews, and weeks-worth of unanalyzed network activity logs. The job was already hard enough without having to play catch-up.

“There’s tension in the air,” says Chris Kennedy, chief information security officer at the network security firm RiskIQ who spent more than 10 years as a federal security contractor for agencies like the Treasury, Department of Commerce and US Marines Corps. “As an incident responder, you just found activity that took place three weeks ago, and now you have to quarantine and clean up and fix it when three weeks of damage has already been done. The work is harder and more chaotic and maybe your toolset doesn’t work because a license is expired plus maybe people’s security clearances have expired. All of those things are adding together.”

Even before the shutdown, the federal government was not known for a robust, consistent security posture. In a May report, the White House’s Office of Management and Budget found that 74 percent of federal agencies are in urgent need of digital defense improvements. More than half don’t have the ability to catalog the software that runs on their systems, and only about 25 percent of agencies confirmed to OMB that they are prepared to identify and thoroughly assess signs of data breaches.

The effects of the shutdown extend even to agencies that were funded throughout, like the military and intelligence community, thanks to interdependencies and network connections between agencies.

One of the few public-facing impacts of the shutdown was that web encryption certificates for numerous federal websites expired during the weeks of pause. This meant that people trying to access the sites, like NASA’s rocket testing portal, may have gotten warnings from their browsers that the pages were unsafe. Other sites became completely inaccessible.

A bigger concern, though, is that the shutdown’s true impact will take time to reckon with fully. Last week, Minnesota senator Amy Klobuchar and five of her colleagues sent a letter to the Department of Homeland Security and the NSA with questions about how federal cybersecurity posture fared during the shutdown. “Experts have warned that our reduced capacity for cybersecurity during shutdowns provides an opportunity for adversaries and cybercriminals,” the senators wrote. “We are concerned that these circumstances have left our government and citizens vulnerable to cyberattacks.” DHS and the NSA have not yet responded to the senators’ questions.

Digital threats, particularly those from nation state hackers, are not just a theoretical concern for the federal government. China, Iran, North Korea, and Russia all have active espionage and offensive hacking capabilities and many were ramping up their activity in the last year anyway, before the federal shutdown potentially created an opportunity for unchecked probing and intrusion. Such a prolonged stretch of reduced oversight would be virtually irresistible to foreign adversaries.

The shutdown also undermined the government’s reputation as a stable and reliable employer—a crucial issue given the general dearth of qualified cybersecurity personnel nationwide and the ongoing difficulty of competing with private sector jobs. Security professionals say that the shutdown was a prime recruiting season for private firms, and that many government employees and contractors left or plan to leave for other positions. New federal employment numbers haven’t been released yet.

“Government employees have been busier than ever,” says Carlos Perez, head of research and development at the IT security firm TrustedSec. “Many are leaving so far.”

RiskIQ’s Kennedy notes that the shutdown could also become a sort of black hole of accountability for cybersecurity incidents that began before, during, or even months after the break—a disturbing idea given ongoing issues with holding agencies to account for cybersecurity lapses.

The only potential silver lining? The risk management firm SecurityScorecard suggests that threats like spearphishing may have been less effective during the shutdown, since furloughed employees literally weren’t in the office to check their email.

Though government employees and contractors who were furloughed have now spent more than two weeks rebuilding from the shutdown, it will be months or even years before the full toll of the incident is understood. And if another shutdown comes next week, count on erasing whatever little progress has been made.

Australian government falls prey to a hacking attempt, incident under investigation

  • Officials are investigating the security incident that occurred on the government’s computer network.
  • Following the hack attempt, the Department of Parliamentary Services announced that it reset all user passwords in the network.

The Australian Parliament became a victim to a hacking attempt yesterday, allegedly perpetrated by a foreign entity. Reportedly, ‘no evidence’ was available to show whether any confidential information was compromised in this incident.

However, the Department of Parliamentary Services (DPS), which supports various functions of the Australian Parliament, disclosed that all user passwords in the computer network were reset post the hack attempt.

In a statement issued by DPS, it informed that the incident was being thoroughly investigated. “The Department of Parliamentary Services and relevant agencies are working jointly to take the necessary steps to investigate the incident, while our immediate focus has been on securing the network and protecting data and users,” the department stated.

Meanwhile, one Australian news outlet suggests that the country’s agencies are looking into the possibility of Chinese involvement. This could be due to the motive of influencing the upcoming elections or other political processes in the country by China.

Despite the attempt being labeled as ‘sophisticated’ by other sources, authorities did intercept the attack at its earlier stage. Else, it could have caused much more damage. Fortunately, the attack has not affected computers of government ministers and their staff. However, some opposition leaders have described the incident as a “wake-up call”.

Read More »