Cyber Security Today, Jan. 10, 2024 – Vulnerabilities found in internet-connected factory torque wrenches

/in


Vulnerabilities found in internet-connected factory torque wrenches.

Welcome to Cyber Security Today. It’s Wednesday January 10th, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Anything that connects to an IT network can have software vulnerabilities. The latest example: WiFi connected pneumatic torque wrenches used by car manufacturers. According to researchers at Nozomi Networks, the vulnerabilities they found in a Bosch Rexroth wrench could let a hacker plant ransomware that would spread across a network. Or the holes could let an attacker alter a wrench’s tightening controls and affect the safety of products. A manufacturer using compromised devices could be extorted by a hacker, and sued by customers. The vulnerabilities are in the device’s Linux-based operating system. The wrench connects to a wireless network so it can be remotely programmed. The lesson: Makers of any internet-connected device have to continuously scrutinize their code for vulnerabilities.

Microsoft SQL database servers in the U.S., Europe and Latin America are being targeted by a threat actor. According to researchers at Securonix, the gang either sells access to compromised servers or plugs them with a strain of ransomware called Mimic. This particular gang has been ramming their way into servers through brute force attacks, which are preventable. Then they leverage a command to create a Windows shell, a command that is supposed to be disabled by default. Among the lessons from this attack: Don’t expose critical servers to the internet — and if you have to, protect them with security like a virtual private network. And IT should always be watching for the creation of new local users on servers and other endpoints.

An American judge has sentenced a Nigerian man to 10 years and one month in prison and ordered him to pay almost US$1.5 million in restitution for conspiring to launder money pulled from internet fraud schemes. The 33-year-old man worked directly with the Nigeria-based leader of an international criminal organization to defraud individuals and businesses across the U.S. He was convicted last August by a…

Source…