3 months after cyberattack that threatened ‘public health crisis,’ Jersey City MUA computer systems still not fully restored

The recent cyberattack at the Jersey City Municipal Utilities Authority inflicted damage that lasted months and threatened to cause a “public health crisis,” the agency said.

Officials from Jersey City and the autonomous utilities agency have said little about the Sept. 30 ransomware attack, which MUA documents said blocked access to “vital” water and sewer information.

But the MUA spent nearly half a million dollars to address the attack, and the agency’s computer systems were still not fully functional even three months after the cyber incursion, an MUA resolution passed last month shows.

At a Dec. 17 meeting, the MUA Board of Commissioners voted to approve a new $391,000 emergency contract with cyber security firm Digital Team Six for “technical restoration services,” according to a resolution obtained through an Open Public Records request. The new contract was “necessary to avert a public health crisis,” the resolution said.

“Despite repeated efforts … problems continued to be encountered with restoring all of the JCMUA’s internet technology network to full operation,” the resolution states, adding that “it has become increasingly apparent that advanced technical assistance will be required.”

But the extent of the potential “public health crisis” is unclear. JCMUA Executive Director Jose Cunha could not be reached for comment and MUA Board of Commissioners Chair Maureen Hulings declined to comment. Digital Team Six staff did not immediately respond to requests for comment.

The contract comes on the heels of an $18,675 contract with a different information technology firm, as well as a $25,000 contract with Pennsylvania law firm Mullen Coughlin to investigate the incident — putting known expenditures related to the incident at $434,675. MUA officials expected at least $25,000 of that to be covered by insurance.

It’s also unclear exactly what the hacker or hackers wanted to target. However, the attack caused the agency to “lose access to vital information and documentation related to the provision of water and sewerage services to the citizens of the City of Jersey City,” an October resolution reads.

In ransomware attacks, hackers block…


Cisco fixes Security Manager vulnerabilities with public exploits

Cisco has released security updates to address multiple pre-authentication vulnerabilities with public exploits affecting Cisco Security Manager that could allow for remote code execution after successful exploitation.

Cisco Security Manager helps manage security policies on a large assortment of Cisco security and network devices, and it also provides summarized reports and security event troubleshooting capabilities.

This product works with a wide array of Cisco security appliances including but not limited to Cisco ASA appliances, Cisco Catalyst 6000 Series Switches, Integrated Services Routers (ISRs), and Firewall Services modules.

Proof-of-concept exploits available since November

“The Cisco Product Security Incident Response Team (PSIRT) is aware of public announcements about these vulnerabilities,” the advisory says.

These vulnerabilities impact Cisco Security Manager releases 4.22 and earlier and they were disclosed by Cisco on November 16, after being reported by Code White security researcher Florian Hauser in August. 

Hauser shared proof-of-concept exploits for all 12 Cisco Security Manager vulnerabilities he reported after Cisco PSIRT stopped responding.

Luckily, at the moment, Cisco says that they are not aware of any ongoing attacks exploiting the vulnerabilities patched today.

“Cisco PSIRT is not aware of malicious use of the vulnerabilities that are described in this advisory,” Cisco adds.

Security updates available

Cisco addressed two of the 12 vulnerabilities (CVE-2020-27125 and CVE-2020-27130) but didn’t provide any security updates to fix multiple security bugs, collectively tracked as CVE-2020-27131.

The vulnerabilities were found by Hauser in the Java deserialization function in Cisco Security Manager and are caused by “insecure deserialization of user-supplied content by the affected software.”

Following successful exploitation, they could allow unauthenticated attackers to execute arbitrary commands remotely on vulnerable devices.

“An attacker could exploit these vulnerabilities by sending a malicious serialized Java object to a specific listener on an affected system,” Cisco explains.

“A successful exploit could allow the attacker…


Woburn Public Library events, Dec. 2-8

Stock photo.

Registration is required for library events unless otherwise specified. To sign up, visit The library is open 9 a.m.-9 p.m. Monday-Thursday and 9 a.m.-5:30 p.m. Friday-Saturday. The library is closed for cleaning 1-2 p.m. Mondays, Wednesdays, Fridays and Saturdays, and 4:30-5:30 p.m. Tuesdays and Thursdays.

The robots are here

Want to play with a robot? Come play with one of the library’s new Sphero balls. Drive it, program it, turn it into a disco ball, smash it into a wall — it’s designed to do what you want it to do. An easy beginner entry into the world of robotics, the library’s robotic Sphero balls offer an experiential learning opportunity.

Get your music on

Want to learn to rock those first three guitar chords? Or the harmonica solo from that Dylan song? Or the ukelele from “Over the Rainbow” for your friend’s wedding next year? Take advantage of the library’s free music lessons available through a partnership with ArtistWorks — from piano to French horn to hip hop scratch, with lessons taught by Grammy Award-winning professionals.

Adult events

Story Time for Parents: What is Dialogic Reading: 7-8 p.m. Dec. 8. Learn about Dialogic Reading — what it is, how it supports your child’s language development, increases vocabulary, engagement with books and other pre-literacy skills. Jodi will demonstrate how to incorporate dialogic reading and create a more engaging and interactive reading experience. Limit 20 families.


Baltimore Co. Public Schools cancel classes on Nov. 30 and Dec. 1 due to ransomware attack

Baltimore County public schools will be closed, and distance learning canceled, on Monday, Nov. 30 and Tuesday, Dec. 1 due to a recent ransomware attack on the school district’s IT system.

Baltimore County public schools will be closed, and distance learning canceled, on Monday, Nov. 30 and Tuesday, Dec. 1 due to a recent ransomware attack on the school district’s IT system.

The school system’s offices will be open and staff will receive information about the upcoming week, according to a message posted on the district’s Twitter feed.

The attack was discovered on Wednesday, Nov. 25 and according to the county, investigators and school staff have been working through the Thanksgiving break trying to get the school’s system back on line.

The attack came shortly after a state audit revealed the school system’s vulnerability.

In spite of a long weekend of work, a tweet sent out on Saturday, Nov. 28 said the county’s schools will not be able to hold instruction at the start of next week.

Schools will distribute meals for students on Monday and Wednesday at over 300 locations.

The school system called it a “crisis” and thanked its constituents for their patience as they worked toward a resolution.

On Friday, a state audit showed the county had not safeguarded sensitive personal information, according to a story published by The Associated Press. The news of the audit came Tuesday, followed by the ransomware attack a day later.

Due to the coronavirus pandemic, 115,000 students are taking classes online. With the shutdown, they will not be able to receive instruction at the beginning of the upcoming week.

Like WTOP on Facebook and follow @WTOP on Twitter to engage in conversation about this article and others.

Get breaking news and daily headlines delivered to your email…