Tag Archive for: scans

CISA announces free security scans for public water utilities


The U.S. Cybersecurity and Infrastructure Security Agency is offering free security scans for critical infrastructure facilities, such as water utilities, to help protect them from cyberattacks.

The midweek announcement comes as water treatment facilities across the country have suffered from rising security threats over the past two years, including a recent attempt to compromise the safety and protection systems of the water treatment facility in Discovery Bay, California, by a former employee of one of the plant’s vendors.

In 2021, CISA and other agencies, including the FBI, Environmental Protection Agency and National Security Agency, issued a joint advisory report documenting the ongoing cybersecurity vulnerabilities in water systems nationwide, which “threaten their ability to provide potable water and effectively manage their wastewater.”

Drinking water and wastewater systems often offer public-facing applications that can be vulnerable to attack, potentially disrupting or halting operations.

CISA agents run specialized scanners to identify a facility’s vulnerabilities and weak configurations in internet-exposed endpoints, commonly used for initial access by threat actors and some ransomware groups.

Depending on the severity of flaws and vulnerabilities found, reports are generated within one to six days. The federal agency sends weekly reports with recommendations, while further scans determine if the water utilities have taken the steps to solve previously disclosed issues.

CISA’s new no-cost scanning program was co-developed with the EPA, the Water Sector Coordinating Council and the Association of State Drinking Water Administrators. CISA encouraged all drinking water and wastewater system operators to enroll in the service.

In the announcement, CISA said it aims to significantly reduce identified vulnerabilities in the first few months of security scans.

Source…

Estonia arrests hacker who stole 286K ID scans from govt database


Estonia arrests hacker who stole 286K ID scans from govt database

Image: Stanislav Rabunski

A Tallinn man was arrested a week ago in Estonia under suspicion that he has exploited a government photo transfer service vulnerability to download ID scans of 286,438 Estonians from the Identity Documents Database (KMAIS).

The attacker was apprehended on July 23, following a Cybercrime Bureau of the National Criminal Police and RIA joint investigation that started after RIA was alerted of a higher than the usual number of queries.

“During the searches, investigators found the downloaded photos from a database in the person’s possession, along with the names and personal identification codes of the people,” Oskar Gross, head of the police’s cybercrime unit, said.

“Currently, we have no reason to believe that the suspect would have used or transmitted this data maliciously, but we will further clarify the possible motives for the act in the course of the proceedings.”

Stolen info cannot be used for fraud

The suspect downloaded the government document photos using the targets’ names and personal ID codes (available from various public databases).

RIA added that the stolen information could not be used to perform notarial or financial transactions or gain access to state digital services by impersonating the impacted individuals.

“It is not possible to gain access to e-services, give a digital signature, or to perform different financial transactions (incl. bank transfers, purchase and sales transactions, notarial transactions, etc.) using a document photo, personal identification code, or name,” RIA Director General Margus Noormaa added.

“People whose document photos have been stolen need not apply for a new physical or digital document (passport, ID-card, residence permit card, mobile-ID or Smart-ID, etc.) or take a new document photo. All identity documents and photos remain valid.”

All impacted individuals to be notified via email

Although the vulnerability was introduced in the system and could’ve been exploited several years ago, current evidence doesn’t show that such an attack has happened since then.

RIA also said that the data was not transferred from the suspect’s computer after it was stolen from KMAIS, and there is no reason to believe…

Source…

Iris scans as ID grow in use

Iris scanner technology is emerging in smartphones, including the new Samsung Note 7, but is expected to come soon to cars and ATM machines to verify a user’s identity.

Experts say an iris scan can be more reliable than a fingerprint scan, which is a big reason it is expected to be used in more devices in coming years. Each iris, the colorful part of the eye that forms a ring around the pupil, is unique and therefore a good biometric indicator.

Samsung’s Android 6-based Note 7, which shipped on Aug. 19, takes advantage of the technology as well as the Windows 10 Mobile-based HP Elite X3.

To read this article in full or to leave a comment, please click here

Network World Security

VirusTotal now Scans Mac OS X Apps for Malware

Google has decided to add support for Mac OS X malware detection to its VirusTotal web-based service. VirusTotal — launched in 2004 and acquired by Google in 2012 — is a free and popular online service for security researchers and Hackers that lets you …
mac hacker – read more