Tag Archive for: serves

Kansas’ Wolf Creek nuclear power plant hack serves as a warning

/in


Former Burlington Mayor and Coffey County Commissioner Gene Merry remember the news about a hack of the Wolf Creek Nuclear Power facility’s computer system in 2017. At the time, the FBI and Homeland Security said the hack was aimed at corporate computers, not the ones that run the plant.Until Thursday, Merry did not know Russian FSB officers devised that intrusion.”It’s good to know,” Merry said. The longtime Burlington businessman and public official reiterated full confidence in the team at the nuclear power facility, operated by Evergy, one day after federal prosecutors revealed three Russian Federal Security Service (FSB) officers targeted the plant in 2017.Evergy released a statement Thursday saying at no point did attackers ever gain access to the cyber systems that operate the facility or power grid.”I have all the faith in the world of this security at the plant and the safety of the plant,” Merry said.Still, Merry said it is a good reminder for everyone to remain on guard, especially now with the War in Ukraine.A cybersecurity expert agrees.”There will be more and more this kind of attack coming up in the future,” said Yongzhi Joe Wang, assistant professor of computer science and information systems at Park University.Wang said the Wolf Creek hack should remind the energy sector along with companies everywhere to make sure they have the most upgraded software and education about malware attacks for employees.He also said cybersecurity insurance is important for companies.”Then, at least they can get some payment from the insurance company,” he said.The Wolf Creek hacking incident is just one of more than 17,000 hacks into unique devices in the United States and around the world, according to the federal indictment released Thursday.

COFFEY COUNTY, Kan. —

Former Burlington Mayor and Coffey County Commissioner Gene Merry remember the news about a hack of the Wolf Creek Nuclear Power facility’s computer system in 2017.

At the time, the FBI and Homeland Security said the hack was aimed at corporate computers, not the ones that run the plant.

Until Thursday, Merry did not know Russian FSB officers devised that intrusion.

“It’s good to know,”…

Source…

190 Mainers’ data exposed in hack of web company that serves far-right clients

/in


Financial and credit card information belonging to almost 200 Maine residents has been compromised in the hack of a web services company that’s popular with far-right groups.

The 190 Maine residents are among 110,000 people nationwide whose details were leaked in a breach of information from Epik, according to a data breach notice filed with the Maine Attorney General’s office last week. 

The information released through the hack has unmasked some Epik customers as operators behind websites supporting the Jan. 6 Capitol riot and promoting Holocaust denial. 

The compromised information included financial account numbers or credit and debit card numbers, including security codes, access codes, and other passwords needed to gain access to those accounts and cards. 

There were no other identifying details about the Mainers whose data were leaked in the data breach notice filed with the attorney general’s office. 

Almost 10 years’ worth of data from Epik customers, including payment information, domain purchases and transfers, email addresses, and account credentials, were captured, according to Anonymous, the decentralized internet hacking collective that claimed responsibility for the Sept. 13 hack. 

Epik discovered the breach two days later, on Sept. 15.

“We have retained multiple cybersecurity partners to investigate the incident, secure our services, help affected users, and notify you, law enforcement, and other relevant authorities,” Epik wrote in a letter to customers. “We are continuing to communicate with relevant authorities and other stakeholders as well.” 

The company, based outside of Seattle, Washington, said it would offer affected Epik users free credit monitoring until Sept. 15, 2023. 

Epik has been criticized for providing services to extremist groups and websites that had been barred from using other web hosting services for hosting racist and anti-Semitic content, such as the Proud Boys and the social media sites Gab, Parler and 8chan. 

Amazon Web Services cut off Parler’s web service earlier this year due to its links to Jan. 6 Capitol rioters, and 8chan and Gab have been linked to men responsible…

Source…

Google has second thoughts about cutting cookies, so serves up CHIPs • The Register

/in


Last week, third-party cookies received a stay of execution from Google that will allow them to survive until late 2023 – almost two years beyond their previously declared decommission date. But the search-ads-and-apps biz is already planning a resurrection of sorts because third-party cookies are just too useful.

The Chocolate Factory envisions a lesser form of third-party cookie, one that in theory won’t be used for tracking but will be able to support other more acceptable use cases. Google software engineer Dylan Cutler and engineering manager Kaustubha Govind call their confection “partitioned cookies” in a Web Platform Incubator Community Group proposal called “CHIPs.”

Cookies are files that web applications can set in web browsers to store data. They have legitimate uses, like storing data related to the state of the application (e.g. whether you’re logged in), and they can also be used for tracking people across websites.

Third-party cookies – set by scripts that interact with third-party servers – track people by storing a value on one website and then reading that value on another website that implements a similar third-party script. The third-party service in this case then knows all the websites running their script that were visited by the tracked individual.

That’s the sort of privacy-invading behavior that led browser makers like Apple, Brave, Mozilla, and others to block third-party cookies by default. But doing so has created problems by interfering with applications that rely on third-party cookies to deliver services across domain contexts.

The browser security model is based on the distinction between first-party and third-party contexts. When an individual visits a specific web domain, that domain operates in a first party context; services available at other domains are considered third-party and face various limitations on what they can do.

Source…