Daily Perk 2/9/2021

WordPress Advisory: Critical vulnerability found in NextGen Gallery plugin. Cross-site request forgery and potential remote code execution will lead to more than tears. Over 800k installs out there and 530k still need to patch.

Security Gaps in OT Exposed With Hacker Attempt to Poison Florida City Water per SC Media

Let this serve as more than just a cautionary tale because next time the consequences could be deadly. An unknown attacker gained remote access and tried to increase the quantity of sodium hydroxide, or lye, in the water treatment plant. Apparently the specialized ICS and SCADA systems running the plant were “outdated, unpatched and available for review on the internet, leaving them incredibly vulnerable to compromise.”

ICS and SCADA were not designed to be internet-facing, so that when facilities using them get set up online, the necessary security, monitoring and controls are not in place. It’s easy for attackers to scan for and find exposed instances, increased by the need for remote work.

Attacks on critical infrastructure have increased over the past year, either as a crime of opportunity by low-level attackers or by highly targeted attacks by nation states, such as Iran’s attack on Israeli water systems in 2020.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s