I found the following article on infoRisk today; “White House Warns Of Cyberthreats Over Labor Day Weekend.” The U.S Cybersecurity and Infrastructure Security Agency (CISA) along with the FBI and Deputy National Security Adviser, Anne Neuberger, alerted operators of U.S. critical infrastructure earlier this week to take additional precautions over Labor Day weekend. Considering organizations are understaffed and security operators may be away for the holiday, threat groups take advantage to conduct large-scale and damaging ransomware attacks; due to the long weekend, attackers may feel more confident that they have extra time to navigate the network before being detected. However, there is no specific threat information available which makes it more difficult to know what to look out for. Therefore, they can only rely on history. The article stated that “The last three major ransomware attacks that have targeted mainly U.S. companies and firms have all coincided with a holiday weekend.” Just a few months ago during Mother’s Day weekend, Russian ransomware criminals launched a cyberattack on the Colonial Pipeline Co., forcing the company to proactively close down operations and freeze IT systems and affecting fuel shipments to the East Coast for several days. It seems as though U.S. officials are fed up with the Russian government intentionally ignoring cybercrime operating within its border despite the president denying the allegations. Neuberger suggested updating and changing passwords, implementing multi-factor authentication, installing updates to close backdoors in the network, and creating backups for files and data. As for the government agencies, they will be working together over the weekend to note any early signs of an attack, be “fully prepared”, and ready to respond quickly.
This article called “Digital State IDs Start Rollouts Despite Privacy Concerns” is from Threat Post. Apple launched a digital ID plan in June. As Arizona and Georgia add driver’s licenses and IDs to digital wallets, some other states have also started digital ID plans. In order to protect the security of the identity information on the device, Apple has encrypted the DL and ID for device privacy and security. Apple claims that ID information can only be obtained when the user unlocks the device.
However, the security company Syndis reported on Iceland’s digital ID security issues in January 2020: 1. People can modify their digital ID; 2. Anyone with an Apple developer account can get anyone’s digital ID. People can update the list and use their own signature key to change the license and obtain a new valid license, and this is no different from the ID issued by the government.
EFF, ACLU, and EPIC believe that the data of these electronic IDs will be tracked. For example, when you go to buy coffee, some devices can read your information even if you do not unlock the ID and are close to the reader. This means that all people’s information will be exposed in daily life.
I found an article about how EV infrastructure could be at risk.
In the rush to set up EV charging infrastructure, some manufacturers haven’t thought enough about security. Public chargers designed to be interoperable, so that EV drivers can charge and pay at different stations along their routes, could be vulnerable to a cyberattack that targets their connectedness, a typical way in for hackers to launch an attack that can quickly scale across a network.
Hackers could use chargers to gain entry to a home or business network, depending on where a charging station is installed, testing by cyber consulting company Pen Test Partners suggests.
User accounts for public charging stations are also at risk, creating the potential for a car charge to be billed to the wrong account, Pen Test Partners found. There is a lack of standards for safeguarding charging stations or certifying their security.
I found the following article on infoRisk today; “White House Warns Of Cyberthreats Over Labor Day Weekend.” The U.S Cybersecurity and Infrastructure Security Agency (CISA) along with the FBI and Deputy National Security Adviser, Anne Neuberger, alerted operators of U.S. critical infrastructure earlier this week to take additional precautions over Labor Day weekend. Considering organizations are understaffed and security operators may be away for the holiday, threat groups take advantage to conduct large-scale and damaging ransomware attacks; due to the long weekend, attackers may feel more confident that they have extra time to navigate the network before being detected. However, there is no specific threat information available which makes it more difficult to know what to look out for. Therefore, they can only rely on history. The article stated that “The last three major ransomware attacks that have targeted mainly U.S. companies and firms have all coincided with a holiday weekend.” Just a few months ago during Mother’s Day weekend, Russian ransomware criminals launched a cyberattack on the Colonial Pipeline Co., forcing the company to proactively close down operations and freeze IT systems and affecting fuel shipments to the East Coast for several days. It seems as though U.S. officials are fed up with the Russian government intentionally ignoring cybercrime operating within its border despite the president denying the allegations. Neuberger suggested updating and changing passwords, implementing multi-factor authentication, installing updates to close backdoors in the network, and creating backups for files and data. As for the government agencies, they will be working together over the weekend to note any early signs of an attack, be “fully prepared”, and ready to respond quickly.
Link to the article: https://www.inforisktoday.com/white-house-warns-cyberthreats-over-labor-day-weekend-a-17446
This article called “Digital State IDs Start Rollouts Despite Privacy Concerns” is from Threat Post. Apple launched a digital ID plan in June. As Arizona and Georgia add driver’s licenses and IDs to digital wallets, some other states have also started digital ID plans. In order to protect the security of the identity information on the device, Apple has encrypted the DL and ID for device privacy and security. Apple claims that ID information can only be obtained when the user unlocks the device.
However, the security company Syndis reported on Iceland’s digital ID security issues in January 2020: 1. People can modify their digital ID; 2. Anyone with an Apple developer account can get anyone’s digital ID. People can update the list and use their own signature key to change the license and obtain a new valid license, and this is no different from the ID issued by the government.
EFF, ACLU, and EPIC believe that the data of these electronic IDs will be tracked. For example, when you go to buy coffee, some devices can read your information even if you do not unlock the ID and are close to the reader. This means that all people’s information will be exposed in daily life.
Link: https://threatpost.com/digital-state-ids-rollouts-privacy/169136/
I found an article about how EV infrastructure could be at risk.
In the rush to set up EV charging infrastructure, some manufacturers haven’t thought enough about security. Public chargers designed to be interoperable, so that EV drivers can charge and pay at different stations along their routes, could be vulnerable to a cyberattack that targets their connectedness, a typical way in for hackers to launch an attack that can quickly scale across a network.
Hackers could use chargers to gain entry to a home or business network, depending on where a charging station is installed, testing by cyber consulting company Pen Test Partners suggests.
User accounts for public charging stations are also at risk, creating the potential for a car charge to be billed to the wrong account, Pen Test Partners found. There is a lack of standards for safeguarding charging stations or certifying their security.
Link: https://news.bloomberglaw.com/privacy-and-data-security/electric-vehicle-infrastructure-push-brings-cyber-concerns