CyberSec Roundup
A synopsis of the latest Cybersecurity News
CD Project Red hacked
The company that brought us hit games such has The Witcher 3 and CyberPunk 2077 was the victim of a ransomware attack. It appears the attack was done by a lesser-known ransomware group called HelloKitty. When CD Project disclosed the hack, they indicated that they would not be paying the ransom, and were taking mitigation steps with staff and any potentially affected partners. As such, the source code and other stolen information has been put up for auction on the dark web.
Hacker tries to poison water supply
A hacker took control of a computer in a Florida water treatment facility and attempted to poison the water supply by adjusting the lye dosage to a dangerous level. Thankfully an operator recognized what was happening and reversed the action. The hacker was able to access their network via a machine running Windows 7 (which has reached end of life), using TeamViewer which was using shared remote access passwords, with no firewall installed. Quite a bit of low hanging fruit for an attacker.
Accellion retires FTA after breaches
Accellion is a cloud solutions company which was one of the first to facilitate file sharing and collaboration online using their FTA product in the early 2000s. Many businesses and government entities around the world still use the legacy product, even though there are better and more secure alternatives on the market. Sadly, many organizations didn’t keep up with patching their products, and the number of vulnerabilities present in the product began to increase. This led to many breaches in places like New Zealand’s Central Bank, The Australian Securities and Investments Commission, and Singtel. Accellion announced the product’s EOL date will be 30th April, 2021.
By: David Pinder
IT & Security Consultant
Certified Ethical Hacker