7 Ways Data and AI Can Be Used to Trick and Deceive the Public
Interesting Engineering – Hackers have been shown to be able to hack into the grid — with worrying ease — and use data in order to affect traffic in various ways. Cesar Cerrudo, an Argentinian security researcher with IOActive examined the vehicle traffic control system installed at major U.S. cities and presented his findings at the Infiltrate conference in Florida. It showed that they can be manipulated to bring traffic to a standstill or to force cars to change their routes.
The Protocol That’s Putting Enterprise IoT At Extreme Risk
Security Boulevard – A protocol little known by executives outside of the networking world may put the future safety of enterprise IoT at extreme risk if organizations don’t take action to secure their connections. New research out last week found that the way that many large organizations are using the Long Range Wide Area Networking (LoRaWAN) protocol is making them susceptible to hacking that could cause civic disruption and even put people at risk.
Ryuk Ransomware Takes Out Durham, North Carolina
Infosecurity Magazine – The North Carolina city of Durham has become the latest US municipality struck by ransomware after reports suggested the Ryuk variant forced key services offline. “Cities need to start investing more on cybersecurity in general, including education, threat assessment, monitoring, prevention, etc. in order to have well established plans for quick reaction and recovery from cyber-attacks,” commented Cesar Cerrudo, CTO of IOActive.
Ransomware Increasingly Targeting Small Governments
Dark Reading – To get back up and running quickly, and because it’s cheaper, city and county governments often pay the ransom, especially if insurance companies are footing the bill. The result: More ransomware. “Cybercriminals are turning their weapons and targeting local governments because they are easier and juicier targets.”
PPP Daemon flaw opens Linux distros, networking devices to takeover attacks
Helpnet Security – A vulnerability (CVE-2020-8597) in the Point-to-Point Protocol Daemon (pppd) software, which comes installed on many Linux-based and Unix-like operating systems and networking devices, can be exploited by unauthenticated attackers to achieve code execution on – and takeover of – a targeted system.