Default password hole almost drowns an irrigation app, Nitro PDF hack and more ransomware.
Welcome to Cyber Security Today. It’s Wednesday October 28. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Many organizations still fail to plug what could be a dangerous hole in their cybersecurity: Not changing the default passwords on computer systems. Usually these default passwords are easy to guess, leaving a path for hackers. The latest example is an Internet-connected irrigation management application called ICC Pro from a division of Motorola. It’s used by municipalities in Canada, Australia, Israel and other countries to manage water systems in their parks. The ZDNet news service reports that an Israeli security firm recently searched the Internet discovered that over 100 of these systems were open and unprotected. Worse than having a guessable default passwords, ICC Pro ships with no password to its administrative console, leaving it to be filled in. That would make it even easier for a hacker to cause mischief — like tampering with the water pressure — or system damage. Motorola has been notifying customers. The computer emergency response team in Israel, where more than half of the exposed systems were located, has also issued an alert. In a worst-case scenario a hacker could jump from an irrigation system to the IT network of an organization. The lesson here is IT managers have to regularly check the administrative passwords of every system in their firm.
Organizations with staff using the Nitro PDF service for creating PDFs and digital documents are being warned the company suffered what it calls a “low impact security incident.” The notice to customers says someone got “limited access” to Nitro’s database. However, the Bleeping Computer news service says a cybersecurity firm told it a hacker is selling documents it claims to have stolen from the company’s cloud service. These documents allegedly are financial and business reports of customers. Asked for comment Nitro told Bleeping Computer there is no evidence sensitive financial data of customers was compromised.
Three ransomware attacks to tell you about: American office furniture manufacturer Steelcase has told regulators it suffered a cyberattack last week. The Bleeping Computer news service was told by a source it was ransomware. A European energy provider called Enel Group has been hit by ransomware for the second time this year. And a ransomware attack hobbled the election infrastructure of a county in the U.S. state of Georgia preparing for next week’s American elections. According to the Gainesville Times, the attack disabled the county’s voter signature database. While the voting process won’t be affected, verification of signatures has been slow because staff have to lookup hard copies of voter registration cards. Earlier this month Federal officials said Russian hackers had infiltrated dozens of state and local government networks raising worries about mischief during next week’s U.S. elections.
I’ll be talking about election security and misinformation on my weekend podcast with guest analyst Dinah Davis of Arctic Wolf Networks.
Finally, a U.S. law firm that works for Google has been suffered a security incident. In a regulatory filing the firm of Fragomen, Del Rey, Bernsen & Loewy said an unauthorized person accessed a file with personal information about a number of current and former Google employees. The file included a Form I-9, filled out by employees to declare their citizenship and eligibility to work in the U.S. That form would include an employee’s name, mailing address, date of birth, email address, phone number, social security number and passport numbers. There was no indication on whether this was a hack by an outsider or an insider improperly accessing the file.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.