Cryptocurrency Mining Employees Expose Nuclear Plant to Internet

Cryptocurrency Mining Employees Expose Nuclear Plant to Internet

While the cybersecurity world took a collective deep breath after the Black Hat and Defcon hacker conferences, there was still plenty of news to be had this week. After first announcing an iOS-compatible YubiKey in January, Yubico has finally released it. We also took a deep dive into the security and privacy enhancements coming to Android 10, the first Android version to ditch the dessert naming system. You can jailbreak your iPhone again for the first time in years, but probably shouldn’t. And that’s just for starters!

As the robocall crisis rages on, state attorneys general and a dozen major telecoms finally decided to do something about it. Google, Mozilla, and Apple all fought back against Kazakhstan’s attempts to spy on its citizens’ encrypted internet traffic. China used fake accounts and state media to spread disinformation and denigrating comments about Hong Kong protestors across Facebook, Twitter, and YouTube. And Facebook introduced a long-awaited privacy feature, but (of course) it comes with a catch.

We looked at the state of library cybersecurity and what it means for the upcoming 2020 census. And the Consumer Financial Protection Bureau is proposing some bad security hygiene in its new rules around debt collection.

Lastly, we celebrated the rich history of vanity license plates backfiring, and the decidedly less amusing future of cyberwar.

And there’s more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in-depth but which we think you should know about nonetheless. Click on the headlines to read them, and stay safe out there.

Employees at a Nuclear Power Plant Mined Cryptocurrency on the Job

Cryptojackers—the hackers who insert themselves into networks to mine Cryptocurrency—have targeted critical infrastructure before. But this time, the mining was coming from inside the building. Employees at the South Ukraine Nuclear Power Plant reportedly hooked up their mining rigs to the plant’s internal network. The bad news is that they exposed the plant to the broader internet, which is understandably not ideal for high-security nuclear plants. The good news, or at least less-bad news, is that the accused staff apparently hit the administrative offices, rather than the plant’s industrial network. Either way, looking forward to a Simpsons episode about this sometime in 2025.

Feds Indict 80 Scammers in Sprawling Phishing Indictment

We’ve written plenty about the perpetual effectiveness of Nigerian email scammers. But if you need any more proof, look no further than this 145-page indictment, in which the Department of Justice chronicles dozens of sophisticated cases, allegedly committed by 80 individuals, that stole tens of millions of dollars from companies and individual victims alike. It’s unc

Read More

Leave a reply