Cryptocurrency Mining Employees Expose Nuclear Plant to Internet
While the cybersecurity world took a collective deep breath after the Black Hat and Defcon hacker conferences, there was still plenty of news to be had this week. After first announcing an iOS-compatible YubiKey in January, Yubico has finally released it. We also took a deep dive into the security and privacy enhancements coming to Android 10, the first Android version to ditch the dessert naming system. You can jailbreak your iPhone again for the first time in years, but probably shouldn’t. And that’s just for starters!
As the robocall crisis rages on, state attorneys general and a dozen major telecoms finally decided to do something about it. Google, Mozilla, and Apple all fought back against Kazakhstan’s attempts to spy on its citizens’ encrypted internet traffic. China used fake accounts and state media to spread disinformation and denigrating comments about Hong Kong protestors across Facebook, Twitter, and YouTube. And Facebook introduced a long-awaited privacy feature, but (of course) it comes with a catch.
We looked at the state of library cybersecurity and what it means for the upcoming 2020 census. And the Consumer Financial Protection Bureau is proposing some bad security hygiene in its new rules around debt collection.
And there’s more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in-depth but which we think you should know about nonetheless. Click on the headlines to read them, and stay safe out there.
Cryptojackers—the hackers who insert themselves into networks to mine Cryptocurrency—have targeted critical infrastructure before. But this time, the mining was coming from inside the building. Employees at the South Ukraine Nuclear Power Plant reportedly hooked up their mining rigs to the plant’s internal network. The bad news is that they exposed the plant to the broader internet, which is understandably not ideal for high-security nuclear plants. The good news, or at least less-bad news, is that the accused staff apparently hit the administrative offices, rather than the plant’s industrial network. Either way, looking forward to a Simpsons episode about this sometime in 2025.
We’ve written plenty about the perpetual effectiveness of Nigerian email scammers. But if you need any more proof, look no further than this 145-page indictment, in which the Department of Justice chronicles dozens of sophisticated cases, allegedly committed by 80 individuals, that stole tens of millions of dollars from companies and individual victims alike. It’s unc