The US government recently published new guidance aimed at helping organizations in the water and wastewater (WWS) sector improve their cyber resilience and incident response capabilities.  Released in response to an increased interest by financially and politically motivated threat actors in the United States WWS sector, the guide outlines how water utility owners and operators can interact with federal partners to prepare for, mitigate, and respond to incidents.

Protect AI has released a new report highlighting vulnerabilities recently discovered in open-source Artificial Intelligence (AI) and Machine Learning (ML) tools by its bug bounty program. The first vulnerability posed a significant risk of server takeover and the loss of sensitive data. The MLflow tool, used for storing and tracking models, was discovered to contain a critical flaw in its code that could trick users into connecting to a malicious remote data source, thus allowing attackers to run commands on a victim's system.

A novel campaign is targeting vulnerable Docker services, with threat actors deploying both the XMRig cryptocurrency miner and the 9Hits Viewer software as part of a multi-pronged monetization strategy. According to the cloud security company Cado, this is the first documented case of malware using the 9Hits application as a payload. The development further demonstrates that adversaries are constantly looking for new ways to profit from compromised hosts. This article continues to discuss findings regarding the novel campaign targeting vulnerable Docker services.

Border0 researchers warn that users who expose poorly secured PostgreSQL and MySQL servers online risk having their databases wiped by a ransomware bot. The attackers request a small sum to return and not publish the data. However, those who pay will not recover their data because the bot takes a small portion of it before wiping it all. This article continues to discuss how the ransomware bot operates. 

An analysis of Chaes version 4.1 reveals hidden ASCII art and a message to cybersecurity researchers, thanking them for their interest in the malware. The current Chaes campaign uses a Portuguese-language email regarding an important legal matter. If the user clicks the malicious link in the email, they are taken to a spoofed TotalAV website, where they are asked to enter their password to download a document. This article continues to discuss findings from the analysis of Chaes 4.1.

Have I Been Pwned has added about 71 million email addresses associated with stolen accounts listed in the Naz.API data set to its data breach notification service. The Naz.API data set contains 1 billion credentials gathered from credential stuffing lists and data stolen by information-stealing malware. Credential stuffing lists are collections of username and password pairs stolen from past data breaches. They are used to compromise accounts on other websites.

The US Department of Energy (DoE) recently announced plans to invest $30 million in projects aimed at securing the clean energy infrastructure against cyber threats.  Meant to support the research, development, and demonstration (RD&D) of innovative cybersecurity tools, the federal funding is provided as part of the Biden-Harris administration’s efforts to improve the country’s energy and national security.

According to CISA, the Rapid SCADA open source industrial automation platform is affected by several vulnerabilities that could allow hackers to gain access to sensitive industrial systems, but the flaws remain unpatched.  Rapid SCADA is advertised as ideal for industrial automation and IIoT systems, energy accounting systems, and process control systems.

According to security researcher Eaton Zveare, a series of misconfigurations and security vulnerabilities allowed him to access customer information stored in an email account at Toyota Tsusho Insurance Broker India (TTIBI).  The researcher noted that the unauthorized access was possible because the TTIBI site had a dedicated Eicher Motors subdomain with a premium calculator.

The Cybersecurity and Infrastructure Security Agency (CISA) has released its fourth annual Year in Review, which highlights the US agency's efforts to protect the nation from cyber and physical threats as well as improve the resilience of critical infrastructure. The 2023 Year in Review delves into the agency's achievements in its cybersecurity, infrastructure security, and emergency communications missions.