News This Past Week 2017-07-09

Russian hackers target the US nuclear industry
The New York Times and Bloomberg both claim that Russian hackers have been attempting to infiltrate America’s nuclear power industry. The infiltrations themselves have been public knowledge since last week, but now fingers are being pointed towards the usual suspects.
https://www.engadget.com/2017/07/07/russian-hackers-target-the-us-nuclear-industry/

Unpatched Flaws in Schneider Electric U.motion Builder Disclosed
Schneider Electric’s U.motion is a building automation solution used around the world mainly in the commercial facilities, critical manufacturing and energy sectors. U.motion Builder is a tool that allows users to create projects for their U.motion devices
http://www.securityweek.com/unpatched-flaws-schneider-electric-umotion-builder-disclosed

Breach at US nuclear plants raises concerns in wake of Petya
For anyone old enough to remember the 1980s, the Chernobyl accident and the radiation it released in a cloud across Europe is a byword for nuclear disaster, and the human tendency to underestimate the importance of having a plan B. The area around the plant (pictured)  is still an abandoned exclusion zone, 31 years after the disaster
https://nakedsecurity.sophos.com/2017/07/03/breach-at-us-nuclear-plants-raises-concerns-in-wake-of-petya/

In ExPetr/Petya’s shadow, FakeCry ransomware wave hits Ukraine
While there is little doubt that MeDoc users were infected via malicious updates with ExPetr, it appears that ExPetr was not the only malware they received. Our telemetry confirms that MeDoc users received at least one other malicious program at the same time. This additional malware, which was run as “ed.exe” in the “MeDoc” program folder
https://securelist.com/in-expetrpetyas-shadow-fakecry-ransomware-wave-hits-ukraine/78973/

Intel AMT bug bit Siemens industrial PCs
You don’t need state-sponsored hackers to crack industrial control systems, just an empty Intel AMT login – something Siemens started patching against last week
https://www.theregister.co.uk/2017/07/03/intel_amt_bug_bit_siemens_industrial_pcs/

This weekly report was compiled, with comments, by Tim Anater (@bfbcping). Tim comments on security, beer, and movies. In that order. All views are his, except links. Those belong to whomever is on the other side of the link.

Posted in Uncategorized and tagged , , , , , , , , , , , , , .