7-8-19 – News This Past Week

US wants to isolate power grids with ‘retro’ technology to limit cyber-attacks
The US is very close to improving power grid security by mandating the use of “retro” (analog, manual) technologies on US power grids as a defensive measure against foreign cyber-attacks that could bring down power distribution as a result
https://www.zdnet.com/article/us-wants-to-isolate-power-grids-with-retro-technology-to-limit-cyber-attacks/

Cyberwarfare in space: Satellites at risk of hacker attacks
Old IT systems, supply-chain vulnerabilities and other technological issues leave military satellite communications open to disruption and tampering with potentially chaotic consequences, says research paper
https://www.zdnet.com/article/cyberwarfare-in-space-satellites-at-risk-of-hacker-attacks/

Intel and Auto Industry Leaders Publish New Automated Driving Safety Framework
Intel, in collaboration with 10 industry leaders in automotive and autonomous driving technology, today published “Safety First for Automated Driving,” a framework for the design, development, verification and validation of safe automated passenger vehicles

Intel and Auto Industry Leaders Publish New Automated Driving Safety Framework

Autonomous vehicles fooled by drones that project too-quick-for-humans road-signs
Such an attack would leave no physical evidence behind and could be used to trick cars into making maneuvers that compromised the safety or integrity of their passengers and other users of the road — from unexpected swerves to sudden speed-changes to detours into unsafe territory

Autonomous vehicles fooled by drones that project too-quick-for-humans road-signs

YouTube’s Policy on Hacking Tutorials is Problematic
Recently YouTube changed its policy on “hacking” tutorials to an essential blanket ban. In the past, such content was occasionally removed under YouTube’s broad “Harmful and Dangerous Content” clause, which prohibited videos “encouraging illegal activity”.

YouTube’s Policy on Hacking Tutorials is Problematic

Many Phoenix Contact PLCs Still Vulnerable Months After Researcher Issues Warning
Several months after a researcher issued a warning about over 1,200 Phoenix Contact programmable logic controllers (PLCs) being exposed to remote attacks from the internet, many organizations still haven’t taken any measures to secure their systems
https://www.securityweek.com/many-phoenix-contact-plcs-still-vulnerable-months-after-researcher-issues-warning

Cybersecurity Experts Worry About Satellite & Space Systems
As nation-states and rogue actors increasingly probe critical infrastructure, policy and technology experts worry that satellite and space systems are on the front lines
https://www.darkreading.com/attacks-breaches/cybersecurity-experts-worry-about-satellite-and-space-systems/d/d-id/1335131

Cybersecurity Experts Worry About Satellite & Space Systems
As nation-states and rogue actors increasingly probe critical infrastructure, policy and technology experts worry that satellite and space systems are on the front lines
https://www.darkreading.com/attacks-breaches/cybersecurity-experts-worry-about-satellite-and-space-systems/d/d-id/1335131

Intel and the auto industry pen first safety rules for self-driving cars
Aptiv, Audi, Baidu, BMW, Continental, Daimler, Fiat Chrysler Automobiles, Here Technologies, Infineon and Volkswagen were all involved in crafting the paper, which established 12 principles for autonomous vehicles
https://www.engadget.com/2019/07/02/intel-safety-first-automated-driving-principles-paper/

Building a Higher Standard: NVIDIA Selected to Lead Industry Safety Group
These organizations, which count major automakers, suppliers and startups as members, are critical in developing regulations and standards for autonomous vehicles
https://blogs.nvidia.com/blog/2019/07/01/higher-standard-lead-industry-safety-group/

Senate passes cybersecurity bill to decrease grid digitization, move toward manual control
A 2015 cyberattack in Ukraine that led to a blackout for 250,000 people “inspired in part” the legislation, according to King’s statement. Manual controls on Ukraine’s system prevented the attack from having a larger impact.
https://www.utilitydive.com/news/senate-passes-cybersecurity-bill-to-decrease-grid-digitization-move-toward/557959/

Hardcoded Credentials Expose SICK Controllers to Remote Attacks
The affected controllers, which according to the U.S. Department of Homeland Security (DHS) are used worldwide, particularly in the critical manufacturing sector, are affected by a critical vulnerability tracked as CVE-2019-10979
https://www.securityweek.com/hardcoded-credentials-expose-sick-controllers-remote-attacks

Posted in Uncategorized.