An Unprecedented Cyberattack Hit US Power Utilities
This week saw some aftershocks from recent revelations about a large-scale iOS hacking campaign. Brokers of so-called zero day exploits—the kind that companies haven’t yet patched—have started charging more for Android hacks than iOS for the first time. And Apple finally released a statement that both criticized Google’s characterization of the attacks and downplayed the significance of the targeted surveillance of at least thousands of iPhone owners.
We took a look at a bug in Supermicro hardware that could let hackers pull off a USB attack virtually. Google open-sourced its differential privacy tool, to help any company that crunches big data sets invade your privacy less in the process. And speaking of privacy, we detailed the 11 settings you need to check on Windows 10 to preserve yours.
And while it feels like forever ago that Jack Dorsey’s Twitter account got hacked, it’s worth revisiting exactly how it happened. (Twitter this week closed the texting loophole at the heart of it.) We also took a look at Jeremy Renner’s content moderation woes. Bet you weren’t expecting to see that sentence in your lifetime.
And there’s more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in-depth but which we think you should know about nonetheless. Click on the headlines to read them, and stay safe out there.
Hackers Hit US Power Utilities With a Cyberattack
Let’s not overplay this: There was no blackout, and it’s not even clear that it was a specifically targeted attack. But hackers did use firewall vulnerabilities to cause periodic “blind spots” for grid operators in the western US for about 10 hours on March 5. It’s the first known time a cyberattack has caused that kind of disruption—which, again, did not affect the actual flow of electricity—at a US power grid company. The incident was originally referenced in a Department of Energy report in April, but only in vague terms. A new North American Electric Reliability Corporation document described it in more detail, including the type of vulnerabilities that let hackers compromise the web portals in question. No need to panic about this incident specifically, but given the extent to which Russia and others continue to probe the power grid, it’s an unsettling reminder that weaknesses are out there.