Surfing the Cyber Tsunami: Epic Fails and Triumphs in the World of Cybersecurity!

Water we doing about cybersecurity? Apparently, not enough! This week, the EPA decided to wash its hands of cybersecurity measures for the water sector. But don’t worry, they insist they’re still committed to water sector cybersecurity measures. Let’s hope our tap water doesn’t get hacked!

Hot Take:

Water we dealing with here? A week where cybersecurity turns into a literal water fight with the EPA rescinding cyber regulations for the water sector (I guess they thought it was all wet). Meanwhile, Cisco is under attack, Signal is playing the blame game, and ServiceNow has a data exposure issue. But don’t worry, the CIA has left an open channel to… oh wait, that’s been hijacked too. In other news, the US and UAE are partnering up to bolster financial services cybersecurity, after which I’m sure they’ll take a camel ride together into the sunset. It’s a wild ride in the world of cybersecurity, folks!

Key Points:

  • EPA withdraws its cybersecurity regulations for the water sector due to legal challenges from Republican states and trade associations.
  • Over 10,000 Cisco devices are under threat due to a previously undisclosed zero-day bug.
  • Signal debunks a zero-day exploit claim, stating they have no evidence of its existence.
  • A data exposure issue with ServiceNow’s Simple List feature has been identified, potentially exposing user information.
  • The UK fines Equifax over £11 million for a 2017 data breach due to negligent outsourcing practices.

Need to know more?

Take a SIP of this Water Fight!

In a surprising move, the EPA is backing out of making sure our water utilities are cybersecure. Despite this, they insist they're still committed to cybersecurity in the water system, which is a relief because I'm pretty sure no one wants their tap water hacked.

Cisco's Zero-Day Spa

Apparently, taking a day off isn't an option when you're a Cisco IOS XE device. Over 10,000 of these devices are facing a critical zero-day bug that attackers are exploiting. While there's no patch available yet, admins should disable the web interface and keep a lookout for suspicious user accounts.

Signal's Whistleblowing Whistleblowers

Signal, the encrypted messaging app, claims that the zero-day exploit making rounds on Mastodon and LinkedIn is a false alarm. If you do find a real vulnerability, though, they're asking researchers to send them an email. Just don't expect a thank you note.

ServiceNow's Not-So-Simple List

ServiceNow's Simple List feature might not be so simple after all. A data exposure issue could be showing more than just your to-do list. While no exploits in the wild have been spotted yet, better safe than sorry, right?

Equifax's Pricey Penalties

The UK arm of Equifax is getting a hefty slap on the wrist with a fine of over £11 million for a 2017 data breach. I guess outsourcing isn't always the best solution, especially when you're dealing with sensitive data.
Tags: CIA and Cybersecurity, EPA Cyber Regulations, Equifax Data Breach, MuddyWater APT, ServiceNow Data Exposure, Signal Messaging App, State-Backed Cyberattacks, Zero-Day Attacks