No prizes for guessing why, as Colonial Pipeline outage stretches patience and looks like lasting a week
South Korea’s Ministry of Trade, Energy and Infrastructure has ordered a review of the cybersecurity preparedness of the nation’s energy infrastructure.
Minister of Trade, Industry and Energy Moon Seung-wook convened a meeting yesterday, saying it was needed considering the ransomware attack on the Colonial Pipeline that shuttered one of the USA’s main oil transport facilities.
“In the wake of the disruption, it is necessary to thoroughly examine whether cybersecurity preparations and countermeasures for our energy-related infrastructure are properly in place,” the minister said, before calling on operators of oil pipelines, power grids, gas pipelines, and emergency response systems to check the status of their systems and report back on their findings.
Also on the agenda at the hastily convened meeting was discussion of government countermeasures to attacks such as those that hit the Colonial Pipeline.
South Korea gets seriously cold in winter, with daily average temperatures below freezing from December to February. Disruptions to energy supply could prove catastrophic.
- Korean app-maker Scatter Lab fined for using private data to create homophobic and lewd chatbot
- Show me the Monet: Late Samsung chairman’s family settles inheritance tax bill, massive art donation
- Plot twist! South Korean telco uses 5G to fight coronavirus via hospital-patrolling robot
- South Korean regulator recommends Apple be prosecuted for hampering fair trade probe
In America, meanwhile, Colonial Pipeline says it was able to conduct manual operations on small sections of its infrastructure, but panic buying has led to fuel shortages, and fuel prices have risen. Several US states have initiated measures to either permit road transport of fuel or prevent price gouging.
Colonial has set Friday as the day on which it hopes to restore full services. South Korea seems to be hoping it never ends up having to enact such measures. ®
-
Salesforce fell over so hard today, it took out its own server status page
It’s not DNS. There is no way it’s DNS. It was DNS
Salesforce is digging itself out of a multi-hour outage right now that it has blamed on a DNS issue.
At one point today, the IT breakdown was so severe that its status page was pretty much inaccessible for netizens, and staff resorted to posting updates on their help and training sub-site.
“Salesforce is experiencing a major disruption due to what we believe is a DNS issue causing our service to be inaccessible,” CTO Parker Harris said in a statement. “We recognize the significant impact on our customers and are actively working on resolution.
-
Tech industry quietly patches FragAttacks Wi-Fi flaws that leak data, weaken security
Dozen design, implementation blunders date back 24 years
A dozen Wi-Fi design and implementation flaws make it possible for miscreants to steal transmitted data and bypass firewalls to attack devices on home networks, according to security researcher Mathy Vanhoef.
On Tuesday, Vanhoef, a postdoctoral researcher in computer security at New York University Abu Dhabi, released a paper titled, “Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation” [PDF].
Scheduled to be presented later this year at the Usenix Security conference, the paper describes a set of wireless networking vulnerabilities, including three Wi-Fi design flaws and nine implementation flaws.
-
Microsoft says Outlook hit by ’email visibility issues’ – as in, they’re blank
Here’s an unofficial fix for those who need their messages now
Microsoft says its Outlook desktop client is suffering serious “email visibility issues” today, with a fix yet to be rolled out. Users have reported either whole emails missing, chunks of data gone, or just seeing the first line of messages.
Folks can use the web or mobile client of Outlook, or the Windows desktop client in “safe mode.” Otherwise, you’re out of luck for the next few hours.
“We’re investigating an issue with email message visibility in Outlook. Outlook on the web appears to be unaffected,” the Windows giant said a couple of hours ago.
-
WhatsApp: Share your data with Facebook, or we’ll make our own app useless to you
Zuck gets tough just as Germany blocks privacy policy roll-out
WhatsApp users who refuse to accept its new privacy policy will slowly but surely be cut off from the chat app, the social network has confirmed.
In January, WhatsApp users were told if they wanted to keep using the software, they must agree to an updated fine print that, among other things, allows their data to be passed onto not only WhatsApp’s parent Facebook but also its subsidiaries as and when decided by the tech giant.
This information includes names, profile pictures, status updates, phone numbers, contacts lists, and details about mobile devices and connections, though not the contents of encrypted messages and calls. Those who did not accept the terms and conditions would not be allowed to use the application from February.
-
SolarWinds CEO describes overhauled Orion build system after that ‘very small, unique’ security breach
‘This can happen to anybody. There’s always learning in any crisis. And we were no exception’
CyberUK 21 SolarWinds’ chief exec has described the 18,000 customers who downloaded backdoored versions of its Orion software as a “very small” number while giving a speech to an infosec event.
Sudhakar Ramakrishna, who joined the biz in January, made the comparison while giving the opening keynote at the CyberUK conference, organised by Britain’s National Cyber Security Centre (NCSC). He’ll also be giving a talk on the topic at this month’s RSA Conference in the US, presumably part of an extended apology tour.
“Although the number of affected customers is very small, that we eventually discovered, it is still a very important thing to discover, because this is a unique and very novel attack on the supply chain of a company,” said Ramakrishna in his opening remarks – adding that “none of our source code control systems were tampered with.”
-
Microsoft emits more fixes for Exchange Server plus patches for remote-code exec holes in HTTP stack, Visual Studio
Plus: Grab your updates for Adobe, SAP, Android, Intel
Patch Tuesday Microsoft’s May Patch Tuesday brought a lighter-than-usual load of 55 fixes for 32 of the Windows giant’s applications and services, which is about half what was served up in April.
The Redmond-based firm’s Office and Windows flagships house many of the identified vulnerabilities, alongside Internet Explorer, Visual Studio, Visual Studio Code, Skype, and other software.
Among the 55 CVEs identified by Microsoft, four are rated critical, 50 are rated important, and one is rated moderate.
-
IBM wheels out AutoSQL, Watson Orchestrate in bid to fend off cloud irrelevance
AI here, there and everywhere
Think IBM’s latest attempt at relevance in the cloud world continued at its Think conference by giving its Cloud Pak for Data another beating with the AI stick and unleashing Watson on IT pros.
-
Rude awakening for O2 customers after network runs surprise test of emergency mobile alert system
Sorry, there’s no nuclear missile inbound. You have to go to work
Birds chirping, the gentle burbling of coffee brewing – these are the sounds we typically associate with the dawn hours.
Everyone, that is, except customers of O2, who arose this morning to a noise described as akin to a “nuclear siren” after the network performed an unannounced test of the UK’s emergency alert system.
The two alerts, sent around 0745 and 0800, were accompanied by a forebodingly shrill beep, the kind of which you’d expect to hear if a cruise missile was heading to your house. Meanwhile, a disembodied computerised voice read out the alert’s message, which said as follows:
-
UK’s Computer Misuse Act to be reviewed, says Home Secretary as she condemns ransomware payoffs
Priti Patel doesn’t say a word about encryption, though
CyberUK 21 Priti Patel has promised a government review of the UK’s 30-year-old Computer Misuse Act “this year” as well as condemning companies that buy off ransomware criminals.
The Home Secretary pledged the legal review in a speech at the CyberUK conference this afternoon, organised by the National Cyber Security Centre (NCSC).
“As part of ensuring that we have the right tools and mechanisms to detect, disrupt and deter our adversaries, I believe now is the right time to undertake a formal review of the Computer Misuse Act,” said Patel.
-
NHS App gets go-ahead for vaccine passport use despite protest from privacy groups
Big Brother Watch warns app contains too much sensitive medical information
Folks in England can from next week use the NHS App to confer their vaccination status, in the face of warnings that the technology could lead to identifiable medical information being exposed.
The British government has announced that from 17 May, people will be able to demonstrate their COVID-19 vaccination status – a so-called vaccine passport or certificate – using the NHS App, which began its public rollout in January 2019, well before the pandemic. Connected to a GP’s practice systems, it is designed to help users book appointments, order repeat prescriptions, and view medical records. This feature is so far available to people registered with a GP in England only.
“You can access the app through mobile devices such as a smartphone or by tablet. Proof of your COVID-19 vaccination status will be shown within the NHS App,” the government said this week.
-
Copper load of this: Openreach outlines 77 new locations where it’ll stop selling legacy phone and broadband products
You can’t buy this kind of service. No, literally
BT-owned infrastructure provider Openreach has confirmed plans to stop sales of copper-based phone and broadband services in 77 exchange locations across the UK, affecting roughly 700,000 premises.
The “stop-sell” order will come into effect on April 29, 2022. Included in the 77 locations are Ellesmere Port in Cheshire, Hayes in Greater London, Kelso in Scotland, and Coleraine in Northern Ireland.
Those clinging to their legacy-based copper phone lines won’t necessarily see any immediate changes to service. However, the “stop sell” order means that anyone who switches broadband or landline providers will only be able to choose from products delivered over fibre.
