Hackers Keep Targeting the US Water Supply

You might be considering jumping ship after all the recent Facebook news (which, frankly, is there any?). Here's how you can delete your Facebook account. You are welcome.
This is not the only thing that happened this week. Google revealed new details about the Iranian hacking group APT35 or Charming Kitten and how they use Telegram bots for letting them know when phishing lures have a nibble. Telegram: A new report shows how poorly Telegram has done in keeping extremism away from its platform.

Cloudflare received some good news this week. A judge ruled that Cloudflare is not liable for customers who infringe on copyright designs. The bad news is that the governor of Missouri threatened to sue a journalist who disclosed a security flaw in a Missouri state website.

There's more! Every week, we bring you all the security news WIRED hasn't covered in depth. To read the complete stories, click on the headlines. Stay safe out there.

A hacker attempted to poison the water supply of a Florida city by hacking into its control systems and increasing the sodium hydroxide levels. A former employee of a Kansas water plant accessed the controls remotely in 2020. This is before you get to the four ransomware hacks that intelligence officials discovered this week in a joint warning over the continuing threats hackers pose to US water systems and wastewater treatment plants. Water treatment plants are more likely to invest in infrastructure than in IT resources and use older versions of software. Both of these factors make them vulnerable to attacks. Ransomware attackers love targets that are unable to afford to be offline for a significant time, so disgruntled insiders can cause havoc. This is not surprising, but we also issued the same warning in April. The joint FBI/CISA/NSA/EPA memo provides new details about the number of attacks that have been confirmed in recent months and offers some guidance to critical infrastructure operators on how to avoid becoming the next victim.

Twitch hacks have caused quite a stir, especially among streamers. It's not the worst hack in Twitch's history. Motherboard's 2014 hack, which was described by the network this week, is what earned that distinction. It was so severe that Twitch had "rebuild much" of its code infrastructure, according to the report. Many of its servers were likely to have been compromised. The hack was nicknamed Urgent Pizza by Twitch because of the amount of overtime engineers hadto work and the meals they had to eat to mitigate the attack. It is well worth the effort.

You've probably heard the story before, but it's worth adding a case with such wild allegations. The Navy nuclear engineer Jonathan Toebbe was charged by the Department of Justice with trying to disclose state secrets to a foreign nation. His wife was also charged. Toebbe was allegedly involved in numerous dead drops of sensitive information. Court documents state that he concealed data cards in everything, from peanut butter sandwiches to gum packs. Toebbe allegedly offered to exchange thousands of documents and asked for $100,000 in cryptocurrency.

It is always a good idea for all your devices to be updated automatically, especially if the update is intended to fix a zero-day bug. A security researcher was fed up with Apple not crediting his submissions. He posted last month a proof of concept exploit along with details about four iOS security flaws. This is the second to be fixed, leaving two more to be worked on. Apple should give him a proper tip once it fixes those.

Here are more great WIRED stories