The Canadian Security Establishment released a statement outlining activities of foreign actors trying to interfere in COVID-19 research and development.
Full CSE Report: https://www.cse-cst.gc.ca/en/media/2020-07-16
Tag: Security
Florida Water Treatment Plant Hacked, TeamViewer is Likely Vector
Multiple sources are reporting on a story from Oldsmar Florida where a water treatment plant was hacked. An operations computer running TeamViewer started altering water system parameters to dangerous levels in front of an operator’s eyes. Officials say, if the event went unseen then multiple alarms still would have triggered before anyone would have been hurt. Nonetheless any intrusion into a water system is concerning.
Canada Watch suggests you never leave TeamViewer running or even installed on a critical system unless it is a necessity.
As pointed out by our country’s security experts in recent reports – critical infrastructure is increasingly a prime target for bad actors. ‘Infrastructure’ includes many critical systems we all rely on like drinking water, traffic lights and utilities.
Read more at Snopes: https://www.snopes.com/fact-check/florida-water-hack/
[Control Systems] Schneider Electric Security Advisory
The Cyber Centre has an alert regarding Schneider Electric ‘PowerLogic’ systems. HTTP and Telnet security issue(s) could result in unintended device behavior.
Cyber Center Alert: https://cyber.gc.ca/en/alerts/control-systems-schneider-electric-security-advisory-15
Vendor Details (PDF): https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-040-01
RCMP warn of email scam involving fake online order
The RCMP are warning of a scam where a victim received a fake order via email. The victim called a number listed in the fake order email and was then tricked into installing malware onto their computer by paying for fake ‘security software’.
We at Canada Watch suggest you never trust anyone trying to sell or offer computer security software or support over the phone or via random emails. If you need help or are suspicious we suggest doing some some research into the topic or asking someone you personally know what they think about the situation.
RCMP Report: https://www.rcmp-grc.gc.ca/en/news/2021/rcmp-warn-email-scam-involving-fake-online-order
RCMP asking parents to be vigilant of children’s online activity
The RCMP is reporting on complaints involving ‘Instagram Live’ events where users, including children, are being lured into private chats and being exploited.
Always be careful online. Personal information should only be shared online though secure methods where you have verified the individual you are communicating with. Even then, please keep in mind that almost any personal information can be used to exploit someone in one way or another.
Full Report: https://www.rcmp-grc.gc.ca/en/news/2021/rcmp-asking-parents-be-vigilant-childrens-online-activity
Ubuntu Security Advisory
On February 2, 2021 Ubuntu released Security Notices to address vulnerabilities in the Linux kernel.
More information from the Cyber Centre here: https://cyber.gc.ca/en/alerts/ubuntu-security-advisory-6
Security Exploit found in Chrome Browser for Desktop
The Canadian Centre for Cyber Security and Google are reporting of an exploit affecting Chrome for Desktop versions prior to ‘88.0.4324.150‘.
You can find your product version number by entering the Chrome menu, going to ‘Help‘ and then clicking on ‘About Google Chrome‘. This check also tends to start the update process from what we have found.
Canadian Centre for Cyber Security Alert: https://cyber.gc.ca/en/alerts/google-chrome-security-advisory-45
Google Post: https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html