Suspected Iranian activity targeted automatic tank gauge systems used to monitor underground fuel levels at gas stations across multiple US states. Attackers reportedly exploited internet-connected devices that lacked passwords, enabling changes to display readings while not altering actual fuel volumes. No physical damage or safety incidents were reported, but the access raised concerns about masking gas leaks or introducing risks to critical infrastructure. Separately, a CISA contractor left a public GitHub repository accessible for months, exposing administrative keys for AWS GovCloud accounts and plaintext passwords for internal systems. Anthropic added a capability to its Mythos vulnerability discovery platform that enables users to share cyber threat intelligence with others.
"US officials believe Iranian hackers breached automatic tank gauge (ATG) systems that monitor fuel levels in underground storage tanks at gas stations across multiple states. The attackers exploited unprotected, internet-connected devices lacking passwords and were able to alter display readings, though they could not change actual fuel volumes. While no physical damage or safety incidents have occurred, the intrusions have sparked concerns that such access could potentially mask gas leaks or create other risks to critical infrastructure."
"A contractor working for CISA left a public GitHub repository named Private-CISA openly accessible for months, exposing administrative keys to multiple AWS GovCloud accounts along with plaintext passwords for internal CISA systems. While CISA states there is no evidence of unauthorized access to sensitive data so far, the exposed credentials could have allowed attackers to move laterally into government systems or tamper with internal software packages."
"Anthropic has introduced a new feature in its Mythos vulnerability discovery platform that allows users to share information about cyber threats with others. This update aims t"
#critical-infrastructure-security #icsot-vulnerabilities #credential-exposure #threat-intelligence-sharing #government-cybersecurity
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]