NIST Drops Password Complexity, Mandatory Reset Rules
Source: Dark Reading
The latest draft version of NIST's password guidelines simplifies password management best practices and eliminates those that did not promote stronger security. The National Institute of Standards and Technology (NIST) is no longer recommending using a mixture of character types in passwords or regularly changing passwords.
Kansas Water Plant Pivots to Analog After Cyber Event
Source: Dark Reading
A water treatment facility in a small city took serious precautions to prevent any bad outcomes from a hazy cyber incident. Arkansas City — population 12,000, a two-hour drive north of Oklahoma City — sits at the junction of the Walnut and Arkansas Rivers, the latter of which supplies the town's drinking water.
MoneyGram confirms a cyberattack is behind dayslong outage
Source: Bleeping Computer
Money transfer giant MoneyGram has confirmed it suffered a cyberattack after dealing with system outages and customer complaints about lack of service since Friday. While many suspected the company was hit by a cyberattack, it wasn't until Monday morning that MoneyGram confirmed that a cybersecurity incident caused the systems outage.
Zero-Day Vulnerabilities in Automatic Tank Gauge Systems
Source: Info Risk Today
Hackers Could Cause Tanks to Overfill and Disable Leak Detection. Industrial control systems made by different manufacturers for monitoring fuel storage tanks including those used in everyday gas stations contain critical zero-days that could convert them into targets for cyberattacks that cause physical damage.
Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates
Source: The Hacker News
Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could have allowed remote control over key functions simply by using only a license plate.