FBI warns of threats to US renewable energy sector

The U.S. Federal Bureau of Investigation has issued a warning highlighting the growing cyber threats to the U.S. renewable energy sector. Highlighting the risk to power generation operations and intellectual property theft, the agency said cyber actors could exploit vulnerabilities in operational technology (OT) systems, specifically by attacking solar panel inverters to disrupt power output or compromise battery storage. With the rise in renewable energy adoption fueled by federal incentives and local initiatives such as Virginia’s ambitious energy goals, the sector has become a prime target.

The FBI urged industry stakeholders to remain vigilant, recommending monitoring for suspicious network activity, updating security protocols and promptly reporting cyberattacks. Recognizing the interconnectedness of energy infrastructure, the agency also recommended precautions against supplier risks and supply chain vulnerabilities. The bureau also emphasized the importance of offline data backup, access management and vulnerability mitigation strategies to mitigate potential cyber incidents.

Hackers are exploiting a path traversal vulnerability in D-Link DIR-859 WiFi routers to collect account information, including passwords. The vulnerability, CVE-2024-0769, has a severity rating of 9.8 and affects decommissioned DIR-859 routers. D-Link has issued a security advisory explaining that the “fatlady.php” flaw affects all versions of the firmware, allowing attackers to leak session data, escalate privileges, and gain full control via the admin panel. D-Link will not patch CVE-2024-0769, so users should immediately switch to a supported device.

Threat monitoring platform GreyNoise reports active exploitation of CVE-2024-0769, where attackers target the “DEVICE.ACCOUNT.xml” file to throw out account names, passwords, user groups, and descriptions. The attack uses a malicious POST request to “/hedwig.cgi”, exploiting CVE-2024-0769 to gain access to sensitive configuration files via “fatlady.php”, potentially exposing user credentials.

Google has initiated a vulnerability bounty program targeting its kernel-based virtual machine hypervisor, offering up to $250,000 for discovering critical zero-day vulnerabilities. The contest, dubbed “kvmCTF,” invites participants to log into guest virtual machines and attempt guest-to-host attacks on the bare metal host system. The goal is to exploit vulnerabilities in the host kernel KVM subsystem only, excluding vulnerabilities in the QEMU emulator or host-to-KVM techniques.

KVM has been integrated into the Linux mainline since 2007 and is widely used by Google on Android and Google Cloud platforms. It supports multiple virtual machines with hardware emulation.

The contest, which launched on June 27, operates on a UTC time frame, specifying detailed rules from initial file downloads to proof of successful exploits. Bounties range from $250,000 for a full VM escape to $10,000 for relative memory reads, with an emphasis on high payouts for serious vulnerabilities. The program rules specify that prizes are awarded only for the first successful entry in a given category.

Security researchers at EVA Information Security report that CocoaPods, an open-source dependency manager for Swift and Objective-C applications, left thousands of packages vulnerable for nearly a decade. The issue, tracked as CVE-2024-38368 with a CVSS score of 9.3, stemmed from unclaimed Pods on the GitHub Trunk server, allowing attackers to potentially inject malicious code via a simple CURL request.

A separate vulnerability, CVE-2024-38366, with a maximum CVSS score of 10, allowed remote code execution on the Trunk server due to insecure email validation. A third vulnerability, CVE-2024-38367 from CVSS 8.2, exploited email validation to steal session tokens without user interaction.

The vulnerabilities could have facilitated supply chain attacks, affecting popular apps from major companies like Meta, Apple, and Microsoft. CocoaPods maintainers reportedly patched the flaws a few months ago.

The UK National Crime Agency worked with international partners in Operation Morpheus to combat illegal use of Cobalt Strike. Cobalt Strike, originally a legitimate penetration testing tool, was used by cybercriminals who distributed cracked versions for malicious activities.

The operation, conducted with Europol and agencies from Australia, Canada, Germany, the Netherlands, and Poland, as well as private sector allies, identified 690 unlicensed instances of Cobalt Strike in 27 countries. Working with 129 ISPs, law enforcement successfully blocked 593 domains hosting these illegal copies of the software in a week.

The actor behind a ransomware attack on an Indonesian government data center apologized for the inconvenience to Indonesian citizens shortly after demanding an $8 million ransom in exchange for a decryption key, ABC News reported.

“Citizens of Indonesia, we apologize for the hardship this has caused to everyone,” the hacker wrote on his dark web page. “Our attack had no political context, it was just a pay-by-pay penetration test. We hope our attack has made you realize how important it is to fund the industry and recruit skilled professionals.”

The ransomware attack took down the Temporary National Data Center, which stores data from some 285 government departments and agencies (see: Indonesian data center attack threatens transformation efforts).

The government later admitted that the affected agencies did not have backups because data recovery was an optional measure.

Google Pixel 6 series owners have reported that their devices have become “frozen” after performing a factory reset over the past week. Typically done to wipe data before reselling, these resets cause a missing “tune2fs” error during boot, leading to a recovery screen with the message “Android could not be loaded. Your data may be corrupted.” This causes an endless factory reset loop. Because OEM locks prevent bootloader setup and sideloading updates via ADB, the issue remains unresolved. Some affected users were in the Android 15 beta program, but it’s not a common occurrence. Google addressed the issue on Tuesday and said it’s working on a fix.

Japan has phased out the use of floppy disks in all government systems, a major milestone in its modernization efforts. The Digital Agency announced the abolition of 1,034 regulations governing floppy disk use, with only one on environmental standards remaining.

Digital Minister Taro Kono celebrated the achievement, emphasizing a broader push to eliminate outdated technology, including faxes, from government operations. Created during the COVID-19 pandemic to streamline processes, the Digital Agency has highlighted Japan’s move away from paper filing and outdated technology.

Other stories from last week