Newsletter from Kushal

Critical infrastructure is generally not connected to the public Internet. And then, there are too many wrong configurations in productions sometimes just because someone thought that it is a good idea to mine bitcoins on a nuclear weapon facility.

Yesterday Pukhraj Singh did a tweet saying:

So, it's public now. Domain controller-level access at Kudankulam Nuclear Power Plant. The government was notified way back. Extremely mission-critical targets were hit.

Yup, you read it right, a nuclear power plant was hit, using a static username password combination over SMB. Following the standard Indian Government style about dealing with problems, the plant released a note saying there was no problem. Sadly just denying that there were no issues does not cover up the truth, and today a story on Indian Express confirms the breach.

One another big news, Citizen Lab published a report on NSO Group’s attack over WhatsApp, which points out that now WhatsApp officially filed a complaint in a U.S. federal court against NSO group. WashingtoPost has a detailed report. WhatsApp also messaged around 1400 users who might have been impacted by this attack.

Links to read

• How did a Chinese APT get a U.S. hacking tool before it was leaked? Check Point has a theory. Read the theory about how did they reverse-engineered NSA hacking tools (before they were leaked online).
• Xiaomi FurryTail has a breach Internet-connected pet feeders seem to have a vulnerability.
• NordVPN security updates The steps NordVPN is taking after many security issues in their systems
• Rethinking Encryption Former FBI General Counsel Jim Baker on Encryption and Backdoors

Videos to watch

• Nothing to hide Documentary on privacy
• So You Want To Be A Pentester? Peter Bassill giving amazing details to any newcomer to the industry

If you want to discuss any of these topics, hop on to the Freenode server (IRC), and come to the #learnandteach channel. Also, please share about the newsletter in your favorite social media as this is still a very new thing from me.

Note: I think I managed to break the formatting, sorry for the trouble in reading.

Kushal