Critical infrastructure is generally not connected to the public Internet. And then, there are too many wrong configurations in productions sometimes just because someone thought that it is a good idea to mine bitcoins on a nuclear weapon facility.

Yesterday Pukhraj Singh did a tweet saying:

So, it's public now. Domain controller-level access at Kudankulam Nuclear Power Plant. The government was notified way back. Extremely mission-critical targets were hit.

Yup, you read it right, a nuclear power plant was hit, using a static username password combination over SMB. Following the standard Indian Government style about dealing with problems, the plant released a note saying there was no problem. Sadly just denying that there were no issues does not cover up the truth, and today a story on Indian Express confirms the breach.

One another big news, Citizen Lab published a report on NSO Group’s attack over WhatsApp, which points out that now WhatsApp officially filed a complaint in a U.S. federal court against NSO group. WashingtoPost has a detailed report. WhatsApp also messaged around 1400 users who might have been impacted by this attack.

Videos to watch

If you want to discuss any of these topics, hop on to the Freenode server (IRC), and come to the #learnandteach channel. Also, please share about the newsletter in your favorite social media as this is still a very new thing from me.

Note: I think I managed to break the formatting, sorry for the trouble in reading.