From Paul's Security Weekly
no edit summary
#[https://threatpost.com/solar-wind-power-utility-cyberattack/149816/ Solar, Wind Power Utility Disrupted in Rare Cyberattack] - ''sPower, a Utah-based wind and solar provider, began experiencing a series of lost connections between its main control center and remote power-generation sites. The brief, intermittent periods of downtime were determined to be the result of a denial-of-service (DoS) attack, according to documents obtained via the Freedom of Information Act (FOIA) by E&E News, a utility-industry trade publication. That operational disruption makes the attack the first of its kind in the country. “This disrupted the organization’s ability to monitor the current status of its power-generation systems. The utility industry refers to this type of incident as ‘loss of view,'” explained Phil Neray, vice president of industrial cybersecurity at CyberX, in an interview with Threatpost.''
#[https://securityaffairs.co/wordpress/93062/hacking/xiaomi-furrytail-pet-feeders-hack.html Thousands of Xiaomi FURRYTAIL pet feeders exposed to hack] - There are two vulnerabilities here, one seems to be an API that does not have authentication, allowing remote attackers to change the feeding schedule, and an exploitable WiFi driver: ''The researcher explained that the devices were exposed online without authentication, she was able to change feeding schedules. The expert also discovered that the devices were also using the Wi-Fi ESP8266 chipset that is affected by a flaw that could be exploited by an attacker to download and install new firmware, and reboot Xiaomi FurryTail pet feeders.''