Summary:
Near the end of June, a California credit union, Patelco, was was the victim of a ransomware attack that potentially exposed the personal data of its hundreds of thousands of members. It shut down all customer access for at least a week while it attempted to restore operations. In the wake of the attack, at least two class action lawsuits were filed against it for failing to properly protect clients' information.

Summary:
More information about the credit union ransomware attack became available in August. The number of exposed accounts is estimated at over 700K, which is nearly 50% higher than the initial estimates. The group responsible for the attack was named as RansomHub, and that group announced that it was auctioning off the stolen information.

Summary:
Despite the increasing number of cyberattacks against water control systems in the US (see, for example, our news from June of this year and estimates of the number of such attacks since 2019), the EPA's memorandum about securing the diverse systems around the country was met with resisting lawsuits last year. Three state's attorney generals and two industry groups sued and obtained a temporary restraining order on the EPA's attempt to include cybersecurity reporting as part of certifying the suitability of water facilities. Theimposition of the checklist was said to be onerous and would result in higher prices for consumers. The EPA withdrew the memo.

Summary:
Despite the rejection of last year's EPA memorandum on cybersecurity for water infrastructure, the US Government Accounting Office release a recent report (GAO-24-106744) on security risks to water and wastewater computer control systems.

Summary:
Thousands of pagers and walkie-talkies in Lebanon exploded on Tuesday and Wednesday last week, causing deaths and injuries. This appeared to be an enemy operation caused by the distribution of devices with booby-trapped batteries. A wireless message sent to the devices initiated the explosions.

Not much is known about the manufacture of the pagers. They may have been made in Taiwan by the manufacturer whose logo appears on the devices, or they might have been made in the Mideast. The exact pathway of the pagers from the manufacturer to the Lebanese users is unknown, but somewhere along the way, battries containing the explosive "PETN" were inserted. Some sort of known software vulnerability to cause the battery to overheat may have been the trigger.

Summary:
The source of the exploding walkie talkies in Lebanon was not the manufacturer whose logo appears on the device cases. The company, Icom in Osaka, Japan, says that the IC-V82 transceivers that are pictured online as having been used in the attack are not theirs. They have not manufactured the devices in several years, and a holographic tag of authenticity is not on the devices.