An anonymous reader quotes a report from Wired: Network security appliances like firewalls are meant to keep hackers out. Instead, digital intruders are increasingly targeting them as the weak link that lets them pillage the very systems those devices are meant to protect. In the case of one hacking campaign over recent months, Cisco is now revealing that its firewalls served as beachheads for sophisticated hackers penetrating multiple government networks around the world. On Wednesday, Cisco warned that its so-called Adaptive Security Appliances -- devices that integrate a firewall and VPN with other security features -- had been targeted by state-sponsored spies who exploited two zero-day vulnerabilities in the networking giant's gear to compromise government targets globally in a hacking campaign it's calling ArcaneDoor.

The hackers behind the intrusions, which Cisco's security division Talos is calling UAT4356 and which Microsoft researchers who contributed to the investigation have named STORM-1849, couldn't be clearly tied to any previous intrusion incidents the companies had tracked. Based on the group's espionage focus and sophistication, however, Cisco says the hacking appeared to be state-sponsored. "This actor utilized bespoke tooling that demonstrated a clear focus on espionage and an in-depth knowledge of the devices that they targeted, hallmarks of a sophisticated state-sponsored actor," a blog post from Cisco's Talos researchers reads. Cisco declined to say which country it believed to be responsible for the intrusions, but sources familiar with the investigation tell WIRED the campaign appears to be aligned with China's state interests.

Cisco says the hacking campaign began as early as November 2023, with the majority of intrusions taking place between December and early January of this year, when it learned of the first victim. "The investigation that followed identified additional victims, all of which involved government networks globally," the company's report reads. In those intrusions, the hackers exploited two newly discovered vulnerabilities in Cisco's ASA products. One, which it's calling Line Dancer, let the hackers run their own malicious code in the memory of the network appliances, allowing them to issue commands to the devices, including the ability to spy on network traffic and steal data. A second vulnerability, which Cisco is calling Line Runner, would allow the hackers' malware to maintain its access to the target devices even when they were rebooted or updated. It's not yet clear if the vulnerabilities served as the initial access points to the victim networks, or how the hackers might have otherwise gained access before exploiting the Cisco appliances. Cisco advises that customers apply its new software updates to patch both vulnerabilities.

A separate advisory (PDF) from the UK's National Cybersecurity Center notes that physically unplugging an ASA device does disrupt the hackers' access. "A hard reboot by pulling the power plug from the Cisco ASA has been confirmed to prevent Line Runner from re-installing itself," the advisory reads.

An anonymous reader quotes a report from the New York Times: Many electric utilities are putting up lots of new power lines as they rely more on renewable energy and try to make grids more resilient in bad weather. But a Vermont utility is proposing a very different approach: It wants to install batteries at most homes to make sure its customers never go without electricity. The company, Green Mountain Power, proposed buying batteries, burying power lines and strengthening overhead cables in a filing with state regulators on Monday. It said its plan would be cheaper than building a lot of new lines and power plants. The plan is a big departure from how U.S. utilities normally do business. Most of them make money by building and operating power lines that deliver electricity from natural gas power plants or wind and solar farms to homes and businesses. Green Mountain — a relatively small utility serving 270,000 homes and businesses -- would still use that infrastructure but build less of it by investing in television-size batteries that homeowners usually buy on their own. "Call us the un-utility," Mari McClure, Green Mountain's chief executive, said in an interview before the company's filing. "We're completely flipping the model, decentralizing it."

Green Mountain's plan builds on a program it has run since 2015 to lease Tesla home batteries to customers. Its filing asks the Vermont Public Utility Commission to authorize it to initially spend $280 million to strengthen its grid and buy batteries, which will come from various manufacturers. The company expects to invest an estimated $1.5 billion over the next seven years -- money that it would recoup through electricity rates. The utility said the investment was justified by the growing sum it had to spend on storm recovery and to trim and remove trees around its power lines. The utility said it would continue offering battery leases to customers who want them sooner. It will take until 2030 for the company to install batteries at most homes under its new plan if regulators approve it. Green Mountain says its goal to do away with power outages will be realized by that year, meaning customers would always have enough electricity to use lights, refrigerators and other essentials. Green Mountain would control the batteries, allowing it to program them to soak up energy when wind turbines and solar panels were producing a lot of it. Then, when demand peaked on a hot summer day, say, the batteries could release electricity. Under the proposal, the company would initially focus on delivering batteries to its most vulnerable customers, putting some power lines underground and installing stronger cables to prevent falling trees from causing outages.

An anonymous reader quotes the Detroit Free Press: The mysterious, greenish-yellow liquid that ran onto a Michigan highway on Friday came from a closed electroplating business whose owner is serving a year in federal prison for operating an unlicensed hazardous waste storage facility...

The U.S. Environmental Protection Agency was called to investigate and determined the liquid likely was groundwater contaminated with hexavalent chromium, according to The Michigan Department of Environment, Great Lakes, and Energy (EGLE)... State officials said the liquid was entering a storm sewer on I-696... Crews spent Friday night vacuuming the sewers and eventually started on the basement at Electro-Plating Services, where green liquid was found in the basement pit.

Workers were installing a pump in the basement pit to keep water levels down and "prevent more offsite migration," EGLE said.
More than 5,000 containers of hazardous chemicals had already been removed from the site, according to the article.

But state investigators have determined that there's no imminent risk to the public.

judgecorp writes "The British Government has announced its plans to handle solar storms. The idea is to improve the resilience of infrastructure, including satellite communications — which the government says will also be useful against the future possibility of electromagnetic pulse (EMP) weapons. From the report: 'National Grid and DECC are building on the work of the Space Environment Impacts Evaluation Group and E3C to analyse the range of impacts of extreme space weather events, with the Carrington Event being adopted as the reasonable worst case. These scientific assessments have enabled National Grid to change the design requirements for its Supergrid transformers, and to increase its reserve holding of transformers. National Grid is currently developing improved monitoring tools with the British Geological Survey (BGS) and installing or reinstalling Geomagnetically Induced Currents (GIC) monitoring devices into its Strategic Asset Management program. The next steps will be for National Grid, in association with BGS and working with E3C, to develop more detailed modelling of severe space weather events including impacts on generator transformers. This will extend and strengthen its analysis on the electricity transmission system completed so far.'"

Lemmus writes "A patch for the PC version of Thief: Deadly Shadows is now available. The patch fixes the AI skill level being reset whenever a level is reloaded, the major bug previously reported in a post at Slashdot Games. This is apparently the only thing that the patch fixes, so users with other problems have to wait for another patch. Although Ion Storm warns against installing the patch on installations with user-modified .ini files, most users don't seem to be having any trouble with it."

photozz asks: "We are on a large network (1000+ nodes) with a mix of everything, Wintel, Unix, Linux and Mac. Lately, we have been getting broadcast storms that kill the network. Our solution is to subnet everything with routers, thus killing broadcast trafic. BUT, this will limit Windows browsing on the network to each segment. Installing Brouters will just give us the same packet storm problems we had before. How can we stop broadcast trafic while enabling Netbios resolution acros routers?"

A few weeks ago, you asked questions of Ryan Lackey, CTO for HavenCo, a company dedicated to providing secure off-shore data hosting from Sealand, a principality off the coast of England. Ryan has lately survived dental emergencies, the loss of a laptop (it dropped into the North Sea -- how many people can say that?) and other stresses, but he's followed through with some interesting answers. He even has some ideas for how you can make a lot of money, and lists the tools you need to start your own data haven. Kudos to Ryan for taking the time to answer so thoroughly.

Most of the questions we got for crypto guru Bruce Schneier earlier this week were pretty deep, and so are his answers. But even if you're not a crypto expert, you'll find them easy to understand, and many of Bruce's thoughts (especially on privacy and the increasing lack thereof) make interesting reading even for those of you who have no interest in crypto because you believe you have "nothing to hide." This is a *long and strong* Q&A session. Click Below to read it all.