Toggle light / dark theme

By Chuck Brooks


Dear Friends and Colleagues, this issue of the Security & Insights newsletter focuses on cybersecurity and the convergence of devices and networks. The convergence of the Internet of Things, industrial control systems (ICS), operational technology (OT), and information technology (IT) has revealed vulnerabilities and expanded attack surfaces. They are prime targets for hackers, who frequently look for unprotected ports and systems on internet-connected industrial devices. Because they provide several avenues of entry for attackers and because older OT systems were not built to withstand cyberattacks, IT/OT/ICS supply chains in continuous integration (CI) are especially vulnerable. Below is a collection of articles that address the challenges and threats of cybersecurity for connected devices and people.

Thanks for reading and stay safe! Chuck Brooks

Growing cyberthreats to the internet of things.

Cybersecurity researchers are calling attention to a new Linux cryptojacking campaign that’s targeting publicly accessible Redis servers.

The malicious activity has been codenamed RedisRaider by Datadog Security Labs.

“RedisRaider aggressively scans randomized portions of the IPv4 space and uses legitimate Redis configuration commands to execute malicious cron jobs on vulnerable systems,” security researchers Matt Muir and Frederic Baguelin said.

SK Telecom says that a recently disclosed cybersecurity incident in April, first occurred all the way back in 2022, ultimately exposing the USIM data of 27 million subscribers.

SK Telecom is the largest mobile network operator in South Korea, holding roughly half of the national market.

On April 19, 2025, the company detected malware on its networks and responded by isolating the equipment suspected of being hacked.

While the documents refer to the education company only as “Victim-2” and the U.S. attorney’s office declined to name the victim, a person familiar with the matter told NBC News that it is PowerSchool. The hack of PowerSchool last year is believed to be the largest breach of American children’s sensitive data to date.

According to his plea agreement, Lane admitted obtaining information from a protected computer and aggravated identity theft and agreed not to challenge a prison sentence shorter than nine years and four months. He got access simply by trying an employee’s stolen username and password combination, the complaint says, echoing a private third-party assessment of the incident previously reported by NBC News.

A top 100 US bank just disclosed a data breach affecting the personal and confidential information of thousands of customers.

In a filing with the Office of the Maine Attorney General, Arkansas-based Arvest Bank says it’s warning 7,537 people after a technical glitch enabled unauthorized account access.

Quantum scientists have cracked a longstanding problem by devising a method to speed up measurements without losing accuracy, a key hurdle for quantum technology. By cleverly adding extra qubits, they traded “space” for time, gathering more information faster without destabilizing the fragile qua

Japan on Friday enacted a new law that would permit the country’s authorities to preemptively engage with adversaries through offensive cyber operations to ensure threats are suppressed before they cause significant damage.

The new law, which was first mooted in 2022, is intended to help Japan strengthen its cyber defense “to a level equal to major Western powers” and marks a break from the country’s traditional approach to cyber defense, which had tracked closely to its Article 9 constitutional commitment to pacifism.

The new Active Cyberdefense Law mirrors recent reinterpretations of Article 9, providing Japan’s Self-Defence Forces with the right to provide material support to allies under the justification that failing to do so could endanger the whole of the country.

“Space weather can impact systems that use IT for critical functions and everyday processes,” James Spann, a senior scientist at the Office of Space Weather Observations at the U.S. National Oceanic and Atmospheric Administration’s (NOAA) National Environmental Satellite, Data, and Information Service (NESDIS) department, told Space.com in an email. “These space weather impacts can have the same symptoms as a cyberattack, where systems will be brought down, or lockup, or transmit erroneous information.”

NESDIS oversaw a tabletop space weather exercise conducted in May 2024, the first such drill testing the U.S. preparedness for a major solar storm. Results of the exercise, which brought together 35 US government agencies, were published in a report in April.

In one of the simulations during the exercise, NOAA and the U.S. Air Force reported a severe solar flare and radio burst, but another federal department or agency “reported contradictory information, suggesting that the radio and communications disruptions were possibly the result of a cyberattack,” according to the report. Above all, it showed the need for effective communication following such events.