Zelensky Loses Cool at President of NATO Nation; Fumes as Bulgaria Refuses Arms for Kyiv...President Rumen Radev kept referring to the Russia-Ukraine war as conflict and refused to arm Kyiv amid the war, angering Zelensky | Watch

40,689 views Jul 7, 2023 #bulgaria #russiaukrainewar #rumenradev

Ukrainian President Volodymyr Zelensky was caught on camera losing his cool at his Bulgarian counterpart during his visit to Sofia. President Rumen Radev kept referring to the Russia-Ukraine war as conflict and refused to arm Kyiv amid the war, angering Zelensky. The Ukrainian President was then seen lecturing Radev over why the he needs their support. Watch this video for more details. #bulgaria #russiaukrainewar #rumenradev #volodymyrzelensky #kyiv #sofia #ukrainerussiacrisis #moscow #weapons #vladimirputin

TACTICAL ULTRA SHORT-PULSE LASER: US Tested Its Monstrously Powerful $500 Million Laser Technology...Something so advanced and powerful that it can destroy everything in its path

118,783 views Jul 6, 2023 #Voyager #Space

Over the years, the United States Air Force has developed some of the most dangerous and advanced weaponry, from crazy fighter jets to next-level drones and hypersonic missiles.But their latest weapon is something so advanced and powerful that it can destroy everything in its path.

Over 130K PV Measuring and Diagnostics Solutions exposed over the Internet | via Bleeping Computer

Cyble Research & Intelligence Labs provides capabilities for customers to manage cyber risks with AI powered actionable threat intelligence. We are specialists in gathering intelligence across the Deepweb, Darkweb and the Surface Web.

Cyble’s threat analysts scanned the web for internet-exposed PV utilities and found 134,634 products from various vendors, which include Solar-Log, Danfoss Solar Web Server, SolarView Contec, SMA Sunny Webbox, SMA Cluster Controller, SMA Power Reducer Box, Kaco New Energy & Web, Fronis Datamanager, Saj Solar Inverter, and ABB Solar Inverter Web GUI.
It is important to note that the exposed assets are not necessarily vulnerable or misconfigured in a way that allows attackers to interact with them.
However, Cyble’s research shows that unauthenticated visitors can glean information, including settings, that could be used to mount an attack. 

Security Gaps in Green Energy Sector: Unveiling the Hidden Dangers of Public-Facing PV Measuring and Diagnostics Solutions

Over 130,000 solar energy monitoring systems exposed online

By 

Bill Toulas

 

• July 6, 2023
 
• 05:04 AM
 
• 0

Security researchers are warning that tens of thousands of photovoltaic (PV) monitoring and diagnostic systems are reachable over the public web, making them potential targets for hackers.
These systems are used for remote performance monitoring, troubleshooting, system optimization, and other functions to allow remote management of renewable energy production units.

Sensitive info exposed

Cyble’s threat analysts scanned the web for internet-exposed PV utilities and found 134,634 products from various vendors, which include Solar-Log, Danfoss Solar Web Server, SolarView Contec, SMA Sunny Webbox, SMA Cluster Controller, SMA Power Reducer Box, Kaco New Energy & Web, Fronis Datamanager, Saj Solar Inverter, and ABB Solar Inverter Web GUI.

It is important to note that the exposed assets are not necessarily vulnerable or misconfigured in a way that allows attackers to interact with them.

However, Cyble’s research shows that unauthenticated visitors can glean information, including settings, that could be used to mount an attack.

Exposed power generation figures and settings (Cyble)

Exposed live performance stats (Cyble)

• The report also highlights that vulnerabilities have been found and reported for the products above and there is proof of concept (PoC) exploit code available for several of them, which increases the likelihood of attacks against the systems running an older firmware version.
• Even when PV control systems are adequately secured, Cyble points out the risk of information-stealing malware that can collect logins for these tools.

Active exploitation

Exploiting vulnerabilities in the PV systems that Cyble found exposed online has happened recently, with hackers scanning the web for vulnerable devices to add them to botnets.
For example, CVE-2022-29303, an unauthenticated remote command injection vulnerability impacting Contec’s SolarView system was used by a relatively new Mirai variant looking for fresh systems to grow its distributed denial-of-service (DDoS) power.
Cyble’s scans found 7,309 internet-exposed SolarView devices globally, while another report from VulnCheck today discovered 425 instances of Contec’s SolarView that use a vulnerable firmware version.

Shodan scan results (VulnCheck)

• VulnCheck’s report also highlights another recently-discovered unauthenticated remote code execution bug impacting the same product, tracked as CVE-2023-23333, for which multiple exploits exist in the public space.

Systems of this type often face a degree of neglect in terms of maintenance and upgrades, which gives attackers good chances of success when they leverage fairly recent vulnerabilities.

If PV system admins need to expose the interfaces for remote management, they should at least use strong, unique credentials, activate use multi-factor authentication where available, and keep their systems updated. Segregating the equipment to its own network also counts as a good defense."

Related Articles:

Android July security updates fix three actively exploited bugs

Criminal IP Unveils Bug Bounty Program to Boost User Safety, Security

LayerZero launches record-breaking $15M crypto bug bounty program

Parental control app with 5 million downloads vulnerable to attacks

New StackRot Linux kernel flaw allows privilege escalation

 

Security Gaps in Green Energy Sector: Unveiling the Hidden Dangers of Public-Facing PV Measuring and Diagnostics Solutions

• July 5, 2023

Over 130K PV Measuring and Diagnostics Solutions exposed over the Internet

With its increasing prominence and global adoption, green energy has emerged as a potential target for attackers, posing concerns for both State and Private entities in the near future. With the increasing adoption of renewable energy sources such as solar, wind, and hydroelectric power, the infrastructure supporting green energy becomes an attractive prospect for cyber threats.
The interconnected nature of green energy systems, which encompasses power grids, energy storage facilities, and smart technologies, positions vulnerabilities, and misconfigurations that are enticing for malicious actors to exploit. Hence, in times of conflict or heightened tensions, the dependence on green energy systems for power generation and distribution renders them alluring targets.

Internet Exposure of Photovoltaic Diagnostic & Monitoring systems

As PV monitoring and diagnostics systems are critical elements in the solar industry, an attack on these systems can have a domino effect affecting multiple entities and operations within a state.
Previously Cyble researcher blogs have discussed the impact and vulnerabilities in one of the Control Systems used in PV plants globally in the blog “Photovoltaic Plants PV Facing Risk of Cyberattack“.
CRIL researchers further investigated the internet exposure of these systems to understand the attack surface available for Threat Actors. They observed that there are over 130K internet-exposed PV diagnostic and monitoring solutions globally. Given below is the graph for the same.

Figure 1 – Internet exposure of PV monitoring & Diagnostic Solutions

Note: Internet Exposed devices only indicate assets that might be potentially vulnerable to cyber-attacks. 

• Not all devices need to be prone to cyber-attacks; rather, the high exposure of these devices provides a large attack surface for attackers.

Impact

Gaining access to multiple PV monitoring solutions can have a disastrous impact on CI organizations and National services that rely on solar energy and might pose a significant threat to the electric grid.

• Targeting PV monitoring solutions can have severe repercussions, extending beyond the energy sector. It can lead to reduced energy production, causing an energy crisis and imbalances in supply and demand. 
• Disruptions in PV monitoring can also affect the transportation sector, particularly electric vehicles, by impacting charging infrastructure and mobility services.
•  Additionally, economic impacts may arise, with businesses facing downtime and financial losses.

Cyberattacks targeting PV monitoring solutions and the subsequent reduction in green energy production can result in power outages, impacting households, businesses, and public services. Also, 

• TAs might gain a strategic advantage in a war-like situation if they have access to thousands of PV measuring & monitoring and exploiting their underlying vulnerabilities.

Conclusion

Exposing assets vital for operations within nations over the internet increases the risk of cyber-attacks as TAs and Hacktivist groups continuously scan the internet to find assets that can be easily targeted and have a major impact on operations. 

• Researchers at Cyble observed a huge number of PV monitoring assets exposed over the internet that are located globally. In the list of solutions observed during the investigation, multiple solutions might be vulnerable and misconfigured, increasing the risk of cyber attacks. 
• Hence, the operators of these solutions must ensure that the products are updated with the latest patch released by official vendors and are being monitored for intrusions.

Leaving PV monitoring and diagnostic solutions exposed over the internet indicates the lack of healthy cyber hygiene as state and private entities might deploy these solutions to monitor critical PV systems. 

The unavailability of these solutions might have a high impact on overall operations within a state.
Official vendors and State authorities provide regular updates and alerts on such devices. However, the high internet exposure of this device indicates that a large chunk of asset owners still lack visibility into PV monitoring and diagnostic solutions.

Green Journal

Why Do Solar Farms Need Upgraded Security? | Green Journal

Companies stand to get over $200 billion from a single provision of the Inflation Reduction Act ... what do workers get?

 Will Heavily Subsidized Battery Factories Generate Substandard Jobs?

Under a provision of the Inflation Reduction Act, some factories making batteries for electric vehicles will each receive more than a billion dollars per year from the U.S. government, with no requirement to pay good wages to production workers.  Thanks to the Advanced Manufacturing Production Credit, also called 45X for its section in the Internal Revenue Code, battery companies will receive tax credits that they can use, sell, or cash out.   The 45X program alone will cost taxpayers over $200 billion in the next decade, far more than the $31 billion estimated by Congress’s Joint Committee on Taxation.  On top of 45X and other federal incentives, factories manufacturing electric vehicles and batteries have also been promised well over $13 billion in state and local economic development incentives in just the past 18 months. That's according to a new Good Jobs First report, "Power Outrage: Will Heavily Subsidized Battery Factories Generate Substandard Jobs?"   What do local communities get from companies in exchange for public money?  The Biden administration says the IRA will create “good-paying union jobs,” but the federal tax credit has no job quality requirements for permanent jobs and doesn’t mandate companies pay market-based wages or benefits. Good Jobs First did the math for five recently announced battery factories. Here’s what we learned: Total subsidies will range from $2 million to $7 million per job. Average annual wages, as announced, will be below the current national average for production workers in the automotive sector. The 45X credit alone is large enough to cover each facility’s initial capital investment cost and wage bill for the first several years of production. For example, Ford Motor’s new $3.5 billion battery plant in Marshall, Michigan, will be eligible for an estimated $6.7 billion in federal 45X tax credits.  State and local governments have already awarded it an additional $1.7 billion in subsidies.  The company has promised to create 2,500 new jobs that it says will pay an average annual wage of just $45,000 a year, while reaping subsidies of $3.4 million per job.   As plans for these facilities are finalized, we recommend a set of policy actions to set the country’s emerging EV-battery industrial complex on the path to “high road” employment. Read the full report, including our policy recommendations, here. Good Jobs First, founded in 1998, is a non-profit resource center that promotes corporate and government accountability in economic development.

Blandford Homes buys Tex Earnhardt Family Compound. | Rose Law Group Reporter

Gilbert homebuilder buys Tex Earnhardt family compound. 

Here’s the deal: Jeff Blandford, “founder and president of Blandford Homes,” has closed on Tex “Earnhardt’s family ranch,” paying $15.25 million for the 38.12-acre parcel located at the NWC of McQueen and Hunt Hwy. in Chandler. 

In the works: Earnhardt Ranch, a 100-home master-planned community with “two series of homes ranging between 2,400 and 4,200 square feet” and “most likely” starting “in the $800,000s.” 

The Tex message: “Perched atop a steer, Tex Earnhardt's car dealership commercials were known for his tag line ‘That ain't no bull.’ He died in April 2020 at age 89.” 

Blandford: “We had done some business with [the Earnhardts] in the past… The family reached out and asked if we wanted to buy it. They named a price and we said yes.” 

Timeline:  “Model home construction is expected to begin in the first quarter of 2024, with an expected opening that summer.”  https://bit.ly/3JQyGRx 

Gilbert homebuilder buys Tex Earnhardt family compound

Photo via Blanford Homes

When Earnhardt Auto Centers founder and CEO Tex Earnhardt‘s family was ready to sell its 38-acre family compound in the middle of Chandler, they called Jeff Blandford.

The founder and president of Blandford Homes in Gilbert paid $15.25 million to an Earnhardt trust for the 38.12-acre parcel at the northeast corner of McQueen Road and Hunt Highway, according to Tempe-based Vizzda LLC real estate database.

Read the full subscription story from the Phoenix Business Journal.