FEDORA-2023-a2df0551fe
Packages in this update:
rt-5.0.5-1.fc37
Update description:
Upstream security and bugfix update.
rt-5.0.5-1.fc37
Upstream security and bugfix update.
Unauthorized access to certain email accounts occurred between May 26 and July 28 2023
Reels of another kind rack up the views online. Stories about Facebook Marketplace scams.
Recently, TikTok’er Michel Janse (@michel.c.janse) got well over a million views with a most unusual story about selling furniture on Facebook Marketplace—and how it led to identity theft.
oops dont fall for this scam like me
♬ original sound – Michel Janse
The story goes like this:
A buyer reached out about the furniture Michel was selling, expressed interest, and then hesitated. Why the cold feet? The buyer wanted to speak to Michel on the phone to confirm that Michel was a real person. “Are you OK if I voice call you from Google?” Michel agreed, sent her number, and soon received a text with a Google Voice code. The buyer asked for the code, and as soon as Michel sent it, she got that sinking feeling. “I should have Googled before I did, because something feels really off.”
As she found out, it was. The scammer ghosted the conversation and ran off with the verification code.
This is a variation of the “Verification Code Scam,” where scammers ask you to send them that six-digit code you receive as part of an account login process. Here, scammers send a text message with a Google Voice verification code and ask you to send them that code. With it, they can create a Google Voice number linked to your phone number—and go on to commit other forms of identity theft in your name.
It happens so often that the U.S. Federal Trade Commission (FTC) has a page dedicated to the topic. Luckily, Michel got wise quickly enough. She quickly asked for another code and took back charge of that newly created Google Voice account.
This is just one of the many scams lurking about on Facebook Marketplace. Largely, Facebook is a great place packed with lots of great deals, yet you can get stung. But if you know what to look out for, you can spot those scams and steer clear of them when you do.
As the saying goes, buyer beware. And seller too. Scammers weasel their way into both ends of a transaction. Per Facebook, in addition to phishing attacks, scams on Facebook Marketplace take three primary forms:
A buyer scam is: When someone tries to buy or trade items from someone else without paying, resulting in a loss of money for the seller and a gain for the buyer. This might look like a buyer who:
Reports their transaction as fraud after they receive the item(s) from you.
Claims they never received the item(s) from you when they did.
Doesn’t pay for an item that they received.
An example, a scammer sends a seller a pre-paid shipping label to mail the item. Then they change the address via their tracking number and claim they never received the goods.
A seller scam is: When someone tries to sell or trade items to someone else without delivering the items as promised, resulting in a gain of money for the seller and a loss for the buyer. This might look like a seller who:
Purposely sends you something significantly different than what you paid for. Example: someone sells you a used item that they listed as “new” on Facebook Marketplace.
Claims they shipped the item(s) to you when they didn’t.
Asks you to send them money as a deposit for a high-value item without letting you confirm it’s real first.
An example, a scammer offers up a game console—one that doesn’t work when you take it home and plug it in.
A listing scam is: When a listing appears to be dishonest, fake, or lures buyers to complete transactions outside Facebook Marketplace. This might look like a listing:
Of a product with a suspiciously low price on Facebook Marketplace. This can be a sign that it’s a fake item or listing.
With a description encouraging buyers to reach out to the seller outside Marketplace.
An example, you see a great price on a commuter bike, yet the seller wants to complete the transaction over text. And using a payment form not covered by Facebook’s purchase protection policies, such as Venmo or Zelle.
Like any transaction you make through social media, a few extra steps and a dose of buyer or seller beware can help you make a great purchase or sale. One that’s safe.
Check out the person’s profile: Michel mentioned getting a “vibe check” from her buyer by looking at their profile. Take it a step further and investigate closely. While not foolproof, it can help you spot an obvious fake account. Look for an account that’s only recently been created or that has next to no other activity. Those might be red flags. Also, try a reverse-image search of the person’s profile picture. Some scammers pull stock photos and other pictures off the internet to round out their bogus Facebook profiles.
Consider doing your deals locally: Many of the scams listed above rely on items that are shipped. By shopping locally, you can inspect the item you’d like to purchase and get a sense if it’s a deal or not. For example, you could ask the seller to show that the game console you want to buy actually works. Likewise, you can avoid all manner of shipping-based scams on Facebook by conducting your transaction in person.
Deal in public or with a pal: When selling or making a purchase, do it somewhere safe—one that’s well-lit and has some people around, if at all possible. Also, bring a friend and let others know where you’re going and what you’re doing.
Stick with Facebook Marketplace: If you choose to purchase an item that’s shipped, conduct your transaction on Facebook. By using its approved payment methods, you can gain the purchase protections mentioned above. Don’t use online payment methods like Zelle or Venmo, which aren’t protected by Facebook currently.
Document the transaction: Save any communications with your buyer or the seller in the event there is an issue. Keeping communications on Facebook provides an excellent record of your interactions in the event you end up getting scammed.
You can take three big steps to help set things straight.
The first step involves filing a police report. That in itself might not resolve the issue, yet it’ll get you a case number that you can reference in your claims moving forward. It provides law enforcement with knowledge that a crime has taken place, along with important data and info that they can use moving forward.
Also report the scam to the Federal Trade Commission (FTC) at https://reportfraud.ftc.gov. Likewise, this provides the FTC with vital info that helps them track trends and that it can share with its law enforcement partners. For example, scammers often run in rings. Data can help identify and shut them down.
Next, report your scam to Facebook. Make your claim, provide your records, and see about getting a refund. Also notify Facebook of the scammer’s account so that they can take action against it as needed. Whether it’s a seller, buyer, or listing you want to report, Facebook has full instructions for reporting scams on its site.
Whether shopping on Facebook Marketplace or off, a combination of online protection software and smart habits can help you avoid getting scammed. Further, online protection can provide you with yet more ways of preventing and recovering from identity theft.
Use two-form authentication—and never share your number with anyone. Two-factor authentication makes it tougher to hack into an online account by using a six-digit code as part of the login process. Hackers know this and will try and hoodwink you into providing it. Just as Michel found out. Keep that number to yourself. Always.
Use a credit card rather than a debit card for purchases. When fraud occurs with a debit card, you fight to get your money back—it’s gone straight out of your account. With a credit card, the issuer fights to get their money back. They’re the ones who take the financial hit. Additionally, in the U.S., the Fair Credit Billing Act gives citizens the power to dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Note that many credit card companies have their own policies that improve upon the Fair Credit Billing Act as well.
Monitor your credit, transactions, and personal info online. That was once quite the task. Now, comprehensive online protection software like ours can do all that for you. And then some. It can prevent identity theft by cleaning up your personal info and old accounts online. It can notify you when unusual activity occurs in bank, credit, retirement, and other online accounts. If your info winds up on the dark web, it can alert you of that too, and offer next steps for action. And if you do end up as a victim of identity theft, a licensed restoration pro can help you recover—plus provide covers that can help recover your losses.
We’d like to thank Michel and all the others who have shared their stories. Getting scammed stings. That’s why people often fail to report it, let alone share that it happened to them. Yet scams are crimes. Without question, act and report on a scam for the crime that it is. Get the proper platforms and authorities involved.
Keep in mind the larger picture as well. Scams aren’t always one-offs. Organized crime gets in on scams as well, sometimes on a large scale. By acting and reporting on scams, you provide those platforms and authorities mentioned above with vital info that can help them shut it down.
Your best defenses are your nose and your online protection software. As Michel said, something felt off in her interaction. So, if something doesn’t pass the sniff test, pay attention to that instinct. Shut down that purchase or sale on Facebook Marketplace—and report it if you think it’s a scam. You might save someone else some heartache down the road.
The post The Top Facebook Marketplace Scams to Look Out For appeared first on McAfee Blog.
We’re not the only ones looking forward to the big holiday sales like Black Friday and Cyber Monday. Hackers are too. As people flock to retailers big and small in search of the best deals online, hackers have their shopping scams ready.
One aspect of cybercrime that deserves a fair share of attention is the human element. Crooks have always played on our feelings, fears, and misplaced senses of trust. It’s no different online, particularly during the holidays. We all know it can be a stressful time and that we sometimes give in to the pressure of finding that hard-to-get gift that’s so hot this year. Crooks know it, too, and they’ll tailor their attacks accordingly as we get wrapped up in the rush of the season.
→ Dig Deeper: Unwrapping Some of the Holiday Season’s Biggest Scams
As you hone your skills in recognizing fantastic bargains every Black Friday, it’s equally crucial to familiarize yourself and your family with techniques to detect online shopping scams. Safeguarding your financial well-being during this shopping season requires a combination of savvy shopping and vigilance. Here are some key strategies to help you steer clear of potential online scams:
A standard scam hackers use is introducing malware via email attachments, and during the holiday sale season, they’ll often send malware under the guise of offering emails and shipping notifications. Know that retailers and shipping companies won’t send things like offers, promo codes, and tracking numbers in attachments. They’ll call those things out in the body of an email instead.
→ Dig Deeper: Phishing Email Examples: How to Recognize a Phishing Email
A classic scammer move is to “typosquat” phony email addresses and URLs that look close to legitimate addresses of legitimate companies and retailers. They often appear in phishing emails, and instead of leading you to a great deal, these can, in fact, link you to scam sites that can then lift your login credentials, payment info, or even funds should you try to place an order through them. You can avoid these sites by going to the retailer’s site directly. Be skeptical of any links you receive by email, text, or direct message—it’s best to go to the site yourself by manually typing in the legitimate address yourself and looking for the deal there.
A related scammer trick that also uses typosquatting tactics is to set up sites that look like a trusted retailer or brand could run them but are not. These sites may tout a special offer, a great deal on a hot holiday item, or whatnot, yet such sites are one more way cybercriminals harvest personal and financial information. A common way for these sites to spread is by social media, email, and other messaging platforms. Again, a “close to the real thing” URL is a telltale sign of a copycat, so visit retailers directly.
A comprehensive online protection software can prevent your browser from loading suspicious sites and warn you of suspicious sites in your search results. Alternatively, a safe browsing software like McAfee WebAdvisor can also add an extra layer of security to your browsing experience.
Not every app that you’ll find on your mobile store is legitimate. Some are slyly designed to imitate trusted brands, but in reality, they are there to feed off your personal and financial information. These counterfeit apps can appear professional, which makes them hard to detect. To prevent falling into this kind of scam, it is advisable to use the app link from the retailer’s website. Visit the website using your mobile browser and search for a link to their app on the website. When using Safari on iOS, if the website has an app available, you’ll see a prompt at the top that gives you the option to either open the page in the app or download it if it’s not already on your device.
Moreover, be careful and only download apps from legitimate app stores like Google Play and Apple’s App Store, which have measures to prevent malicious apps. However, some manage to sneak in before they are detected. In this case, check for the publisher’s name and make sure it is the actual retailer you’re looking for. Other indicators of a fake app include typos, poor grammar, and imperfect design.
McAfee Pro Tip: Review a report concerning your app’s access to your personal information to enable informed decision-making for each app. Explore this blog for insights on preventing malicious apps.
The holiday season is a critical time for shopping. Retailers have special offers for a limited time and popular holiday items that are difficult to find, which creates a sense of scarcity. This makes it the perfect time for scammers to launch their schemes. They leverage this urgency and create “too good to be true” offers on their fake sites. If the price, availability, or delivery time seems too advantageous, it might be a scam designed to steal your personal data and money. Therefore, be cautious before you click on any link.
If you’re unsure about an offer or a retailer, take a moment to check their reviews on trusted websites. This can help you discern whether it’s a legitimate deal or a scam. Do not rush into buying an item without doing proper research. Remember, if it is too good to be true, it probably is.
→ Dig Deeper: Online Shopping Festivals – Things to Do Before Clicking on Add to Cart
The holiday season is a prime time for online shopping scams. Cybercriminals know that people are in a rush to get the best deals, and they take advantage of this. They use tactics like malware-laden email attachments, typosquatting, counterfeit sites, and apps, and unbelievable offers to trick unsuspecting shoppers. However, by being aware of these schemes and knowing how to spot them, you can protect yourself and ensure a safer online shopping experience.
One key takeaway is to always double-check before clicking on any link or making a purchase. If an offer seems too good to be true, it probably is. Remember to download a trusted protection software like McAfee Total Protection to give you an extra layer of security. It is advisable to use credit cards instead of debit cards while shopping online and consider using virtual credit cards for further protection. Finally, never give in to stress and scarcity. Take your time to make informed decisions and enjoy a safe shopping season.
The post Spot Those Black Friday and Cyber Monday Shopping Scams appeared first on McAfee Blog.
Ross Lagerwall discovered that the Xen netback backend driver in the Linux
kernel did not properly handle certain unusual packets from a
paravirtualized network frontend, leading to a buffer overflow. An attacker
in a guest VM could use this to cause a denial of service (host system
crash) or possibly execute arbitrary code. (CVE-2023-34319)
Bien Pham discovered that the netfiler subsystem in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local user could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-4244)
Kyle Zeng discovered that the networking stack implementation in the Linux
kernel did not properly validate skb object size in certain conditions. An
attacker could use this cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-42752)
Kyle Zeng discovered that the netfiler subsystem in the Linux kernel did
not properly calculate array offsets, leading to a out-of-bounds write
vulnerability. A local user could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-42753)
Kyle Zeng discovered that the IPv4 Resource Reservation Protocol (RSVP)
classifier implementation in the Linux kernel contained an out-of-bounds
read vulnerability. A local attacker could use this to cause a denial of
service (system crash). Please note that kernel packet classifier support
for RSVP has been removed to resolve this vulnerability. (CVE-2023-42755)
Kyle Zeng discovered that the netfilter subsystem in the Linux kernel
contained a race condition in IP set operations in certain situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-42756)
Bing-Jhong Billy Jheng discovered that the Unix domain socket
implementation in the Linux kernel contained a race condition in certain
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-4622)
Budimir Markovic discovered that the qdisc implementation in the Linux
kernel did not properly validate inner classes, leading to a use-after-free
vulnerability. A local user could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-4623)
Alex Birnberg discovered that the netfilter subsystem in the Linux kernel
did not properly validate register length, leading to an out-of- bounds
write vulnerability. A local attacker could possibly use this to cause a
denial of service (system crash). (CVE-2023-4881)
It was discovered that the Quick Fair Queueing scheduler implementation in
the Linux kernel did not properly handle network packets in certain
conditions, leading to a use after free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-4921)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle removal of rules from chain bindings in certain
circumstances, leading to a use-after-free vulnerability. A local attacker
could possibly use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2023-5197)
Ross Lagerwall discovered that the Xen netback backend driver in the Linux
kernel did not properly handle certain unusual packets from a
paravirtualized network frontend, leading to a buffer overflow. An attacker
in a guest VM could use this to cause a denial of service (host system
crash) or possibly execute arbitrary code. (CVE-2023-34319)
Bien Pham discovered that the netfiler subsystem in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local user could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-4244)
Kyle Zeng discovered that the networking stack implementation in the Linux
kernel did not properly validate skb object size in certain conditions. An
attacker could use this cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-42752)
Kyle Zeng discovered that the netfiler subsystem in the Linux kernel did
not properly calculate array offsets, leading to a out-of-bounds write
vulnerability. A local user could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-42753)
Kyle Zeng discovered that the IPv4 Resource Reservation Protocol (RSVP)
classifier implementation in the Linux kernel contained an out-of-bounds
read vulnerability. A local attacker could use this to cause a denial of
service (system crash). Please note that kernel packet classifier support
for RSVP has been removed to resolve this vulnerability. (CVE-2023-42755)
Kyle Zeng discovered that the netfilter subsystem in the Linux kernel
contained a race condition in IP set operations in certain situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-42756)
Bing-Jhong Billy Jheng discovered that the Unix domain socket
implementation in the Linux kernel contained a race condition in certain
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-4622)
Budimir Markovic discovered that the qdisc implementation in the Linux
kernel did not properly validate inner classes, leading to a use-after-free
vulnerability. A local user could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-4623)
Alex Birnberg discovered that the netfilter subsystem in the Linux kernel
did not properly validate register length, leading to an out-of- bounds
write vulnerability. A local attacker could possibly use this to cause a
denial of service (system crash). (CVE-2023-4881)
It was discovered that the Quick Fair Queueing scheduler implementation in
the Linux kernel did not properly handle network packets in certain
conditions, leading to a use after free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-4921)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle removal of rules from chain bindings in certain
circumstances, leading to a use-after-free vulnerability. A local attacker
could possibly use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2023-5197)
It was discovered that the IPv6 implementation in the Linux kernel
contained a high rate of hash collisions in connection lookup table. A
remote attacker could use this to cause a denial of service (excessive CPU
consumption). (CVE-2023-1206)
Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD
processors utilising speculative execution and branch prediction may allow
unauthorised memory reads via a speculative side-channel attack. A local
attacker could use this to expose sensitive information, including kernel
memory. (CVE-2023-20569)
It was discovered that the IPv6 RPL protocol implementation in the Linux
kernel did not properly handle user-supplied data. A remote attacker could
use this to cause a denial of service (system crash). (CVE-2023-2156)
Davide Ornaghi discovered that the DECnet network protocol implementation
in the Linux kernel contained a null pointer dereference vulnerability. A
remote attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. Please note that kernel support for the
DECnet has been removed to resolve this CVE. (CVE-2023-3338)
Ross Lagerwall discovered that the Xen netback backend driver in the Linux
kernel did not properly handle certain unusual packets from a
paravirtualized network frontend, leading to a buffer overflow. An attacker
in a guest VM could use this to cause a denial of service (host system
crash) or possibly execute arbitrary code. (CVE-2023-34319)
Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel
did not properly validate command payload size, leading to a out-of-bounds
read vulnerability. A remote attacker could possibly use this to cause a
denial of service (system crash). (CVE-2023-38432)
It was discovered that the NFC implementation in the Linux kernel contained
a use-after-free vulnerability when performing peer-to-peer communication
in certain conditions. A privileged attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information
(kernel memory). (CVE-2023-3863)
Laurence Wit discovered that the KSMBD implementation in the Linux kernel
did not properly validate a buffer size in certain situations, leading to
an out-of-bounds read vulnerability. A remote attacker could use this to
cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2023-3865)
Laurence Wit discovered that the KSMBD implementation in the Linux kernel
contained a null pointer dereference vulnerability when handling handling
chained requests. A remote attacker could use this to cause a denial of
service (system crash). (CVE-2023-3866)
It was discovered that the Siano USB MDTV receiver device driver in the
Linux kernel did not properly handle device initialization failures in
certain situations, leading to a use-after-free vulnerability. A physically
proximate attacker could use this cause a denial of service (system crash).
(CVE-2023-4132)
Andy Nguyen discovered that the KVM implementation for AMD processors in
the Linux kernel with Secure Encrypted Virtualization (SEV) contained a
race condition when accessing the GHCB page. A local attacker in a SEV
guest VM could possibly use this to cause a denial of service (host system
crash). (CVE-2023-4155)
It was discovered that the TUN/TAP driver in the Linux kernel did not
properly initialize socket data. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-4194)
Bien Pham discovered that the netfiler subsystem in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local user could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-4244)
Maxim Suhanov discovered that the exFAT file system implementation in the
Linux kernel did not properly check a file name length, leading to an out-
of-bounds write vulnerability. An attacker could use this to construct a
malicious exFAT image that, when mounted and operated on, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-4273)
Kyle Zeng discovered that the networking stack implementation in the Linux
kernel did not properly validate skb object size in certain conditions. An
attacker could use this cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-42752)
Kyle Zeng discovered that the netfiler subsystem in the Linux kernel did
not properly calculate array offsets, leading to a out-of-bounds write
vulnerability. A local user could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-42753)
Kyle Zeng discovered that the IPv4 Resource Reservation Protocol (RSVP)
classifier implementation in the Linux kernel contained an out-of-bounds
read vulnerability. A local attacker could use this to cause a denial of
service (system crash). Please note that kernel packet classifier support
for RSVP has been removed to resolve this vulnerability. (CVE-2023-42755)
Kyle Zeng discovered that the netfilter subsystem in the Linux kernel
contained a race condition in IP set operations in certain situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-42756)
Thelford Williams discovered that the Ceph file system messenger protocol
implementation in the Linux kernel did not properly validate frame segment
length in certain situation, leading to a buffer overflow vulnerability. A
remote attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-44466)
Bing-Jhong Billy Jheng discovered that the Unix domain socket
implementation in the Linux kernel contained a race condition in certain
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-4622)
Budimir Markovic discovered that the qdisc implementation in the Linux
kernel did not properly validate inner classes, leading to a use-after-free
vulnerability. A local user could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-4623)
Alex Birnberg discovered that the netfilter subsystem in the Linux kernel
did not properly validate register length, leading to an out-of- bounds
write vulnerability. A local attacker could possibly use this to cause a
denial of service (system crash). (CVE-2023-4881)
It was discovered that the Quick Fair Queueing scheduler implementation in
the Linux kernel did not properly handle network packets in certain
conditions, leading to a use after free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-4921)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle removal of rules from chain bindings in certain
circumstances, leading to a use-after-free vulnerability. A local attacker
could possibly use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2023-5197)
Ransomware remains both a prevalent and impactful type of attack. Here’s a tool to help you calculate your organization’s ransomware risk.
The industry pushed back:
Despite the EPA’s willingness to provide training and technical support to help states and public water system organizations implement cybersecurity surveys, the move garnered opposition from both GOP state attorneys and trade groups.
Republican state attorneys that were against the new proposed policies said that the call for new inspections could overwhelm state regulators. The attorney generals of Arkansas, Iowa and Missouri all sued the EPA—claiming the agency had no authority to set these requirements. This led to the EPA’s proposal being temporarily blocked back in June.
So now we have a piece of our critical infrastructure with substandard cybersecurity. This seems like a really bad outcome.