More than 100 smart irrigation systems were left exposed online without a password last month, allowing anyone to access and tamper with water irrigation programs for crops, tree plantations, cities, and building complexes. From a report: The exposed irrigation systems were discovered by Security Joes, a small boutique security firm based in Israel. All were running ICC PRO, a top-shelf smart irrigation system designed by Motorola for use with agricultural, turf, and landscape management. Security Joes co-founder Ido Naor told ZDNet last month that companies and city officials had installed ICC PRO systems without changing default factory settings, which don't include a password for the default account. Naor says the systems could be easily identified online with the help of IoT search engines like Shodan. Once attackers locate an internet-accessible ICC PRO system, Naor says all they have to do is type in the default admin username and press Enter to access a smart irrigation control panel. Here, Naor says attackers can pause or stop watering events, change settings, control the water quantity and pressure delivered to pumps, or lock irrigation systems by deleting users.

Read more of this story at Slashdot.

A Georgia county has reverted to matching some absentee ballot signatures to paper backups, rather than an online system, after a ransomware infection spread to part of its election department. From a report: Poll workers in Hall County have since caught up on a backlog of absentee ballots, state officials said, and said there's no danger of the ransomware extending to systems used to cast or count votes. But the infection is the first known example in the 2020 general election of opportunistic criminal hackers incidentally slowing the broader election process, something that federal cybersecurity officials have warned is a strong possibility. But the attack does not indicate any broad effort to tamper with U.S. voting or show systemic vulnerabilities to the U.S. election system. "They switched over to their paper backups, which is required of them," said Jordan Fuchs, Georgia's deputy secretary of state. "It took a little bit of work on their part -- I think they had 11 days of catch-up to do -- and they completed their task," she said.

Read more of this story at Slashdot.