Microsoft has tied an attack on seven facilities managing the electricity grid in Northern India to a vulnerability affecting a web server discontinued in 2005 but still used widely by vendors across a variety of IoT devices and popular software development kits.
For those that may not know what Boa is, here is an explanation:
Boa is a discontinued since 2005 open-source small-footprint web server that is suitable for embedded applications. Originally written by Paul Phillips, it was previously maintained by Larry Doolittle and Jon Nelson. Slashdot and Fotolog use Boa to serve images.
A second article on the topic can be found here:
For those that support SCADA systems, this is a reminder that Open Source software can become legacy and unsupported, leaving it open to vulnerabilities.