News This Past Two Weeks
9 views
Skip to first unread message
Tim Anater
Jun 6, 2017, 11:33:45 AM6/6/17
to I am The Cavalry
Medical implants and hospital systems are still infosec dumpster-fires
Whitescope's whitepaper on pacemaker security analyzes 7 different pacemaker programming devices from four different manufacturers (devices that can reprogram a pacemaker remotely, generally by using radio signals) and finds that they are collectively undefended against 8,000 know vulnerabilities, and do not have even simple authentication between pacemakers and pacemaker programmers
Medical Devices Fall Short in Security Best Practices
More than half of medical device makers and healthcare delivery organizations anticipate an attack on their medical devices within the next 12 months, but only a smattering take significant steps to prevent it, according to a survey released today
Healthcare industry continues to struggle with software security
67% of medical device manufacturers and 56% of healthcare delivery organizations (HDOs) believe an attack on a medical device built or in use by their organizations is likely to occur over the next 12 months.
Over 8,600 Vulnerabilities Found in Pacemakers
A pacemaker is a small electrical battery-operated device that's surgically implanted in the chest to help control the heartbeats. This device uses low-energy electrical pulses to stimulate the heart to beat at a normal rate.
A Fact Check on Medical Device Security
Now let’s consider the network vulnerability of hospitals and other medical providers using that favorably timed news I mentioned. On Friday, May 12th, the WannaCry ransomware attack infected more than 230,000 computers in over 150 countries
What will it take to keep smart cities safe?
This includes smart systems for energy management, parking management systems, public transportation information coordination, transportation sharing, traffic management, air quality monitoring, waste management, e-government, connectivity, and so on.
New York forces smart lock maker to improve its security
The New York Attorney General's office settled with Safetech to provide better security for its smart locks
Average Patching Time for SCADA Flaws Is 150 Days: Report
Supervisory control and data acquisition (SCADA) systems, particularly human-machine interfaces (HMI), can be a tempting target for malicious actors, but it takes vendors, on average, 150 days to patch vulnerabilities in these types of products, according to a new report from Trend Micro and the Zero Day Initiative
SCADA systems plagued by insecure development and slow patching
“Behind most modern conveniences, there exists a SCADA system somewhere that controls them,” Trend Micro researchers pointed out in a new report that delves in the heart of vulnerabilities affecting SCADA systems’ Human Machine Interfaces (HMIs).
Several Vulnerabilities Found in Rockwell Automation PLCs
ICS-CERT has published an advisory describing several vulnerabilities, including ones rated critical, in Rockwell Automation’s Allen-Bradley MicroLogix programmable logic controllers (PLCs). Firmware updates that patch the flaws are available only for some devices
Ransomware and the Internet of Things
As devastating as the latest widespread ransomware attacks have been, it's a problem with a solution. If your copy of Windows is relatively current and you've kept it updated, your laptop is immune. It's only older unpatched systems on your computer that are vulnerable.
Understanding the Systemic Security Risks in ICS Networks
While the WannaCry ransomware was not targeted specifically at any ICS devices, and there is no evidence it was specifically targeted at ICS network owners, there are documented cases of it reaching the ICS domain and causing disruption to production
Intrinsic ID Unveils Bold New Authentication Security for IoT Devices
As the IoT economy begins to take shape, the security of all those new devices that will be collecting and shipping data to servers in the cloud is becoming a huge product-making focus for companies new and old. Basically, each new device in the field becomes an additional attack surface for hackers, so therein lies the problem to be solved.
Securing IoT Devices Requires a Change in Thinking
There's no magic bullet for IoT security, but there are ways to help detect and mitigate problems
Is it dangerous for humans to depend on computers?
In China, Google's DeepMind artificial intelligence program took on and beat the world champion of the complex game of Go, reducing him to tears. Nineteen-year-old Ke Jie described the AI computer as "perfect, flawless, without any emotions".
Ready or not, IoT third party risks are here
A new survey conducted by The Ponemon Institute uncovered a high rate of concern among organizations about the security of IoT, yet a gap in understanding of how to mitigate and communicate the risks, especially as it relates to third parties.
The cost of IoT hacks: Up to 13% of revenue for smaller firms
Nearly half of U.S. firms using an Internet of Things (IoT) network have been hit by a recent security breach, which can cost up to 13% of smaller companies’ annual revenue, according to a new survey by Altman Vilandrie & Company
Internet Society Takes On IoT, Website Security, Incident Response via OTA Merger
What happens now that the Online Trust Alliance - which includes Microsoft, Symantec, Twitter, and other big names - will be under the umbrella of the global Internet organization?
Reply all
Reply to author
Forward
0 new messages