A critical vulnerability in applications made by software giant SAP could affect up to 40,000 SAP customers, offering a pathway for hackers to remotely steal or alter data, researchers warned Tuesday. … The software flaw “could have a significant impact on financial systems or other critical areas of an organization,” said Tony Cole, CTO of …
The past 12 months have been a maze of cyber security challenges, ranging from the almost constant data breach headlines to the introduction of that little thing call the GDPR. Now, as 2019 comes rushing up to greet us, what can we expect to see dominating the industry? Below are just a few of the predictions we’re making…
“The biggest threat posed by cyber-criminals today is their ability to remain undetected in the network for months, once they have bypassed perimeter defences,” he said. “New technologies and approaches like deception-based threat detection will be one of the techniques and investments that organisations will adopt to close this gap and strengthen overall defences.”
As medical devices incorporate connectivity, they provide greater opportunities for convenience, service, and information for consumers and companies, but also are increasingly vulnerable to cyber threats. In this environment, Attivo Networks and Becton, Dickinson and Co. (BD) have validated a deception solution for medical technology cybersecurity threats through a partnership bringing Attivo’s Botsink solution to a select number of BD devices. The two firms collaborated through BD’s Product Security Partnership Program and created “mirror-match decoy authenticity” software for some of BD’s devices, a method designed to redirect an attack from reaching important information or networks.
Critical Vulnerabilities Found in Radiation Monitors Used in Nuclear Power Plants, Seaports and Airports
LAS VEGAS – BLACK HAT USA – Researchers have discovered multiple unpatched vulnerabilities in different radiation monitoring devices that could be leveraged by attackers to reduce personnel safety, delay detection of radiation leaks, or help international smuggling of radioactive material.
In a paper (PDF) delivered by Ruben Santamarta, principal security consultant at Seattle-based IOActive, at Black Hat Wednesday, it was disclosed that radiation monitors supplied by Ludlum, Mirion and Digi contain multiple vulnerabilities.
A ransomware attack on Grand Prairie, Texas-based Rainbow Children’s Clinic in early August reportedly affected 33,638 patients, according to Information Management.
On Aug. 3, a hacker launched a ransomware attack on the clinic’s computer system, encrypting data on the clinic’s servers. Rainbow Children’s Clinic attempted to quickly shut down its system, but an investigation conducted by a forensic expert proved a number of patient records had been deleted, reports Healthcare Finance News.
The potentially “irretrievably deleted” records may include patients’ names, addresses, dates of birth, Social Security numbers, medical information and payment guarantors.
By targeting internet of things (IoT) devices using default passwords, the botnet has grown large enough to launch a 400 gigabits per second (Gbps) attack without any form of amplification.
The attackers simply used the cumulative bandwidth available to the IoT devices they have infected with the LizardStresser malware.
The malware was created by the Lizard Squad DDoS group, which published its source code in early 2015, enabling other aspiring DDoS attackers to build their own botnets.
New proposed cybersecurity guidance from the Food and Drug Administration is an important step in getting medical device manufacturers more focused on the risks posed by their products as they’re used in healthcare settings, security experts say.
The draft guidance on postmarket cybersecurity, issued on Jan. 15, follows the FDA’s release in October 2014 of a similar document urging medical device makers to address cybersecurity risks in the pre-market design of their products (see FDA Issues Medical Device Security Guide).