04-23-18 – News This Past Week

FDA plans to improve medical device cybersecurity
Fixing vulnerabilities in a timely manner and propagating the fixes to the customers and users is also important, and to that end the FDA aims to push firms to adopt policies and procedures for coordinated disclosure of vulnerabilities

FDA plans to improve medical device cybersecurity

Energy security pros worry about catastrophic failure due to cyberattacks
70 percent of energy security professionals are concerned that a successful cyberattack could cause a catastrophic failure, such as an explosion, a recent survey has shown.

Energy security pros worry about catastrophic failure due to cyberattacks

IOT SECURITY CONCERNS PEAKING – WITH NO END IN SIGHT
With the massive influx of connected devices into our digital lives, it’s no surprise that IoT security was on the forefront of the 2018 RSA Conference this year. But despite numerous talks about IoT vulnerabilities this week, a clear resolution seems nowhere in sight.

IoT Security Concerns Peaking – With No End In Sight

70% of Energy Firms Worry About Physical Damage from Cyberattacks
High-profile ICS attacks Triton/Trisis, Industroyer/CrashOverride, and Stuxnet have driven energy firms to invest more in cybersecurity, survey shows
https://www.darkreading.com/attacks-breaches/70–of-energy-firms-worry-about-physical-damage-from-cyberattacks/d/d-id/1331589

Putting the S.M.A.R.T. in Smart Cities: How to Address the Expanding Attack Surface
The concept of a smart city came of age in conjunction with another now ubiquitous term: digital transformation. Cities and counties rely heavily on their taxing authority to provide critical services such as public safety, public works and infrastructure maintenance
https://www.tenable.com/blog/putting-the-s-m-a-r-t-in-smart-cities-how-to-address-the-expanding-attack-surface

AN ELABORATE HACK SHOWS HOW MUCH DAMAGE IOT BUGS CAN DO
Vulnerabilities in internet-connected devices are well-documented by this point, but the most common exploitations generally involve conscripting thousands of vulnerable IoT devices into botnets, or getting onto a network through a weak IoT device for ransomware attacks. These aren’t using data-stealing missions.
https://www.wired.com/story/elaborate-hack-shows-damage-iot-bugs-can-do/

Surge of Attacks Targeting Network Infrastructure Devices – What You Need to Know
Based on the recent surge of attacks on network devices by Russian state-sponsored cyber actors, the US-CERT has released Technical Alert (TA18-106A). As of now, targets are primarily government and private-sector organizations, critical infrastructure providers and the internet service providers (ISPs) that support U.S. infrastructure
https://www.tenable.com/blog/surge-of-attacks-targeting-network-infrastructure-devices-what-you-need-to-know

How to Protect Industrial Control Systems from State-Sponsored Hackers
US-CERT recently issued an alert about Russian threat activity against infrastructure sectors. Is there a way to fight back?
https://www.darkreading.com/attacks-breaches/how-to-protect-industrial-control-systems-from-state-sponsored-hackers/a/d-id/1331529

Surprise! Wireless brain implants are not secure, and can be hijacked to kill you or steal thoughts
And because this particularly bit of kit resides amid sensitive gray matter – to treat conditions like Parkinson’s – the potential consequences of successful remote exploitation include voltage changes that could result in sensory denial, disability, and death
https://www.theregister.co.uk/2018/04/18/boffins_break_into_brain_implant/

Posted in Uncategorized.