05-07-18 – News This Past Week

KRACK VULNERABILITY PUTS MEDICAL DEVICES AT RISK
A slew of devices from medical technology company Becton, Dickinson and Company (BD) are vulnerable to the infamous KRACK key-reinstallation attack, potentially enabling hackers to change and exfiltrate patient records.

KRACK Vulnerability Puts Medical Devices At Risk

Schneider Electric Development Tools Affected by Critical Flaw
Security firm Tenable has disclosed the details of a critical remote code execution vulnerability affecting Schneider Electric’s InduSoft Web Studio and InTouch Machine Edition products
https://www.securityweek.com/schneider-electric-development-tools-affected-critical-flaw

Microsoft Unveils New Solution for Securing Critical Infrastructure
Microsoft’s TCPS project aims to address these types of threats by providing end-to-end security through hardware, software and trust mechanisms that should help organizations ensure they don’t lose control over critical systems
https://www.securityweek.com/microsoft-unveils-new-solution-securing-critical-infrastructure

Medical devices vulnerable to KRACK Wi-Fi attacks
Medical devices from Becton, Dickinson and Company (BD) that rely on Wi-Fi networks encrypted by Wi-Fi Protected Access II (WPA2) encryption are vulnerable to the KRACK Wi-Fi attacks, the company said in a security advisory.
Medical devices vulnerable to KRACK Wi-Fi attacks

Industrial Networks Easy to Hack From Corporate Systems: Study
The study, based on data from nearly a dozen companies around the world in the oil and gas, metallurgy, and energy sectors, found that the corporate network perimeter can be penetrated in 73% of cases, often due to misconfigurations.
https://www.securityweek.com/industrial-networks-easy-hack-corporate-systems-study

SCHNEIDER ELECTRIC PATCHES CRITICAL RCE VULNERABILITY
Researchers discovered a critical remote code execution vulnerability in two Schneider Electric industrial control related products that could give attackers the ability to disrupt or shut down plant operations

Schneider Electric Patches Critical RCE Vulnerability

Volkswagen Cars Vulnerable To Flaws The Company Won’t Patch
Daan Keuper and Thijs Alkemade, two researchers from a Dutch security firm Computest, discovered a flaw in Volkswagen and Audi cars that attackers could exploit remotely, over the internet. Volkswagen will not patch the flaw, as those car models lack the capability to be updated over-the-air
https://www.tomshardware.co.uk/volkswagen-cars-vulnerable-won-t-patch,news-58351.html

Half a million pacemakers need a security patch
Some 465,000 patients are affected. The FDA is recommending that all eligible patients get the firmware update “at their next regularly scheduled visit or when appropriate depending on the preferences of the patient and physician.”
Half a million pacemakers need a security patch

Critical Flaw Puts US Industrial Systems At Risk
A critical security flaw in the InduSoft Web Studio and InTouch Machine Edition applications, both of which are made by Schneider Electric and are used in many industries that rely on automated systems, has been discovered by researchers at the Tenable security company. Tenable’s researchers said the popularity of Schneider Electric’s tools, combined with the severity of the vulnerability, could endanger many U.S. businesses.
https://www.tomshardware.co.uk/critical-flaw-us-industrial-systems,news-58359.html

ABBOTT ADDRESSES LIFE-THREATENING FLAW IN A HALF-MILLION PACEMAKERS
Abbott (formerly St. Jude Medical) has released another upgrade to the firmware installed on certain implantable cardioverter defibrillator (ICD) or cardiac resynchronization therapy defibrillator (CRT-D) devices – a.k.a., pacemakers

Abbott Addresses Life-Threatening Flaw in a Half-Million Pacemakers

Posted in Uncategorized.