06-11-18 – News This Past Week

Tens of Vulnerabilities Found in Quest Appliances
Researchers at Core Security say they have discovered a total of more than 60 vulnerabilities in disk backup and system management appliances from Quest. The IT management firm has released patches, but threatened to take legal action against Core if it disclosed too many details
https://www.securityweek.com/tens-vulnerabilities-found-quest-appliances

Interconnectivity Has Put ICS Environments in Cyber Risk Crosshairs
Tell any IT professional that the computer running the electrical grid has not been updated in 20 years, or that the machine that controls operations in the bottling plant was last tuned up when Y2K was still being planned, and they will look at you like you are crazy. They simply will not believe you.
https://www.securityweek.com/interconnectivity-has-put-ics-environments-cyber-risk-crosshairs

What happens if IoT security doesn’t get solved?
A new Bain & Company report says security concerns are slowing IoT adoption. Is this problem fixable — and what if it isn’t?
https://www.networkworld.com/article/3278023/internet-of-things/what-happens-if-iot-security-doesnt-get-solved.html

Mirai Variants Continue to Spawn in Vulnerable IoT Ecosystem
Mirai is the archetypal IoT botnet, first achieving infamy with a 665 Gbps DDoS attack against the KrebsOnSecurity website in September 2016. Within days, a second Mirai attack targeted the French hosting firm, OVH, with an attack that peaked at nearly 1 Tbps. These were, at the time, the largest DDoS attacks ever recorded
https://www.securityweek.com/mirai-variants-continue-spawn-vulnerable-iot-ecosystem

Researcher Successfully Hacked In-Flight Airplanes – From the Ground
It’s been four years since researcher Ruben Santamarta rocked the security world with his chilling discovery of major vulnerabilities in satellite equipment that could be abused to hijack and disrupt communications links to airplanes, ships, military operations, and industrial facilities
https://www.darkreading.com/vulnerabilities—threats/researcher-succesfully-hacked-in-flight-airplanes—from-the-ground/d/d-id/1331961

US Government Probes Airplane Vulnerabilities, Says Airline Hack Is ‘Only a Matter of Time’
According to DHS and other US government documents obtained by Motherboard, the DHS is continuing to investigate how insecure commercial aircraft are to cyber attacks, with one research lab saying hacking a plane may lead to a “catastrophic disaster.”
https://motherboard.vice.com/en_us/article/d3kwzx/documents-us-government-hacking-planes-dhs

Vulnerable ship systems: Many left exposed to hacking
Pen Test Partners’ Ken Munro and his colleagues – some of which are former ship crew members who really understand bridge and propulsion systems – have been probing the security of ships’ IT systems for a while now and the results are depressing: satcom terminals exposed on the Internet, admin interfaces accessible via insecure protocols, no firmware signing, easy-to-guess default credentials, and so on

Vulnerable ship systems: Many left exposed to hacking

Serious Flaws Found in Philips Patient Monitoring Devices
Researchers have discovered serious vulnerabilities in patient monitoring devices from Philips. The vendor has shared some recommendations for mitigating the risks until patches are made available
https://www.securityweek.com/serious-flaws-found-philips-patient-monitoring-devices

Triton ICS Malware Developed Using Legitimate Code
The developers of Triton, a recently discovered piece of malware designed to target industrial control systems (ICS), reverse engineered a legitimate file in an effort to understand how the targeted devices work
https://www.securityweek.com/triton-ics-malware-developed-using-legitimate-code

MIT researchers develop transmitter to prevent hackers from attacking IoT devices
One method that has been looked into to protect the data on these devices is “frequency hopping”, a technique which sends each data packet, containing thousands of individual bits, on a random, unique radio frequency (RF) channel, so hackers can’t pin down any given packet
https://www.v3.co.uk/v3-uk/news/3033887/mit-researchers-develop-transmitter-to-prevent-hackers-from-attacking-iot-devices

Posted in Uncategorized.