11-11-19 – News This Past Week

DHS Warns of Critical Flaws in Medtronic Medical Devices
An advisory published by the DHS’s Cybersecurity & Infrastructure Security Agency (CISA) warns of three recently patched vulnerabilities in Medtronic Valleylab FT10 and FX8 devices that could allow attackers to install a non-root shell.
https://www.securityweek.com/dhs-warns-critical-flaws-medtronic-medical-devices

Hospital Cyberattacks Linked to Increase in Heart Attack Mortality
Ransomware attacks and data breaches targeting hospitals may cause a higher mortality rate among heart patients in the months and years after an incident, Vanderbilt University researchers report, as breach remediation time interferes with patient care and outcomes.
https://www.darkreading.com/threat-intelligence/hospital-cyberattacks-linked-to-increase-in-heart-attack-mortality/d/d-id/1336306

Man Pleads Guilty to Remotely Controlling His Girlfriend’s Car With a Computer
The 38-year-old man, who worked as a mechanic for the Army’s Royal Australian Corps of Transport at the time, allegedly engaged in a string of unhinged behavior that left his former partner with a fear of technology, according to a report for Australia’s ABC News.
https://gizmodo.com/man-pleads-guilty-to-remotely-controlling-his-girlfrien-1839720022

Only 47% of cybersecurity pros are prepared to deal with attacks on their IoT devices
Fewer than half (47%) of cybersecurity professionals have a plan in place to deal with attacks on their IoT devices and equipment, despite that fact that nine out of ten express concerns over future threats, according to the Neustar International Security Council (NISC) research.

Only 47% of cybersecurity pros are prepared to deal with attacks on their IoT devices

How to Secure Critical Infrastructure When Patching Isn’t Possible
Securing such critical infrastructure systems introduces a frustrating paradox: On the one hand, defending safety-critical systems is key because any maliciously motivated malfunction invites potential disaster. Yet our need for these crucial systems to be “always-on” complicates standard cyber-procedures.

How to Secure Critical Infrastructure When Patching Isn’t Possible

Boeing’s insecure networks threaten security and safety
Aircraft manufacturer Boeing’s insecure networks leave the company–and potentially its aircraft–at risk of exploitation. Security researcher Chris Kubecka uncovered these threats in April, and new reporting by CSO’s J.M. Porup reveals little has been done to patch these vulnerabilities. They both join Juliet to discuss how Kubecka discovered this information and what it means for national security and passenger safety.
https://www.csoonline.com/video/99188/boeings-insecure-networks-threaten-security-and-safety

Posted in Uncategorized.