Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Avast Blog_News: Some medical devices could be hacked, FDA warns
#1
Information 
Quote:
[Image: TVDumYE.png]

Plus, the dark web sells disinformation campaigns, enterprises are hit by malicious fake browser updates, and an ex-Yahoo employee pleads guilty to hacking user emails

The plot of HBO’s "Homeland," in which terrorists try to hack into a world leader’s pacemaker, may not be so far-fetched, a report by CNN Health indicated. The report revealed that the U.S. Food and Drug Administration discovered 11 security vulnerabilities in operating systems that use a third-party software known as IPnet. Many medical devices use IPnet, which helps computer systems communicate with each other. If any of the IPnet flaws are exploited, the FDA warned, a hacker might be able to take control of devices such as pacemakers and infusion pumps. The hack could even infiltrate the entire hospital network.

“This is a very serious threat,” said Avast Security Evangelist Luis Corrons. “Especially when we know that hospitals and health organizations do not have the best record for keeping their networks safe. On top of that, a lot of hospital machinery uses outdated software, which greatly increases the risk of being compromised.” If attackers were to hack a device, they could potentially change its function, cause a denial of service, or trigger logical flaws that prevent it from functioning properly.

This week’s stat

On average, 22% of saved photos on Android phones are either low-quality or duplicates, Avast research of 3 billion photos from 6 million users showed.

Disinformation as a service

Cybersecurity experts found a number of cybercriminal groups on the dark web that offer disinformation campaigns as a service. ZDNet reported that to test the extent of the service, researchers created a fictitious company and then hired two disinformation services, one to boost the company with a positive campaign and one to smear it with a negative campaign. In total the researchers spent $6,500 for which they got highly customized campaigns that relied heavily on bots and phony accounts on social media for influence. The malicious services also provided dishonest and deceitful articles as part of the campaigns, and the researchers reported that at least two of the articles were published as real news on media sources. Experts worry that this new shadow industry – once focused only on political causes but now hitting the private sector – could trigger significant consequences such as affecting the stock market.

This week’s quote

“Alexander, really, if we started together we need to finish it. Because for now this is working and we can earn money.” – Developer working on botnet robbing banks in Russia. Go inside a criminal botnet in this post about recent Avast research.

Fake browser updates infect enterprises with malware

Researchers have identified a wave of attacks over the past six months in which employees receive fraudulent browser update prompts that if clicked infect their company’s system with banking Trojans and in some cases ransomware, according to a report by Bleeping Computer. Using hacked websites, the attackers pop up phony notices to users claiming their browsers need to be updated for smooth performance. But when users click the offered update button, they actually download a malicious program that communicates with the attacker’s server. The attacker then gains information about the system and launches banking Trojans at it, which mine the local files for credentials and burrow deeper, collecting login credentials from other computers on the same network. In some instances, once the banking Trojans complete their sweep, the attackers then lock up the system with ransomware, demanding high ransoms in exchange for a decryption key.

Avast Researcher Corrons emphasized the need for continual internal communication within organizations. “We must keep our employees informed of the new threats they might be facing. Most attacks use social engineering techniques to fool people into infecting themselves. That’s why security teams within enterprises should have some kind of bulletin board or communication channel to inform users of the latest attacks, show them how to identify them, and instruct them what to do if they become a target.”
...
Continue Reading
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>