Posts

Showing posts from August, 2018

Philips reveals code execution vulnerabilities in cardiovascular devices

Image
Only a low level of skill is required to exploit the bugs. Vulnerabilities have been discovered in multiple versions of Philips cardiovascular imaging devices. According to a  security advisory  from the US Department of Homeland Security's ICS-CERT, the first vulnerability,  CVE-2018-14787 , is a high-severity flaw which affects the Philips IntelliSpace Cardiovascular and Xcelera IntelliSpace Cardiovascular (ISCV) products. The advisory says that the vulnerability takes only a "low-level skill" to exploit and is caused by improper privilege management. In ISCV software version 2.x or prior and Xcelera Version 4.1 or prior, attackers with escalated privileges are able to access folders potentially containing executables which give authenticated users write permissions. "Successful exploitation of these vulnerabilities could allow an attacker with local access and users privileges to the ISCV/Xcelera server to escalate privileges on the ISCV/Xcelera server...

New ransomware arrives with a hidden feature that hints at more sophisticated attacks to come

Image
New form of file-locking ransomware has a 'manual' option for more sophisticated attacks. A new form of ransomware is spreading to victims around the world and the way it's built suggests those behind it could use it to launch more sophisticated attacks in future. KeyPass ransomware first appeared on 8 August and so far has spread to hundreds of victims in more than 20 countries around the world via fake software installers which download the ransomware onto the victim's PC. Brazil and Vietnam account for the highest percentage of Keypass infections, but victims are reported across the world in regions including South America, Africa, Europe, the Middle East and Asia. Researchers at  Kaspersky Lab  have examined KeyPass and found that while it's relatively simple, it comes with the additional option for the attackers to take manual control of an infected system, potentially pointing towards the ability to launch more sophisticated attacks on infected netwo...

DeepLocker: When malware turns artificial intelligence into a weapon

Image
In the future, your face could become the trigger for the execution of malware. AI can be used to automatically detect and combat malware -- but this does not mean hackers can also use it to their advantage.  Cybersecurity, in a world full of networked systems, data collection, Internet of Things (IoT) devices and mobility, has become a race between white hats and threat actors. Traditional cybersecurity solutions, such as bolt-on antivirus software, are no longer enough. Cyberattackers are exploiting every possible avenue to steal data, infiltrate networks, disrupt critical systems, rinse bank accounts, and hold businesses to ransom. The rise of state-sponsored attacks does not help, either.Security researchers and response teams are often hard-pressed to keep up with constant attack attempts, as well as vulnerability and patch management in a time where computing is becoming ever-more sophisticated. Artificial intelligence (AI) has been touted...

GE Digital reportedly to unwind, but its marketing gave the industrial Internet a boost

Image
GE's grand plan to be a software giant appears to be over, but the company's marketing of IoT advanced the cause for a bevy of rivals such as C3 IoT. General Electric is reportedly looking to sell its Predix and software assets as it retreats from a grand plan to be a tech company and leader of the industrial Internet. According to The Wall Street Journal,  GE will auction off its technology assets, which include ServiceMax, Meridium as well as Predix. Former CEO Jeff Immelt pushed a strategy to make GE a top 10 software company by 2020. That plan is now dead. Although GE will keep some software assets for its power and aerospace businesses, the company will shelve plans to be a major software provider. When the history of the Internet of things is written, GE will be remembered not so much for Predix, but the marketing of its software. C3 IoT CEO Tom Siebel quipped to us in a previous interview that GE's marketing advanced his cause and the idea behind the industri...