Posts

Philips reveals code execution vulnerabilities in cardiovascular devices

Image
Only a low level of skill is required to exploit the bugs. Vulnerabilities have been discovered in multiple versions of Philips cardiovascular imaging devices. According to a  security advisory  from the US Department of Homeland Security's ICS-CERT, the first vulnerability,  CVE-2018-14787 , is a high-severity flaw which affects the Philips IntelliSpace Cardiovascular and Xcelera IntelliSpace Cardiovascular (ISCV) products. The advisory says that the vulnerability takes only a "low-level skill" to exploit and is caused by improper privilege management. In ISCV software version 2.x or prior and Xcelera Version 4.1 or prior, attackers with escalated privileges are able to access folders potentially containing executables which give authenticated users write permissions. "Successful exploitation of these vulnerabilities could allow an attacker with local access and users privileges to the ISCV/Xcelera server to escalate privileges on the ISCV/Xcelera server...

New ransomware arrives with a hidden feature that hints at more sophisticated attacks to come

Image
New form of file-locking ransomware has a 'manual' option for more sophisticated attacks. A new form of ransomware is spreading to victims around the world and the way it's built suggests those behind it could use it to launch more sophisticated attacks in future. KeyPass ransomware first appeared on 8 August and so far has spread to hundreds of victims in more than 20 countries around the world via fake software installers which download the ransomware onto the victim's PC. Brazil and Vietnam account for the highest percentage of Keypass infections, but victims are reported across the world in regions including South America, Africa, Europe, the Middle East and Asia. Researchers at  Kaspersky Lab  have examined KeyPass and found that while it's relatively simple, it comes with the additional option for the attackers to take manual control of an infected system, potentially pointing towards the ability to launch more sophisticated attacks on infected netwo...

DeepLocker: When malware turns artificial intelligence into a weapon

Image
In the future, your face could become the trigger for the execution of malware. AI can be used to automatically detect and combat malware -- but this does not mean hackers can also use it to their advantage.  Cybersecurity, in a world full of networked systems, data collection, Internet of Things (IoT) devices and mobility, has become a race between white hats and threat actors. Traditional cybersecurity solutions, such as bolt-on antivirus software, are no longer enough. Cyberattackers are exploiting every possible avenue to steal data, infiltrate networks, disrupt critical systems, rinse bank accounts, and hold businesses to ransom. The rise of state-sponsored attacks does not help, either.Security researchers and response teams are often hard-pressed to keep up with constant attack attempts, as well as vulnerability and patch management in a time where computing is becoming ever-more sophisticated. Artificial intelligence (AI) has been touted...

GE Digital reportedly to unwind, but its marketing gave the industrial Internet a boost

Image
GE's grand plan to be a software giant appears to be over, but the company's marketing of IoT advanced the cause for a bevy of rivals such as C3 IoT. General Electric is reportedly looking to sell its Predix and software assets as it retreats from a grand plan to be a tech company and leader of the industrial Internet. According to The Wall Street Journal,  GE will auction off its technology assets, which include ServiceMax, Meridium as well as Predix. Former CEO Jeff Immelt pushed a strategy to make GE a top 10 software company by 2020. That plan is now dead. Although GE will keep some software assets for its power and aerospace businesses, the company will shelve plans to be a major software provider. When the history of the Internet of things is written, GE will be remembered not so much for Predix, but the marketing of its software. C3 IoT CEO Tom Siebel quipped to us in a previous interview that GE's marketing advanced his cause and the idea behind the industri...

Bluetooth security: Flaw could allow nearby attacker to grab your private data

Image
Patches are on the way for a Bluetooth bug that could affect Apple, Intel, Broadcom, and some Android devices. A cryptographic bug in many Bluetooth firmware and operating system drivers could allow an attacker within about 30 meters to capture and decrypt data shared between Bluetooth-paired devices. The flaw was found by Lior Neumann and Eli Biham of the Israel Institute of Technology, and  flagged today  by Carnegie Mellon University CERT. The flaw, which is tracked as CVE-2018-5383, has been confirmed to affect Apple, Broadcom, Intel, and Qualcomm hardware, and some Android handsets. It affects Bluetooth's Secure Simple Pairing and Low Energy Secure Connections. Fortunately for macOS users, Apple released a  patch for the flaw in July. As the CERT notification explains, the vulnerability is caused by some vendors' Bluetooth implementations not properly validating the cryptographic key exchange when Bluetooth devices are pairing. The flaw slipped into the Blue...

IoT hacker builds Huawei-based botnet, enslaves 18,000 devices in one day

Image
A hacker has taken only 24 hours to build a botnet which is at least 18,000-devices strong. How long does it take to build a botnet? Not long, if you consider Anarchy's 18,000-device-strong creation, brought to life in only 24 hours. First spotted by researchers from NewSky Security, as reported  by Bleeping Computer , other security firms including  Rapid7  and  Qihoo 360 Netlab  quickly jumped on the case and confirmed the existence of the new threat. The security teams realized there has been a huge recent uptick in Huawei device scanning. The traffic surge was due to scans seeking devices vulnerable to  CVE-2017-17215 , a critical security flaw which can be exploited through port 37215.Scans to find routers vulnerable to the issue began on 18 July. If a Huawei router is exploited in this fashion, attackers can send malicious packets of data, launch attacks against the device, and remotely execute code -- which can be crafted in order t...

Tableau takes next steps toward smart analytics after acquisitions

Image
Tableau's Empirical acquisition is its latest move toward machine-augmented analytics. Here's a look at the company's 'smart' features. Tableau last month announced the acquisition of Empirical Systems, an artificial intelligence (AI) startup with an automated discovery and analysis engine designed to spot influencers, key drivers, and exceptions in data. It was Tableau's second acquisition over the last year aimed at accelerating so-called "smart" capabilities and part of a larger push that began in 2016. Despite the embrace and success of self-service over the last decade, it's increasingly clear that this approach alone is not enough to truly democratize data-driven decision-making. Self-service tools aren't always intuitive for nontechnical business users. Even more data-savvy users sometimes need help when selecting data, determining how to analyze that information, and deciding how best to visualize and share insights. To make thi...

Samsung Q2 profit halts seven-quarter record streak

Image
Samsung Electronics expects a solid 14.8 trillion won operating profit for the second quarter, a rise of 5.2 percent from a year ago. But it brings a halt to its seven-quarter-straight streak of record profits. Samsung expects operating profits of 14.8 trillion won in the second quarter of this year, it has said in its earnings guidance. The results mark a rise of 5.2 percent from 14.67 trillion won a year ago. But it is a fall of 5.4 percent from the previous quarter's 15.64 trillion won, the company's highest on record. Samsung's profits had been on a record-setting seven quarter straight streak of rising profits. In sales, the firm expects 58 trillion won, a drop of 4.9 percent from last year's 61 trillion won.A decline in smartphone sales and price drops of Liquid Crystal Display (LCD) likely dented profits. But high demand for memory chips and strong sales of premium TVs thanks to the 2018 FIFA World Cup likely offset a huge decline. Analysts es...

Western Digital adds NVMe, flash heft to data center storage lineup

Image
Western Digital is going after big and fast data workloads. Western Digital expanded its data center portfolio to include an object storage system, new all-flash arrays and hybrid platforms. Here's a look at the Ultrastar system The company, which has expanded its enterprise focus via acquisitions, rolled out the following as it looks to enable big data and analytics workloads. Active Scale 5.3 Object Storage System. The system, which is Western Digital's ActiveScale P100 and X100 systems, is designed for petabytes of unstructured data. Additions include the ability to ingest and manage mixed file and object use cases. Integration with Amazon Web Services, more storage density and support for Docker containers were also added. IntelliFlash NVMe Flash Arrays via Western Digital's N Series of systems. The N Series systems can scale from 19TB to 1.3PB of solid-state storage. The systems are available later this year. Ultrastar Serv60+8 Hybrid Storage Server Pl...

Microsoft buys machine-learning startup Bonsai

Image
Microsoft is buying one of the AI companies in which it has invested: Bonsai, a deep reinforcement platform for enterprise/industrial applications. After buying  GitHub ,   four gaming companies   and an   educational video-discussion vendor , Redmond purchased on June 20 another artificial intelligence (AI) vendor. Microsoft officials announced the company had  signed an agreement to acquire Bonsai. Bonsai , based in Berkeley, Calif., is one of the companies that Microsoft's Ventures unit (now known as M12) had invested.Bonsai officials describe the company as delivering "the world's first deep reinforcement learning platform for the enterprise." Bonsai officials said the company has been integrating machine-learning and developer tools from Microsoft, Uber, Google and Apple to build its software and services to  build AI for industrial applications , according to Bonsai's web site. (Cue Microsoft's "intelligent edge"campaign.) ...