Reports have surfaced detailing that hackers can falsify patients’ vitals by emulating data sent from medical equipment clients to central monitoring systems. The research, available here, takes advantage of a weak communications protocol used by some patient monitoring equipment to send data to a central monitoring station. The protocol is used in some of the most critical systems in hospitals, according to McAfee researchers. Even more concerning, McAfee was able to modify the vital sign data in real time, providing false information to medical personnel to make it look like a patient was flatlining. They were able to switch the display of a patient’s heartbeat…
ISBuzz Team
As more organisations embark on the journey that is digital transformation, the ability to manage the digital identities is becoming more crucial — especially at a time when the Internet of Things (IoT) is redefining the concept of identity and access management (IAM). While traditional IAM was designed to manage employees’ information access authorisation, organisations soon began to use IAM to understand the interactions between their customers or employees and the company. The IoT world, however, challenges organisations to manage exponentially more identities beyond those of employees and customers; now they must manage also the millions of devices and connected ‘things’ — and…
There is no ‘one-size-fits-all’ when it comes to compliance. Each regulation has a different focus, with different rules aligned to its individual purpose, sometimes with conflicting requirements. For example, financial institutions must comply with anti-money laundering (AML) and fraud regulations involving strict controls on transaction reporting. Yet AML compliance must be in line with GDPR which focuses on the capture, using, securing and discarding of customer personal data. However, the ultimate purpose of these regulations is not to increase workload, but assure data is reported accurately, protect it from inappropriate use and to identify possible illegal activities. Unfortunately, many companies…
Following a warning by the FBI that cyber-criminals are planning a highly choreographed global attack on cash machines to fraudulently withdraw millions of dollars from customer bank accounts, IT security experts commented below. Sam Curry, Chief Security Officer at Cybereason: “The FBI’s global warning about the potential ‘ATM cashout’ is only effective if: (1) The defenders have a chance to set up telemetry/checking in time (2) Timing is specific when manual controls or alarm responses are being used (3) The telemetry about the timing is not communicated back to the criminals. Keep in mind as well that cyber criminals are playing…
New research from RWTH Aachen University in Germany has found that Coinhive browser cryptomining is generating about $250-Thousand dollars a month with most of it going to just 10 individuals. Chris Olson, CEO at The Media Trust: “The rising popularity of cryptomining is the reason why cryptojacking has overtaken ransomware as hackers’ malware of choice. Moreover, in the short period since Coinhive hit the market, hackers have added more techniques to make their cryptojacking campaigns more widespread and the malware more persistent. Website operators who do not want to inadvertently infect their visitors with cryptomining malware should continuously scan their…
A new Intel security flaw has been exposed – named ‘Foreshadow,’ the flaw is similar to Meltdown and Spectre, in that it undermines the most secure element of the company’s chips. Intel admits that theForeshadow bugs can be used to launch ‘speculative execution’ attacks – exploiting how Intel chooses to run parts of computer programs before a user selects them – to extract sensitive data from PCs or third-party clouds. Through Foreshadow, a determined attacker can get into a secure area, and attack using malware disguised as a regular application. The Foreshadow bugs can create malicious applications that recognize data from other apps or…
Chaos and confusion reign with existing firewall Infrastructure; hybrid cloud and next-gen architectures promise to add even more complexity and risk FireMon, a global leader in network security policy management, today released its 2018 State of the Firewall report. The fourth annual study polled 334 C-suite executives, IT practitioners and security professionals at global companies of all sizes to understand the state of firewall management, along with the impact of emerging technologies. The survey found that many organizations are still struggling to master basic firewall hygiene, promising increased complexity and risk associated with network security policy management for those planning to adopt…
Cyber attacks targeting IoT and network router vulnerabilities doubled since May 2018, says Check Point’s latest Global Threat Index Check Point㈢ Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber-security solutions globally, has published its latest Global Threat Index for July 2018, revealing a significant increase in exploits targeting three major IoT vulnerabilities. These attacks, which are linked to the propagation of IoT malware such as Mirai, IoTroop/Reaper and VPNFilter, have more than doubled since May 2018. During July 2018, three IoT vulnerabilities entered the Top 10 most exploited list: MVPower DVR router Remote Code Execution at #5; D_Link DSL-2750B router Remote Command Execution at #7; and Dasan GPON router…
A new research by Checkpoint, OfficeJet all-in-one inkjet printer can give hackers control of the printer and act as a springboard into an attached network environment. IT security experts commented below. Jason Garbis, VP at Cyxtera: “This vulnerability is an excellent example of the porousness of the perimeter, and the need to enforce the principle of least privilege to all network services. When you have a fax machine – which literally can be accessed by nearly every person on the planet – connected to your internal network, it’s imperative to recognize this as part of the attack surface, and as…
With more than four in ten UK businesses reporting a security breach or attack in the last year, what role could Artificial Intelligence (AI) play in the future of enterprise IT security? Ankur Laroia, Leader Solutions Strategy, Alfresco, discusses the potential deployments and benefits. How ready is the enterprise to trust AI with its data security? According to 2018 research from the Department for Digital, Culture, Media & Sport, 43% of UK businesses have experienced a cyber security breach or attack in the last 12 months. Given the requirements of the General Data Protection Regulation (GDPR) on organisations to report…