Black Hat 2018 – WindowsTechs.com

FDA warns users of cyber vulnerabilities in pacemaker programmers

Posted on October 12, 2018 by Sean Lyngaas

The Food and Drug Administration has issued a cybersecurity advisory for two pieces of hardware that link to cardiac devices like pacemakers and defibrillators, citing a vulnerability that could allow unauthorized access to the programmers. The FDA said it confirmed that when the two models of programmers, which are made by Minneapolis-based Medtronic, have an internet connection, unauthorized users could exploit the vendor’s network to change the programmers’ functionality. “While we are not aware of patients who may have been harmed by this particular cyber vulnerability, the risk to patient harm of leaving such a vulnerability unaddressed is too great,” Suzanne Schwartz, a top cybersecurity official at the FDA, said Thursday in a statement. In response to the security and safety concerns, Medtronic said it disabled the internet-connected software updates for the programmers and that, as of Thursday, a company representative would manually and securely update all of the affected programmers. The […]

The post FDA warns users of cyber vulnerabilities in pacemaker programmers appeared first on Cyberscoop.

Continue reading FDA warns users of cyber vulnerabilities in pacemaker programmers→

Black Hat Dual Interview pt. 2- Enterprise Security Weekly #105

Posted on September 7, 2018 by Security Weekly Productions

Paul talks with Bret Settle, the CEO of ThreatX about shifting the focus to the hacker. Check out this interview and learn about innovative endpoint defenses and how attackers use covert signaling technologies (such as pulsing cooling fans!) to exfiltr… Continue reading Black Hat Dual Interview pt. 2- Enterprise Security Weekly #105→

Black Hat Dual Interview pt.1 – Enterprise Security Weekly #105

Posted on September 6, 2018 by Security Weekly Productions

Paul interviews Marc French the SVP Chief Trust Officer of Mimecast. He also interviews Ofer Maor the Director of Solutions for Synopsys. Ofer talks about the problem Synopsys solves, the deployment for the static analysis tool, and about the open sour… Continue reading Black Hat Dual Interview pt.1 – Enterprise Security Weekly #105→

The Vulnerability Disclosure Process: Still Broken

Posted on September 5, 2018 by Tom Spring

Despite the advent to bug bounty programs and enlightened vendors, researchers still complain of abuse, threats and lawsuits. Continue reading The Vulnerability Disclosure Process: Still Broken→

Black Hat & DEF CON 2018 – Tradecraft Security Weekly #28

Posted on August 21, 2018 by Security Weekly Productions

This is the Hacker Summer Camp 2018 edition of Tradecraft Security Weekly. In this week’s episode Beau Bullock (@dafthack) talks about some of the more interesting items he saw come out of the Black Hat and DEF CON conferences this year. Links: Z… Continue reading Black Hat & DEF CON 2018 – Tradecraft Security Weekly #28→

Severe PHP Exploit Threatens WordPress Sites with Remote Code Execution

Posted on August 17, 2018 by Lindsey O'Donnell

The issue impacts several content management systems, including Typo3 and WordPress, as well as widely-used PDF generation library TCPDF.
Continue reading Severe PHP Exploit Threatens WordPress Sites with Remote Code Execution→

Secure Coding Practices – Application Security Weekly #28

Posted on August 14, 2018 by Security Weekly Productions

After arriving back from Black Hat and DEF CON 2018, Doug joins Keith to share some of his stories about attending the world famous security conferences. They discuss, secure coding practices. Full Show Notes Follow us on Twitter: https://www.twitter.c… Continue reading Secure Coding Practices – Application Security Weekly #28→

DeepLocker: new breed of malware that uses AI to fly under the radar

Posted on August 13, 2018 by Filip Truta

IBM researchers are seeking to raise awareness that AI-powered threats are coming our way soon. To that end, they’ve created an all-new breed of malware to provide insights into how to reduce risks and deploy adequate countermeasures. DeepLocker … Continue reading DeepLocker: new breed of malware that uses AI to fly under the radar→

Black Hat 2018: Voice Authentication is Broken, Researchers Say

Posted on August 10, 2018 by Tom Spring

Researchers crack voice authentication systems by recreating any voice using under ten minutes of sample audio. Continue reading Black Hat 2018: Voice Authentication is Broken, Researchers Say→

Understanding TRITON and the Missing Final Stage of the Attack

Posted on August 9, 2018 by Andrea Carcano

Straight from Black Hat 2018: How TRITON disrupted safety systems and changed the threat landscape of industrial control systems, forever. Continue reading Understanding TRITON and the Missing Final Stage of the Attack→