Category Archives: Security Research

Medical infusion-pump system has two bugs, researchers say

Posted on by

Researchers have found two vulnerabilities in a type of infusion-pump system, which hospitals used to administer medication, that they say could allow a hacker to disable the device, infect it with malware, or create false readings. The vulnerabilities are in a pump system known as the Alaris Gateway Workstation made by Becton, Dickinson and Company (BD), a New Jersey-based medical equipment vendor. “In extreme cases, the attacker could even communicate directly with pumps connected to the gateway to alter drug dosages and infusion rates,” researchers from CyberMDX, a medical-device security company that found the flaws, said in a press release Thursday. The more severe vulnerability is in the workstation’s firmware and could allow an attacker to “brick” the workstation, rendering it useless unless it is returned to the manufacturer for repair. The other vulnerability could let a hacker alter the workstation’s network configuration and monitor the pump’s status. Firmware updates issued […]

The post Medical infusion-pump system has two bugs, researchers say appeared first on CyberScoop.

Continue reading Medical infusion-pump system has two bugs, researchers say

FIN8 tries to breach U.S. hotel with new malware variant, researchers say

Posted on by

A well-known criminal hacking group tried to breach the computer network of a U.S. hotel using a variant of malware the group had last deployed in 2017, according to research from endpoint security firm Morphisec. FIN8, as the financially-driven group is known, made several upgrades to its ShellTea malware, aiming it at the network of the hotel between March and May, according to Morphisec. Researchers believe it was an attempted attack on a point-of-sale POS) system, or one that processes payment card data. The intrustion attempt was blocked. In a blog post published Monday, Morphisec warned of the vulnerability of POS networks to groups like FIN8. “Many POS networks are running on the POS version of Window 7, making them more susceptible to vulnerabilities,” wrote Morphisec CTO Michael Gorelik. “The techniques implemented can easily evade standard POS defenses.” The research did not identify the hotel by name or specificy its location, […]

The post FIN8 tries to breach U.S. hotel with new malware variant, researchers say appeared first on CyberScoop.

Continue reading FIN8 tries to breach U.S. hotel with new malware variant, researchers say

Researchers uncover new MuddyWater targeting of government, telecommunications entities

Posted on by

Undeterred by the reported dumping of its data online, an Iran-linked hacking group has been using malicious documents and files to target telecommunications organizations and impersonate government entities in Iraq, Pakistan, and Tajikistan, researchers said Thursday. The so-called MuddyWater group has been carrying out attacks in two stages against the targets, according to research published by Israeli company ClearSky Cyber Security. The first stage uses lure documents to exploit a known vulnerability in Microsoft Office that allows for remote code execution. The second stage lets the attackers communicate with hacked servers to download an infected file. “This is the first time MuddyWater has used these two vectors in conjunction,” ClearSky said in its research, which warned that just three antivirus engines were detecting the malicious documents analyzed. In one example, a document disguised as a United Nations development plan for Tajikistan was actually packed with malware. The malware was uploaded to VirusTotal, the […]

The post Researchers uncover new MuddyWater targeting of government, telecommunications entities appeared first on CyberScoop.

Continue reading Researchers uncover new MuddyWater targeting of government, telecommunications entities

Chinese-linked APT10 has been active in the Philippines, researchers say

Posted on by

An elite Chinese government-linked hacking group known for allegedly stealing reams of data from U.S. organizations has been actively targeting entities in the Philippines, according to new research first shared with CyberScoop. During the month of April, the APT10 hacking group, which U.S. officials have tied to China’s civilian intelligence agency, has been using two new malicious software variants to deliver its payloads against targets in the Philippines, according to analysts from endpoint security firm enSilo. It is unclear what the goal of the targeting is, or who the victims are, enSilo researchers said. “Both the loader variants and their various payloads that we analyzed share similar tactics, techniques, and procedures, and code associated with APT10,” the firm wrote in research published Friday. The burst of activity could be a short-lived attack or a test run for a future campaign. But the researchers are trying to warn potential victims about changes in the […]

The post Chinese-linked APT10 has been active in the Philippines, researchers say appeared first on CyberScoop.

Continue reading Chinese-linked APT10 has been active in the Philippines, researchers say

Robinhood Ransomware “CoolMaker” Functions Not So Cool

Posted on by

Robinhood Ransomware is attacking government institutions from Greenville to Baltimore. How does it work and how could you stop it? Find out here.
The post Robinhood Ransomware “CoolMaker” Functions Not So Cool appeared first on Security Boulevard.
Continue reading Robinhood Ransomware “CoolMaker” Functions Not So Cool

5 Emerging Vectors of Attack and Recommendations for Mitigating the Risks

Posted on by

DNS manipulation, domain fronting, targeted cloud individual attacks, HTTPS and encryption, and the exploitation of hardware features are among the emerging challenges adversaries can exploit according to cybersecurity experts at SANS.
The post 5 Emerg… Continue reading 5 Emerging Vectors of Attack and Recommendations for Mitigating the Risks

Jolted by Meltdown and Spectre, Intel aims to accelerate patching process

Posted on by

For years, software, not hardware, has dominated the cybersecurity industry’s efforts to develop a coordinated way of disclosing technology flaws. Software bugs are reported in much greater numbers, and there are far fewer researchers who specialize in hardware security. But hardware was thrust into the limelight in January 2018, when Spectre and Meltdown, two vulnerabilities that affected virtually all modern computer chips, were made public. The flaws could have allowed hackers to infiltrate a computer’s memory and steal sensitive data, or trick applications into spilling information without a user’s knowledge. While there’s no evidence either has been exploited, the revelation that they exist, and the complex patching process that followed, sparked industry-wide awareness about serious security flaws that might come embedded in otherwise trusted technology. Now, more than a year later, the vendors, researchers, and manufacturers involved are still trying to cut down on the time it takes to get hardware-related patches […]

The post Jolted by Meltdown and Spectre, Intel aims to accelerate patching process appeared first on CyberScoop.

Continue reading Jolted by Meltdown and Spectre, Intel aims to accelerate patching process

How to Reverse Malware on macOS Without Getting Infected | Part 3

Posted on by

Join us in the final part of our introduction to macOS malware reverse engineering as we explore LLDB, dynamic binary analysis, reading registers and more.
The post How to Reverse Malware on macOS Without Getting Infected | Part 3 appeared first on Sec… Continue reading How to Reverse Malware on macOS Without Getting Infected | Part 3