US-CERT – Page 3 – WindowsTechs.com

Pacemaker updates seal vulnerabilities that impact nearly half million U.S. patients

Posted on August 30, 2017 by Patrick Howell O'Neill

Pacemakers from Abbott Laboratories can be hacked due to three significant vulnerabilities, the Department of Homeland Security’s CERT team announced on Tuesday, prompting the manufacturers to issue updates to address security and dangerous battery problems. It’s a complex and difficult flaw to exploit, according to CERT, but the danger is real. A nearby hacker can gain unauthorized access to the heart implants allowing them to issue commands, change settings and interfere with the pacemaker’s functionality. The pacemakers deliver electrical pulses to correct a slow, irregular or stopped heart. Interference could result in a target’s death. Attackers have to be within inches of the target to exploit the vulnerability via radio frequency (RF) communications. The pacemakers impacted are the following St. Jude Medical pacemaker and CRT-P devices: Accent Anthem Accent MRI Accent ST Assurity Allure MedSec Holdings, a third-party security research firm, identified the vulnerabilities in the devices made by Abbott Laboratories, formerly known as […]

The post Pacemaker updates seal vulnerabilities that impact nearly half million U.S. patients appeared first on Cyberscoop.

Continue reading Pacemaker updates seal vulnerabilities that impact nearly half million U.S. patients→

Hurricane Harvey scammers use disaster as phishing bait

Posted on August 29, 2017 by Patrick Howell O'Neill

As Hurricane Harvey continues to devastate southeast Texas, scammers are taking advantage of the catastrophe by sending phishing emails that can steal sensitive information or infect targeted machines, according to a new warning from US-CERT. Man-made and natural disasters are magnets for scammers and hackers looking to take advantage of people’s inclination to help or learn more, the agency warned, cautioning the public that “emails requesting donations from duplicitous charitable organizations commonly appear after major natural disasters.” US-CERT, which is part of the Department of Homeland Security, pointed to the Federal Trade Commission’s information on Wise Giving in the Wake of Hurricane Harvey as well as its own general guidance on Avoiding Social Engineering and Phishing Attacks. Expect more disaster and death in Texas. About 30,000 people are expected to seek emergency shelter, government officials said Tuesday, and 450,000 will seek federal aid. The rain total in Houston is expected to hit a massive […]

The post Hurricane Harvey scammers use disaster as phishing bait appeared first on Cyberscoop.

Continue reading Hurricane Harvey scammers use disaster as phishing bait→

Beware of Hurricane Harvey Relief Scams

Posted on August 29, 2017 by BrianKrebs

U.S. federal agencies are warning citizens anxious to donate money for those victimized by Hurricane Harvey to be especially wary of scam artists. In years past we’ve seen shameless fraudsters stand up fake charities and other bogus relief efforts in a bid to capitalize on public concern over an ongoing disaster. Here are some tips to help ensure sure your aid dollars go directly to those most in need. Continue reading Beware of Hurricane Harvey Relief Scams→

DHS promotes from within to fill cyber deputy assistant secretary role

Posted on August 14, 2017 by Shaun Waterman

Rick Driggers, one of two deputy directors at the Department of Homeland Security’s 24-hour watch operation, the National Cybersecurity and Communications Integration Center, has been promoted to be DHS deputy assistant secretary for cybersecurity and communications, a DHS official confirmed Monday. Driggers is taking over the post vacated by DHS veteran Danny Toler, and once held by former Federal CISO Greg Touhill. The official told CyberScoop Driggers “will gradually assume the responsibilities of his new position over the next few weeks.” In his new position, Driggers reports to Assistant Secretary for Cybersecurity and Communications Jeannette Manfra. In a brief statement emailed to reporters, Manfra said she was “extremely grateful” to Toler. “He has done a great job keeping the ship afloat as the acting assistant secretary. His contributions to the organization over the past five years will endure. I believe the department is in a better place as a result of his work, […]

The post DHS promotes from within to fill cyber deputy assistant secretary role appeared first on Cyberscoop.

Continue reading DHS promotes from within to fill cyber deputy assistant secretary role→

Juniper Issues Security Alert Tied to Routers and Switches

Posted on August 10, 2017 by Tom Spring

Juniper warned Thursday of a high-risk bug in the GD graphics library used in several versions of its Junos OS. Continue reading Juniper Issues Security Alert Tied to Routers and Switches→

Hikvision Patches Backdoor in IP Cameras

Posted on May 8, 2017 by Chris Brook

Hikvision recently patched a backdoor in a slew of its cameras that could have made it possible for a remote attacker to gain full admin access to affected devices. Continue reading Hikvision Patches Backdoor in IP Cameras→

Aviation-Related Phishing Campaigns Seeking Credentials

Posted on March 31, 2017 by Tom Spring

Researchers warn of a wave in aviation-themed phishing attacks that aim to steal credentials and install malware. Continue reading Aviation-Related Phishing Campaigns Seeking Credentials→

US-CERT Warns HTTPS Inspection May Degrade TLS Security

Posted on March 17, 2017 by Michael Mimoso

Security tools that proxy and inspect HTTPS traffic create a blindspot for network administrators trying to determine whether communication between clients and servers is secure. Continue reading US-CERT Warns HTTPS Inspection May Degrade TLS Security→

SAP Patches Critical HANA Vulnerability That Allowed Full Access

Posted on March 14, 2017 by Chris Brook

SAP patched a critical vulnerability in its cloud-based business platform HANA today that if exploited, could allow for a full system compromise, without authentication. Continue reading SAP Patches Critical HANA Vulnerability That Allowed Full Access→

Federal cyber-incidents were down in 2016 — at least on paper

Posted on February 14, 2017 by Billy Mitchell

This article first appeared on FedScoop. Federal agencies in 2016 experienced less than half the number of cyber-incidents they did in 2015, according to new Government Accountability Office data — but there’s a catch. The drop-off from 77,183 agency cyber-incidents reported to the Department of Homeland Security’s U.S. Computer Emergency Readiness Team in fiscal 2015 […]

The post Federal cyber-incidents were down in 2016 — at least on paper appeared first on Cyberscoop.

Continue reading Federal cyber-incidents were down in 2016 — at least on paper→