Software used to remotely program implantable cardiac devices by a number of vendors is rife with exploitable software vulnerabilities that leave the devices vulnerable to attacks and compromise, according to a report by the firm Whitescope Inc.
Software
Podcast: WannaCry: It’s The Exploits, Stupid and Parsing The Cyber Executive Order
In-brief: We speak with Sean Dillon of the firm RiskSense, who helped reverse engineer DoublePulsar and EternalBlue, the Windows exploit tools used to help spread the WannaCry ransomware. We also chat with John Dickson of The Denim Group about the impact of President Trump’s Cyber Executive Order.
Updated: Fatal Flaw Slows WannaCry Ransomware Spread, but Threats Remain
In-brief: A fatal flaw in its design slowed the spread of WannaCry, a virulent ransomware program that has infected more than 100,000 organizations and individuals globally.
Updated: Intel Fixes ‘Nightmarish’ Firmware Flaw But Nobody’s Safe
In-brief: Intel issued a patch for a serious vulnerability in firmware that has shipped with its chipsets for almost nine years, but it could take months for patches to reach affected customers from OEMs. (Editor’s note: updated with analysis from Matthew Garrett. PFR May 2, 2017.)
Code Tutorials Spread Application Flaws Far and Wide
In-brief: Researchers at universities in Germany, working with the security firm Trend Micro, discovered more than 100 vulnerabilities in GitHub code repositories simply by looking for re-used code from tutorials and other free code samples. The same method could be harnessed by cyber criminals or other sophisticated attackers to find and exploit vulnerabilities in software applications, the researchers warned.
