disclosure

code on a monitor

Code Tutorials Spread Application Flaws Far and Wide

In-brief: Researchers at universities in Germany, working with the security firm Trend Micro, discovered more than 100 vulnerabilities in GitHub code repositories simply by looking for re-used code from tutorials and other free code samples. The same method could be harnessed by cyber criminals or other sophisticated attackers to find and exploit vulnerabilities in software applications, the researchers warned.

Update: FDA says St. Jude Medical knew about Device Flaws 2 Years Before Muddy Waters Report

In-brief: In a damning report, the FDA said that St. Jude Medical* knew about serious security flaws in its implantable medical devices as early as 2014, but failed to address them with software updates or other mitigations, or by replacing those devices. (Editor’s note: updated to include a statement from Abbott and comment from Dr. Kevin Fu. – PFR April 14, 2017)

iPhone disassembled

WiFi Chip Flaw in iPhone is Really Bad News for IoT

In-brief: a remotely exploitable flaw in a common hardware component used in phones by Apple, Samsung and others underscores the risk posed by software embedded in system on chip components that are found in almost every connected device, experts warn. 

Telepresence Robots? Hackable.

In-brief: Residents of Uncanny Valley have something more to worry about: telepresence robots by the firm Double Robotics contain numerous, exploitable vulnerabilities, the firm Rapid7 reports. 

New Website Is Clearing House for Medical Device Vulnerabilities

In-brief: A website run by the National Health ISAC will serve as a clearing house for information on security vulnerabilities in medical devices, the first of its kind in the US.