In-brief: The April 7th hijacking of more than 100 civil defense sirens in Dallas was dismissed as an “old school” hack that relied copycat radio tones to set off a cacophony that lasted for nearly two hours. But was it? Security researcher Mark Loveless (aka “Simple Nomad”) has his doubts about the official explanation. In this latest Security Ledger podcast, he talks to Editor in Chief Paul Roberts about what might have really gone down in Dallas.
Security Ledger Publisher & Editor in Chief Paul Roberts speaks with Mark Loveless, aka “Simple Nomad,” a senior security researcher at the firm DUO Security about the recent hack of more than 100 civil defense sirens in Dallas, Texas. A security researcher at the firm DUO Security – and a Texas resident – Loveless penned a blog post that raises questions about the official account of the incident and whether some element of computer intrusion may have played a part in the incident, which lasted close to two hours. Loveless notes that software based systems are not part and parcel of civil defense and emergency response apparatus. These systems, frequently, are poorly secured and vulnerable to remote, software based tampering.
In-brief: the Department of Homeland Security is warning about destructive attacks by BrickerBot, a new piece of malicious software that attacks Linux devices and renders them useless, wiping out critical configuration information and data from the devices.
In-brief: a report by the firm CGI and Oxford Economics suggests the impact of breaches on the price of a company’s stock may be bigger than many expected, depressing the price investors pay for the stock by almost two percent.
In-brief: In a damning report, the FDA said that St. Jude Medical* knew about serious security flaws in its implantable medical devices as early as 2014, but failed to address them with software updates or other mitigations, or by replacing those devices. (Editor’s note: updated to include a statement from Abbott and comment from Dr. Kevin Fu. – PFR April 14, 2017)
