Search Results for "Department of Homeland Security"

Critical Flaws in VxWorks affect 200 Million Connected Things

Serious and exploitable security flaws in VxWorks, a commonly used operating system for embedded devices, span 13 years and could leave hundreds of millions* of connected devices vulnerable to remote cyber attacks and hacks. The security firm Armis on Monday published a warning about 11 critical, zero day vulnerabilities in the VxWorks operating system, which is owned and managed by the firm Wind River. The vulnerabilities expose more than 200 million devices and could allow attackers to remotely take control of everything from networked printers and security appliances to industrial and medical devices, according to Ben Seri, the Vice President of Research at Armis. Move over, EternalBlue! At least a couple of the flaws were described as “more serious” than EternalBlue, the Microsoft Windows flaw that powered both the WannaCry and NotPetya malware outbreaks. SCADA and industrial control system devices, healthcare devices like patient monitors and MRI machines, as well […]

Continue Reading

Opinion: We need a way to talk about Cyber Physical Risk

How does a flaw potentially affecting the integrity of printer management application get a “critical” severity rating and one affecting the integrity and operation of anesthesia machines get a “moderate” severity rating? It has to do with our evolving and still immature system of rating (and therefore thinking about) cyber risk.

Continue Reading

Episode 153: Hacking Anesthesia Machines and Mayors say No to Ransoms

In this week’s podcast episode (#153): The researcher who discovered serious remote access security flaws in anesthesia machines by GE says such security holes are common. Also: the US Conference of Mayors voted unanimously to swear off paying ransoms for cyber attacks. But is that a smart idea? We’re joined by Andrew Dolan of the Multi State Information Sharing and Analysis Center to talk about it.

Continue Reading

Breathe Deeply: DHS warns of Flaw in Hospital Anesthesia Machines

GE learned of a serious vulnerability affecting two brands of anesthesia machines in October. The company on Tuesday advised customers to take steps to protect them from being remotely tampered with.

Continue Reading

Podcast Episode 121: DMCA Exemptions Set Stage for Right to Repair Fight and DHS Cyber Makeover

In this episode of the Security Ledger podcast (#121): the Librarian of Congress gave a big boost to right to repair advocates in late October when she granted exemptions provisions of the Digital Millennium Copyright Act covering repair of most electronic devices. We talk to US PIRG’s Right to Repair campaign coordinator Nathan Proctor about the ruling and what it means for efforts to pass state level right to repair laws. Also: President Trump signed a major overhaul of the Department of Homeland Security’s cyber security operation into law last week. Jamil Jaffer of the firm IronNet joins us to talk about what it will mean for U.S. cyber readiness and about the need for more international coordination on cyber threats. 

Continue Reading
1 7 8 9 10 11 27