How does a flaw potentially affecting the integrity of printer management application get a “critical” severity rating and one affecting the integrity and operation of anesthesia machines get a “moderate” severity rating? It has to do with our evolving and still immature system of rating (and therefore thinking about) cyber risk.
Tag: data privacy
Breathe Deeply: DHS warns of Flaw in Hospital Anesthesia Machines
GE learned of a serious vulnerability affecting two brands of anesthesia machines in October. The company on Tuesday advised customers to take steps to protect them from being remotely tampered with.
U.S. Customs Data Breach Is Latest 3rd-Party Risk, Privacy Disaster
A data breach of information belonging to the U.S. Customs and Border Patrol (CBP) that leaked photos of people and vehicles traveling over the United States border once again shows the risk associated with third-party access to sensitive or classified information. The breach–the result of a cyber attack on a third-party contractor who collected the images for the CBP–also raises issues of privacy and how much control and access should the government have over personally identifiable information, security experts said. News of the data leak broke widely on Monday, but CBP said said it actually occurred earlier. In an e-mail to Security Ledger, the agency said that on May 31, a subcontractor–revealed in reports to be Perceptics–transferred copies of license plate images and traveler images collected by CBP to the its company network without government knowledge or permission. Perceptics was soon after hit with a “malicious cyber-attack” that resulted in […]
DHS Warns That Drones Made in China Could Steal U.S. Data
The Department of Homeland Security is warning U.S. firms that drones made in China may be spying on them and sending sensitive data to the Chinese government.
Report: Companies Still Grappling with IoT Security
Data breaches relating to unsecured Internet of Things devices have jumped by more than 10 percent since 2017, suggesting security efforts aren’t keeping pace with the growth of the Internet of Things, a new study finds.