Tag: vulnerabilities

Program code on dark background (selective focus)

Google Unveils OSS-Fuzz to test Open Source Software Security

In-brief: Google’s security team on Thursday announced the release of a new tool, OSS-Fuzz that it says will improve the security of the Internet by providing realtime, automated secruity testing of common open source components.

Attacks on home broadband routers by machines infected with Mirai, a botnet program, have knocked customers offline in the UK, as well as Germany, according to reports. Internet users in other countries may be affected, as well. (Image courtesy of Zyxel.)

Mirai Botnet attacks on Home Routers felt in UK, also

In-brief: More than 100,000 homes in the UK had their Internet access interrupted by an attack on broadband routers. The incident is believed to be part of a larger attack that affected some 900,000 Deutsche Telekom customers last week. 

More Warnings on Security in Implantable Medical Devices

More Warnings on Security in Implantable Medical Devices

Researchers from universities in Belgium and the UK have published research showing that a wide range of implantable medical devices, including implantable defibrillators are still vulnerable to wireless snooping and denial of service attacks. The research, which mimicked the work of a naive (or “weak”) adversary, found that few security protections have been added to such devices, years after researchers first demonstrated that they are vulnerable to wireless attacks and other manipulation.  The discoveries apply to at least 10 types of implantable cardiac defibrillators (ICDs) that are currently on the market, though the devices and manufacturers are not named. The researchers, from Katholieke Universiteit te Leuven in Belgium (KU Leuven) and the University of Birmingham in the United Kingdom echoes the claims made by the firm MedSec earlier this year, which warned of security holes in ICD devices made by St. Jude in August. That research was the foundation of a call […]

Fare collection systems, email and other critical systems used by San Francisco's transit agency were crippled by an outbreak of ransomware over the weekend, the agency confirmed. (Image courtesy of SFMTA.)

Ransomware Used Against Muni Known As Harsh, Virulent

San Francisco’s Municipal Transportation Agency (MTA) was hit with a ransomware attack over the weekend, disrupting a number of agency computer systems including email, the MTA said in a statement on Sunday. And security experts say that the ransomware used has a reputation for virulence. Computer terminals observed at MTA (or “Muni”) stations displayed a message that read, in part, “You Hacked. All Data Encrypted” over the weekend, paralyzing toll collection operations and forcing the MTA to open its turnstiles and let the public ride for free. According to a report by The San Francisco Examiner claims that the ransomware thieves have infected more than 2,000 of the agency’s 8,000 computers, affecting not only fare collection, but also systems that assign routes to bus drivers. The thieves are demanding $73,000 in ransom, paid in bitcoin. In a statement on Sunday, San Francisco MTA said that the attack “disrupted some of our […]

The Department of Defense unveiled a public bug bounty program on Monday, standardizing rules for security researchers to report information on vulnerabilities in public facing systems operated by the Department of Defense.

Department of Defense Sets Ground Rules for Hackers

In-brief: The U.S. Department of Defense published guidelines on Monday for independent security researchers to disclose vulnerabilities in DoD’s public facing systems. The program, managed by the firm HackerOne, provides a legal route for hackers to disclose vulnerabilities to the military.