Huawei Firmware Analysis Reveals Security Problems Finite State located significant security issues in Huawei firmware images, including memory corruption, hardcoded encryption keys, and unsafe functions used in place of the secure alternatives. Source: infoq… Read More
CDC: Outbreak of E. coli Infections Linked to Romaine Lettuce CDC is advising that U.S. consumers not eat any romaine lettuce, and retailers and restaurants not serve or sell any, until we learn more about the outbreak. This investigation is ongoing and the advice will be updated as more information is available. Consumers who have any type of romaine lettuce in their home should not… Read More
Transcription Service Leaked Medical Records MEDantex, a Kansas-based company that provides medical transcription services for hospitals, clinics and private physicians, took down its customer Web portal last week after being notified by KrebsOnSecurity that it was leaking sensitive patient medical records — apparently for thousands of physicians. Source: krebsonsecurity… Read More
Hackers Behind Healthcare Espionage Infect X-Ray and MRI Machines Dubbed ‘Orangeworm,’ the hacking group has been found installing a wormable trojan on machines hosting software used for controlling high-tech imaging devices, such as X-Ray and MRI machines, as well as machines used to assist patients in completing consent forms. Source: thehackernews… Read More
FDA Wants Medical Devices to Have Mandatory Built-In Update Mechanisms An FDA document released this week reveals several of the FDA’s plans, including the desire to force device makers to include mandatory update systems inside products for the purpose of delivering critical security patches. Source: bleepingcomputer… Read More
Time of death? A therapeutic postmortem of connected medicine To find a potential entry point into medical infrastructure, we extract the IP ranges of all organizations that have the keywords “medic”, “clinic”, “hospit”, “surgery” and “healthcare” in the organization’s name, then we start the masscan (port scanner) and parse the specialized search engines (like Shodan and Censys) for publicly available resources of these organizations.… Read More