Finite State located significant security issues in Huawei firmware images, including memory corruption, hardcoded encryption keys, and unsafe functions used in place of the secure alternatives.
Source: infoq.com
CDC is advising that U.S. consumers not eat any romaine lettuce, and retailers and restaurants not serve or sell any, until we learn more about the outbreak. This investigation is ongoing and the advice will be updated as more information is available. Consumers who have any type of romaine lettuce in their home should not eat it and should throw it away, even if some of it was eaten and no one has gotten sick.
MEDantex, a Kansas-based company that provides medical transcription services for hospitals, clinics and private physicians, took down its customer Web portal last week after being notified by KrebsOnSecurity that it was leaking sensitive patient medical records — apparently for thousands of physicians.
Source: krebsonsecurity.com
Dubbed ‘Orangeworm,’ the hacking group has been found installing a wormable trojan on machines hosting software used for controlling high-tech imaging devices, such as X-Ray and MRI machines, as well as machines used to assist patients in completing consent forms.
Source: thehackernews.com
An FDA document released this week reveals several of the FDA’s plans, including the desire to force device makers to include mandatory update systems inside products for the purpose of delivering critical security patches.
Source: bleepingcomputer.com
To find a potential entry point into medical infrastructure, we extract the IP ranges of all organizations that have the keywords “medic”, “clinic”, “hospit”, “surgery” and “healthcare” in the organization’s name, then we start the masscan (port scanner) and parse the specialized search engines (like Shodan and Censys) for publicly available resources of these organizations.
Source: securelist.com