Software failures were behind 24 percent of all the medical device recalls in 2011, according to data from the U.S. Food and Drug Administration, which said it is gearing up its labs to spend more time analyzing the quality and security of software-based medical instruments and equipment.
Browsing Category: Critical Infrastructure
New evidence suggests that a Web site hosting software updates for life saving medical equipment was the victim of a massive SQL injection attack and may have been redirecting visitors to a site serving up attacks and malicious software for months before the company became aware of the compromise.
UPDATE: A Web site used to distribute software updates for a wide range medical equipment, including ventilators has been blocked by Google after it was found to be riddled with malware and serving up attacks. The U.S. Department of Homeland Security is looking into the compromise, Threatpost has learned.
Chris Soghoian has made a name for himself as a security and privacy researcher and has been the bane of government agencies and organizations prone to being somewhat less than upfront about their security and privacy practices. In this video from the Personal Democracy Forum in New York this week, Soghoian discusses the implications of the U.S. government’s raid on Osama Bin Laden and usage of offensive cyberwar weapons such as Stuxnet and Duqu.
A joint letter from some of Washington D.C.’s leading minds in the areas of defense and diplomacy is urging Congress to pass a cyber security bill in some form this year, saying that the U.S. is urgently in need of a new policy and ill-prepared for cyber attacks.
UPDATE: Researchers have identified an ongoing series of attacks, possibly emanating from China, that are targeting a number of high-profile organizations, including SCADA security companies, universities and defense contractors. The attacks are using highly customized malicious files to entice targeted users into opening them and starting the compromise.
Researchers digging through the code of the recently discovered Flame worm say they have come across a wealth of evidence that suggests Flame and the now-famous Stuxnet worm share a common origin.
North Korean agents have been linked to a malware attack on a South Korea’s Incheon International Airport, according to a report from the JoongAng Daily, a South Korean paper.
The U.S. Department of Homeland Security is warning IT administrators and operators of industry control systems about the danger posed by the Flame (aka sKyWIper) malware after Microsoft acknowledged that the malware is able to spoof its Windows Update service to push malicious code onto vulnerable systems.
In and advisory, the Department of Homeland Security’s Industrial control System (ICS) CERT said that it doesn’t believe the Flame malware targets industrial control systems (ICS) or SCADA systems, but the group advised critical infrastructure owners to be on alert.