Top News

Grid List

Researchers from SEC consult analyzed more than 4000 firmware's embedded devices, where is included devices belonging to 70 vendors. The findings are astonishing!

Comment (0) Hits: 24

Today, we will replicate a technique which has been used by recent, sophisticated and hard to trace a Russian malware called Hammertoss.

Comment (0) Hits: 58

Newly disclosed documents show that the NSA had found a way to continue spying on American citizens' email traffic from overseas.

Comment (0) Hits: 109

Dell shipped systems with the eDellRoot certificate's public and private key.

Comment (0) Hits: 255

Over the last few days, the group responsible for extortion attempts and death threats against Ashley Madison users has turned to a new set of targets – Patreon users.

Comment (0) Hits: 156

The Zerodium (Zero-day broker) company has published a price list for various classes of software targets and digital intrusion methods.

Comment (0) Hits: 134

"Want to keep using the pacemaker? "" pay us 2 bitcoins" Experts fear that ransomware will start targeting medical devices.
Technology has a huge role in our lives, we depend on it even more, including our smartwatch and also our medical device. Unfortunately, we usually forgot that even our medical devices, the ones they help to save lives, are also technological devices that could be affected by many security issues like a normal PC ... and hackers can exploit these vulnerabilities!

A report issued by Forrester released some days ago, predict that for 2016 we will start seeing ransomware take advantage of medical devices.

Now imagine that a patient having a pacemaker suddenly receives a message on his phone saying "Want to keep using the pacemaker? ", " pay us 2 bitcoins", it may look bizarre, but its probably things that may happen in a near future.

It is a bold prediction by "Predictions 2016: Cybersecurity Swings To Prevention" report, but honestly it's something that already crossed our minds.

"It's definitely feasible from a technical standpoint," "see it as something that could happen next year. All that would be required from an attacker standpoint is small modifications to the malware to make it work." Explained Billy Rios, a popular hacker and medical device security researcher.

We could argue that it's not correct to get a profit from situations like this, but many crooks, just don't care.

medical device ransomware hackingThe ICS-ALERT-13-164-01 from 2013 done by Rios and Terry McCorkle showed that 300 medical devices were using hard-coded passwords, that are set at the factory, that can't be disabled or changed, these passwords are discriminated in the manual of the manufacturer.

The truth is, Cyber security exist probably since the last 15-25 years, but it's something new in the Medical Industry and as Joshua Corman, founder of I Am the Cavalry says:

"While we've been doing this for 15-25 years in cyber, this is year zero or one for them [the healthcare industry],""We can't give them 15-25 years to catch up, although it's not reasonable to get there overnight....We're trying to approach this with teamwork and ambassador skill, not a pointing finger, but a helping hand."

Ransomware is a huge business, and the major security vendors have been saying that 2015 had a huge increase in the Ransomware use and profit, and it tends to get even more with the IoT and all the devices connected to the internet.

Months ago on SecurityAffairs we talked about a list developed by I Am The Cavalry that was created to mitigate threat in cars, and now they are planning the same type of list but this time for medical devices.

There are many challenges ahead, when dealing with Medical devices, but we are starting to see many people worried about it, so I believe that many security researchers will focus their attention on them, but for this we also need the support of the medical devices manufacturers.

Comment (0) Hits: 188

EMC and Hartford Hospital have agreed to pay US$90,000 to Connecticut in connection with the loss in 2012 of an unencrypted laptop containing patient information of 8,883 residents of the state, according to the state's attorney general.

Comment (0) Hits: 242

Healthcare has become a favorite target for criminals, and some medical organizations are reacting by looking at outside providers to keep their data secure.But jumping to the cloud without first taking some precautions can be a mistake, experts say.

Comment (0) Hits: 436

A survey of major industries reveals health care organizations are below average in secure coding.

Comment (0) Hits: 373

Companies in the healthcare sector are three times more likely to encounter data theft than the average firm, according to a report released this morning.

Comment (0) Hits: 471

Cyber attacks against healthcare systems are likely to increase and students investigated the feasibility of breaching a medical training mannequin.
Security experts are warning the medical industry about the hacking of any medical equipment implanted in the human body such as pacemaker and insulin pump.

Comment (0) Hits: 798

As more and more devices become tied into the Internet each day, the security threat will continue to expand.

Comment (0) Hits: 22

The survey polled more than 5500 IT specialists from over 25 countries.

Comment (0) Hits: 143

Applications written for iOS devices have more vulnerabilities than those written for Androids, and this has the potential for security problems in the future as attackers move to application-based threat vectors.

Comment (0) Hits: 285

Now that it is known .. a critical flaw in the Diffie-Hellman key-exchange protocol was exploited by the NSA to break the internet encryption, the, how to stop it?

Comment (0) Hits: 327

Serious flaws in the Network Time Protocol can be exploited to cause severe outages, eavesdrop encrypted communications, bypass authentication processes.

Comment (0) Hits: 333

A relentless focus on gaps in security negatively impacts our performance and degrades our influence. It's time for a change in approach.
How many gaps are you addressing in your environment?

Comment (0) Hits: 368

American Express appears to have used a weak algorithm to generate new card numbers.

Comment (0) Hits: 106

ModPOS is new POS malware discovered in systems of US retailers after the rush of Thanksgiving and experts speculate it is the most complex POS malware ever seen.

Comment (0) Hits: 150

The biggest financial institutions in the U.S. are under renewed pressure to mandate the use of PINs with new chip-based payment cards.

Comment (0) Hits: 192

Researchers at Trustwave have published the analysis of the Cherry Picker threat, a point-of-sale (PoS) malware that went undetected over the years.

Comment (0) Hits: 308

Central Shop is a web portal dedicated to the sale of stolen credit card data that captures the attention of the experts due to its amazing interface.

Comment (0) Hits: 283

A security researcher at the Vulnerability Lab discovered that ATMs at the German savings bank Sparkasse can leak sensitive info during software updates.

Comment (0) Hits: 380
Subscribe to our email list and stay up-to-date with all our awesome news and latest updates.

Be our Friend

ISC2 Study Guide for the CISSP Exam

Security Professionals

JobSeekers, upload your resume and get the security job you want

For Employers

Employers, post your jobs and get hte talents you need

Tools & Methodologies

Grid List

A new security audit the TrueCrypt software confirmed that even if it is plagued by some vulnerabilities, the application is effective when it comes to protecting data.

Comment (0) Hits: 115

The Information Technology Industry Council (ITIC) on Thursday objected to weakening encryption used on smartphones, even as some officials in Washington favor doing so.

Comment (0) Hits: 96

Upcoming Events