Medtronic N'vision Clinician Programmer Security Vulnerabilities

Omron CX-One

EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low skill level to exploit Vendor: Omron Equipment: CX-One Vulnerabilities: Stack-based Buffer Overflow, Use After Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code under the privileges...

CVE-2018-5877

In the device programmer target-side code for firehose, a string may not be properly NULL terminated can lead to a incorrect buffer size in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD...

Design/Logic Flaw

When a malformed command is sent to the device programmer, an out-of-bounds access can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20,...

CVE-2018-11996

When a malformed command is sent to the device programmer, an out-of-bounds access can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20,...

CVE-2018-5877

In the device programmer target-side code for firehose, a string may not be properly NULL terminated can lead to a incorrect buffer size in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD...

CVE-2018-11996

When a malformed command is sent to the device programmer, an out-of-bounds access can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20,...

Design/Logic Flaw

In the device programmer target-side code for firehose, a string may not be properly NULL terminated can lead to a incorrect buffer size in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD...

CVE-2018-11996

When a malformed command is sent to the device programmer, an out-of-bounds access can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20,...

CVE-2018-5877

In the device programmer target-side code for firehose, a string may not be properly NULL terminated can lead to a incorrect buffer size in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD...

Rogue Developer Infects Widely Used NodeJS Module to Steal Bitcoins

A widely used third-party NodeJS module with nearly 2 million downloads a week was compromised after one of its open-source contributor gone rogue, who infected it with a malicious code that was programmed to steal funds stored in Bitcoin wallet apps. The Node.js library in question is...

Accused CIA Leaker Faces New Charges of Leaking Information From Prison

Joshua Adam Schulte, a 30-year-old former CIA computer programmer who was indicted over four months ago for masterminding the largest leak of classified information in the agency's history, has now been issued three new charges. The news comes just hours after Schulte wrote a letter to the...

[SECURITY] Fedora 29 Update: libssh-0.8.4-1.fc29

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...

Who Is Agent Tesla?

A powerful, easy-to-use password stealing program known as Agent Tesla has been infecting computers since 2014, but recently this malware strain has seen a surge in popularity -- attracting more than 6,300 customers who pay subscription fees to license the software. Although Agent Tesla includes a....

[SECURITY] Fedora 27 Update: libssh-0.7.6-1.fc27

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...

[SECURITY] Fedora 28 Update: libssh-0.8.4-1.fc28

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...

Remote Code Implantation Flaw Found in Medtronic Cardiac Programmers

A flaw in Medtronic’s CareLink 2090 and CareLink Encore 29901 programmers, which are portable computer systems used to manage implanted cardiac devices in clinical settings, would have allowed remote code implantation over Medtronic’s dedicated Software Deployment Network (SDN). The programmers...

Octopus-infested seas of Central Asia

For the last two years we have been monitoring a Russian-language cyberespionage actor that focuses on Central Asian users and diplomatic entities. We named the actor DustSquad and have provided private intelligence reports to our customers on four of their campaigns involving custom Android and...

Intel® Quartus Family of Tools Privilege Escalation Vulnerability

Summary: Unquoted service paths in the Intel® Quartus family of tools allows a local attacker to potentially execute arbitrary code. Description: The Joint Test Action Group (JTAG) server is vulnerable to replacement of required executables, which on reboot may be run with elevated privileges....

Pumping the Brakes on Artificial Intelligence

While the push-pull between defenders and attackers using artificial intelligence continues, there’s another security dimension to machine intelligence that should be of concern. Just as the rise of IoT devices has created an inadvertent new threat surface ripe for introducing vulnerabilities,...

BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack - Lenovo Support NL

Lenovo Security Advisory: LEN-20527 Potential Impact: Elevation of privilege Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-9062, CVE-2018-12169 Summary Description: An attacker with unfettered physical access to a system and the skill to disassemble it, may attach a...

BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack - US

Lenovo Security Advisory: LEN-20527 Potential Impact: Elevation of privilege Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-9062, CVE-2018-12169 Summary Description: An attacker with unfettered physical access to a system and the skill to disassemble it, may attach a...

Renderkit - Moderately critical - Access bypass - SA-CONTRIB-2018-060

This module, typically in combination with cfr:cfrplugin, allows to compose behaviors from granular components. One of such behaviors is to display a list of related entities, for a given source entity and a given entity relation (e.g. an entity reference field). The components that display...

Bypassing Antivirus for Your Antivirus Bypass

Chances are you have heard about how easy it can be to evade antivirus. Often, this is because the signatures used by vendors are too simplistic and can be successfully duped without changing the functionality of the malware. Have you ever attempted to evade AV? Is it really that easy? In this...

U.S. Ties Lazarus to North Korea and Major Hacking Conspiracy

The Justice Department has charged a North Korean man in the hacking of Sony Pictures Entertainment (SPE) in 2014 – as well as the global WannaCry attack last year that caused millions of dollars of economic damage and also charged him with the costly 2016 SWIFT attack on the Bangladesh central...

K67352212 : Apache vulnerabilities CVE-2018-1286, CVE-2018-1294, CVE-2018-1316, CVE-2018-1319, and CVE-2018-1324

Security Advisory Description CVE-2018-1286 In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users. CVE-2018-1294 If a user of Commons-Email (typically an application...

Hospira LifeCare PCA Infusion System Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-125-01 Hospira LifeCare PCA Infusion System Vulnerabilities that was published May 5, 2015, on the NCCIC/ICS-CERT web site. Independent researcher Billy Rios has identified an improper authorization vulnerability....

Hospira LifeCare PCA Infusion System Vulnerabilities

OVERVIEW Independent researcher Billy Rios has identified an improper authorization vulnerability and an insufficient verification of data authenticity vulnerability in Hospira’s LifeCare PCA Infusion System, which NCCIC/ICS-CERT has been coordinating with Hospira since May 2014. This advisory is.....

Under the hoodie: why money, power, and ego drive hackers to cybercrime

Just one more hour behind the hot grill flipping burgers, and Derek* could call it a day. Under his musty hat, his hair was matted down with sweat, and his work uniform was spattered with grease. He knew he’d smell the processed meat and smoke for the next three days, even after he’d showered. But....

‘LuminosityLink RAT’ Author Pleads Guilty

A 21-year-old Kentucky man has pleaded guilty to authoring and distributing a popular hacking tool called "LuminosityLink," a malware strain that security experts say was used by thousands of customers to gain unauthorized access to tens of thousands of computers across 78 countries worldwide. ...

CVE-2018-10631

Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions. The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870...

CVE-2018-10631

Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions. The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870...

Design/Logic Flaw

Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions. The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870...

Medtronic N'Vision Clinician Programmer (Update A)

EXECUTIVE SUMMARY --------- Begin Update A Part 1 of 5 -------- CVSS v3 6.3 --------- End Update A Part 1 of 5 ----------- ATTENTION: Low skill level to exploit Vendor: Medtronic Equipment: N’Vision Clinician Programmer --------- Begin Update A Part 2 of 5 ----------- Vulnerabilities:...

CVE-2018-3687

Unquoted service paths in Intel Quartus II Programmer and Tools in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary...

CVE-2018-3688

Unquoted service paths in Intel Quartus Prime Programmer and Tools in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary...

CVE-2018-3688

Unquoted service paths in Intel Quartus Prime Programmer and Tools in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary...

CVE-2018-3687

Unquoted service paths in Intel Quartus II Programmer and Tools in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary...

Code injection

Unquoted service paths in Intel Quartus II Programmer and Tools in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary...

Code injection

Unquoted service paths in Intel Quartus Prime Programmer and Tools in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary...

CVE-2018-3688

Unquoted service paths in Intel Quartus Prime Programmer and Tools in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary...

CVE-2018-3687

Unquoted service paths in Intel Quartus II Programmer and Tools in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary...

Bugged Smart Contract FuturXE: How Could Someone Mess up with Boolean? (CVE-2018–12025)

Recently SECBIT team found a serious bug about the if condition in a deployed ERC20 smart contract called FuturXE (FXE) and here is the bugged part: //Function for transer the coin from one address to another function transferFrom(address from, address to, uint value) returns (bool success) { ...

Code injection

Medtronic 2090 CareLink Programmer all versions The affected product uses a virtual private network connection to securely download updates. The product does not verify it is still connected to this virtual private network before downloading updates. An attacker with local network access to the...

CVE-2018-10596

Medtronic 2090 CareLink Programmer all versions The affected product uses a virtual private network connection to securely download updates. The product does not verify it is still connected to this virtual private network before downloading updates. An attacker with local network access to the...

CVE-2018-10596

Medtronic 2090 CareLink Programmer all versions The affected product uses a virtual private network connection to securely download updates. The product does not verify it is still connected to this virtual private network before downloading updates. An attacker with local network access to the...

EulerOS 2.0 SP3 : libvncserver (EulerOS-SA-2018-1176)

According to the version of the libvncserver package installed, the EulerOS installation on the remote host is affected by the following vulnerability : LibVNCServer makes writing a VNC server (or more correctly, a program exporting a framebuffer via the Remote Frame Buffer protocol)...

CVE-2018-10596

Medtronic 2090 CareLink Programmer all versions The affected product uses a virtual private network connection to securely download updates. The product does not verify it is still connected to this virtual private network before downloading updates. An attacker with local network access to the...

A week in security (June 18 – June 24)

Last week, we took a deep dive into SamSam ransomware, looked at ways how to identify and delete malicious emails, recognized that there are now risks affecting job recruitment portals, analyzed a malicious Android app banking on the popularity of Fortnite, and identified causes and solutions for.....

Ex-CIA employee charged with leaking 'Vault 7' hacking tools to Wikileaks

A 29-year-old former CIA computer programmer who was charged with possession of child pornography last year has now been charged with masterminding the largest leak of classified information in the agency's history. Joshua Adam Schulte, who once created malware for both the CIA and NSA to break...

Google to Fix Location Data Leak in Google Home, Chromecast

Google in the coming weeks is expected to fix a location privacy leak in two of its most popular consumer products. New research shows that Web sites can run a simple script in the background that collects precise location data on people who have a Google Home or Chromecast device installed...