EUVD-2021-14164

Malware in sbrugna...

EUVD-2023-12877

Malicious code in bioql PyPI...

Story About Medical Device Security

Ben Rothke relates a story about me working with a medical device firm back when I was with BT. I don't remember the story at all, or who the company was. But it sounds about right...

The vulnerability of the microprogrammed software of the CMS8000 Patient Monitor and Epsimed MN-120 medical devices lies in the fact that they send requests to a rigidly encoded external IP address. This allows attackers to circumvent security restrictions and upload or re-upload files onto the devices.

The vulnerability of the microprogrammed software in medical monitoring devices such as CMS8000 Patient Monitor and Epsimed MN-120 lies in the fact that requests are sent to a rigidly encoded external IP address. Exploiting this vulnerability allows an attacker to bypass security restrictions and...

Boston Scientific Zoom Latitude Programmer/Recorder/Monitor Model 3120 安全漏洞

The Boston Scientific ZOOM LATITUDE Programmer/Recorder/Monitor PRM Model 3120 is a portable cardiac rhythm management Crm programming system from Boston Scientific, Inc. The Boston Scientific ZOOM LATITUDE Programmer/Recorder/Monitor PRM Model 3120 is vulnerable to an encryption error that could...

Nexus Control Panel Buffer Overflow Vulnerability (CNVD-2021-62179)

Swisslog Healthcare Nexus Panel is a medical device from Swisslog Healthcare. A buffer overflow vulnerability exists in Nexus Control Panel versions prior to 7.2.5.7. An attacker can exploit this vulnerability by sending a specially crafted message to the HMI to enable remote code execution...

Multiple Sooil Product Security Feature Issue Vulnerabilities

Sooil Dana Diabecare RS and others are products of Sooil Korea.Sooil Dana Diabecare RS is a smart insulin pump with discrete remote control for medical use.Sooil Anydana-i is a mobile application that can be used to control the Sooil Dana Diabecare RS.Sooil Anydana-i is a mobile application that...

CVE-2019-18254

CVE-2019-18254 affects BIOTRONIK CardioMessenger II; root cause is lack of encryption of sensitive data at rest, enabling disclosure of medical measurements and device serial numbers with physical access. The ICS advisory confirms affected CardioMessenger II variants and assigns CVSSv3 base 4.6 (...

CVE-2020-12048

CVE-2020-12048 affects Baxter’s Phoenix Hemodialysis Delivery System software versions 3.36 and 3.40. The vulnerability is cleartext transmission of sensitive data (CWE-319): the system does not support data-in-transit encryption (e.g., TLS/SSL) when sending treatment and prescription data over t...

BIOTRONIK CardioMessenger II-S Authorization Issue Vulnerability (CNVD-2020-52054)

The Biotronik CardioMessenger II-S is a portable medical monitoring device from Biotronik Germany. A security vulnerability exists in the Biotronik CardioMessenger II-S T-Line T4APP version 2.20 and II-S GSM T4APP version 2.20, which originates from a program that can recover format-stored...

A week in security (February 17 – 23)

Last week on Malwarebytes Labs, we highlighted the benefits and concerns of identity-as-a-service IDaaS, an identity management scheme deployed from the cloud; reported on scammers and squatters taking advantage of Rudy Giuliani’s Twitter typos; and gave a high-level overview of RobbinHood, the...

The Archimedes Medical Device Security 101 Conference - A Secure Forum for Security Issues

The University of Michigans Archimedes Center for Medical Device Security hosted its second annual MDS 101 conference in Orlando this month. The conference provides a secure forum for attendees to speak freely about cybersecurity issues with respected professionals who can help establish best...

Threat Predictions for Connected Life in 2018

Download the Kaspersky Security Bulletin: Threat Predictions for Connected Life in 2018 Introduction: To be awake is to be online The average home now has around three connected computers and four smart mobile devices. Hardly surprising, considering that 86 per cent of us check the Internet sever...

Justine Bone on St. Jude Vulnerabilities and Medical Device Security

MedSec CEO Justine Bone talks to Mike Mimoso about the St. Jude Medical vulnerabilities, the considerations her company and Muddy Waters made in short selling St. Jude stock, and the current state of medical device security. Download: JustineBoneonSt.JudeVulnerabilitiesandMedicalDeviceSecurity.mp...

Marie Moe on Medical Device Security

Marie Moe, a research scientist at SINTEF of Norway, talks to Mike Mimoso about her personal and emotional connection to medical device security given that she has a pacemaker implanted in her that regulates her heart. Moe, who is in her 30s, has been active in spurring research into the security...

Animas OneTouch Ping Information Disclosure Vulnerability

The Animas OneTouch Ping is a medical self-service device for diabetics taking insulin from Animas USA. A security vulnerability exists in the Animas OneTouch Ping device that stems from the program not encrypting data. A remote attacker could exploit the vulnerability by sniffing a network to...

Honeypots Help Illustrate Scores of Vulnerabilities in Medical Devices

There have been some strides made in the last year, but for the most part, security around the healthcare industry has remained the consummate laggard. In the eyes of many, including Scott Erven, a medical device security advocate who spoke at last week’s Security Analyst Summit, the healthcare...

Podcast: Black Hat News Wrap, Day Two

Dennis Fisher, Mike Mimoso and Brian Donohue discuss the news from day two of Black Hat, including a CryptoLocker working group, a medical device security and privacy roundtable and overview of the various security and privacy improvements at Yahoo over the last year. Image via Black Hat USA 2014...

Executive Agencies Pass on New Cybersecurity Regulations

Three Executive Branch federal agencies crucial to critical infrastructure protection will be allowed to continue to voluntarily assess cyber risk, rather than force the development and implementation of additional regulations. The White House yesterday released its conclusions as they relate to...

Members of We Are the Cavalry on Security Research

Dennis Fisher talks with several members of the We Are the Cavalry project, including Josh Corman, Robert Hansen, Space Rogue and John Dickson, about the movement’s origins, its goals to promote research on topics such as medical device security and how to help change the perception of security...