GE CARESCAPE, ApexPro, and Clinical Information Center systems

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: CARESCAPE Telemetry Server, ApexPro Telemetry Server, CARESCAPE Central Station CSCS and Clinical Information Center CIC systems, CARESCAPE B450, B650, B850 Monitors Vulnerabilities:...

Iran Cyber Threat Update

ARCHIVED STORY Iran Cyber Threat Update By Trellix · January 08, 2020 Recent political tensions in the Middle East region have led to significant speculation of increased cyber-related activities. McAfee is on a heightened state of alert to monitor the evolving threats and rapidly implement...

The Curious Case of WebCrypto Diffie-Hellman on Firefox - Small Subgroups Key Recovery Attack on DH

tl;dr Mozilla Firefox prior to version 72 suffers from Small Subgroups Key Recovery Attack on DH in the WebCrypto 's API. The Firefox's team fixed the issue removing completely support for DH over finite fields that is not in the WebCrypto standard. If you find this interesting read further below...

SUSE-SU-2019:3394-1 Security update for python-azure-agent

This update for python-azure-agent fixes the following issues: Update to version 2.2.45 jscECO-80 + Add support for Gen2 VM resource disks + Use alternate systemd detection + Fix /proc/net/route requirement that causes errors on FreeBSD + Add cloud-init auto-detect to prevent multiple provisionin...

Jiangsu Jinzhi Technology Co., Ltd. iPACS-5772 suffers from denial-of-service vulnerability (CNVD-2020-01593)

iPACS-5772 is a measurement and control device with remote control, telemetry, telecommunication functions, logic blocking function, programmed operation function, device self-test, time-alignment function, and the device is equipped with software time-alignment and hardware time-alignment...

Mac threat detections on the rise in 2019

Conventional wisdom has been that, although not invulnerable to cyberthreats as some old Apple ads would have you believe, Macs are afflicted with considerably fewer infections than Windows PCs. However, when reviewing our 2019 Mac detection telemetry, we noticed a startling upward trend. Indeed,...

Hundreds of counterfeit online shoe stores injected with credit card skimmer

There's a well-worn saying in security: "If it's too good to be true, then it probably isn't." This can easily be applied to the myriad of online stores that sell counterfeit goods—and now attract secondary fraud in the form of a credit card skimmer. Allured by great deals on brand names, many...

CVE-2019-19620

In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in scope to the collection of process-execution telemetry, for executions against specific files where the...

CVE-2019-19620

In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in scope to the collection of process-execution telemetry, for executions against specific files where the...

Design/Logic Flaw

In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in scope to the collection of process-execution telemetry, for executions against specific files where the...

CVE-2019-19620

In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in scope to the collection of process-execution telemetry, for executions against specific files where the...

CVE-2019-19620

CVE-2019-19620 affects SecureWorks Red Cloak Windows Agent prior to 2.0.7.9. The issue is a local-privilege-like bypass where a local user can circumvent generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file, specifically impacting process-execution telemetry for ...

Analysis of LooCipher, a New Ransomware Family Observed This Year

ARCHIVED STORY Analysis of LooCipher, a New Ransomware Family Observed This Year By ATR Operational Intelligence Team · December 05, 2019 Co-authored by Marc RiveroLopez. Initial Discovery This year seems to again be the year for ransomware. Notorious attacks were made using ransomware and new...

Nuclear Satcoms

The Fukushima Daiichi nuclear incident in 2011 has led to safety changes that may have an interesting knock-on effect on reactor security. Loss of telemetry during the flooding, as a result of the subsequent loss of power, made assessment of the incident hard to manage. Critical data about the...

Update for customer experience and diagnostic telemetry

Update for customer experience and diagnostic telemetry This article describes an update for Windows 8.1, Windows Server 2012 R2, Windows 7 Service Pack 1 SP1, and Windows Server 2008 R2 SP1. Before you install this update, check out the Prerequisites section. About this update This package updat...

SYS.2.2.3.A25

Ziel des Bausteins SYS.2.2.3 ist der Schutz von Informationen, die durch und auf Windows 10-Clients verarbeiten werden. Die Standard-Anforderung SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...

SYS.2.2.3.A4

Ziel des Bausteins SYS.2.2.3 ist der Schutz von Informationen, die durch und auf Windows 10-Clients verarbeiten werden. Die Basis-Anforderung SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Microsoft’s 4 principles for an effective security operations center

The Microsoft Cyber Defense Operations Center CDOC fields trillions of security signals every day. How do we identify and respond to the right threats? One thing that won’t surprise you: we leverage artificial intelligence AI, machine learning, and automation to narrow the focus. But technology i...

Sophisticated Spy Kit Targets Russians with Rare GSM Plugin

A sophisticated cyberespionage platform called Attor has come to light, sporting an unusual capability for fingerprinting mobile devices as part of its attacks on government and diplomatic victims. According to researchers at ESET, Attor, which has flown under the radar since at least 2013, also...

Operational Technology Networks or OT

Operational Technology Networks or OT Notes: It’s mixing up OT with maritime, so probably isn’t suitable as is. The first section is really good, very relevant. We can use all of that. Once we get in to NMEA data, then it goes off topic. I suggest: Network equipment such as the Scalance Then a...