12 matches found
EUVD-2018-20476
Malware in sbrugna...
A week in security (July 3 - 9)
Last week on Malwarebytes Labs: How kids pay the price for ransomware attacks on education Solar monitoring systems exposed: Secure your devices Warning issued over vulnerability in cardiac device monitoring software Update Android now! Google patches three actively exploited zero-days Malicious ...
Unspecified Vulnerability in BIOTRONIK CardioMessenger II-S (CNVD-2020-52055)
The Biotronik CardioMessenger II-S is a portable medical monitoring device from Biotronik Germany. A security vulnerability exists in the Biotronik CardioMessenger II-S T-Line T4APP version 2.20 and II-S GSM T4APP version 2.20. An attacker could exploit the vulnerability to obtain medical...
BIOTRONIK CardioMessenger II
1. EXECUTIVE SUMMARY CVSS v3 4.6 ATTENTION: Exploitable with adjacent access/low skill level to exploit Vendor: BIOTRONIK Equipment: CardioMessenger II-S T-Line, CardioMessenger II-S GSM Vulnerabilities: Improper Authentication, Cleartext Transmission of Sensitive Information, Missing Encryption...
CVE-2019-6538
The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro IC...
CVE-2019-6538
The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro IC...
CVE-2019-6538
CVE-2019-6538 concerns Medtronic Conexus radio telemetry protocol lacking authentication/authorization. Connected sources (ICS advisory and coverage) specify the affected devices include MyCareLink Monitor (versions 24950/24952), CareLink Monitor (2490C), CareLink 2090 Programmer, and multiple Me...
Medtronic's Implantable Defibrillators Vulnerable to Life-Threatening Hacks
The U.S. Department of Homeland Security Thursday issued an advisory warning people of severe vulnerabilities in over a dozen heart defibrillators that could allow attackers to fully hijack them remotely, potentially putting lives of millions of patients at risk. Cardioverter Defibrillator is a...
CVE-2018-8868 Medtronic MyCareLink Patient Monitor Exposed Dangerous Method or Function
Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can exploit oth...
CVE-2018-8868
Medtronic MyCareLink Monitor devices (24950 and 24952) contain debug code that enables reading/writing arbitrary memory on implantable devices via short-range wireless interfaces. The vulnerability CVE-2018-8868 arises from an exposed dangerous function debugging path, allowing near-physically pr...
St. Jude Patches Additional Cardiac Device
St. Jude Medical has patched a vulnerability in another Merlin@home Transmitter medical device vulnerable to a man-in-the-middle attack. The medical device maker issued an update on Monday for its Merlin@home Transmitter “inductive” models, expanding the number of devices impacted by a...
Marie Moe on Medical Device Security
Marie Moe, a research scientist at SINTEF of Norway, talks to Mike Mimoso about her personal and emotional connection to medical device security given that she has a pacemaker implanted in her that regulates her heart. Moe, who is in her 30s, has been active in spurring research into the security...