News & Updates

A study conducted by the Ponemon Institute shows insecure Medical devices are enlarging the surface of attacks for organizations.

A study conducted by the Ponemon Institute, based on a survey of 550 individuals, shows that manufacturers and healthcare delivery organizations (HDO) are concerned about cyber attacks on medical devices.

67 percent of medical device makers and 56 percent of HDOs believe that in the next 12 months their medical devices will be targeted by hackers. Unfortunately, only 25 percent of device makers and 38 percent of HDOs believe the security features implemented in the devices can adequately protect patients and the clinicians who use them.

33% of the participants in the survey confirmed they were aware of effects of cyber attacks had a negative impact on patients. Hackers can power a wide range of attacks on the devices, including ransomware attacks, denial-of-service (DoS) attacks, and hijacking of medical devices.

The most disconcerting aspect of the research is that only 17 percent of device manufacturers and 15 percent of HDOs have adopted the necessary countermeasures to prevent attacks. 40 percent of HDOs and manufacturers admitted they haven’t adopted anything to prevent attacks.

Unsecured medical devices represent an entry point for hackers in hospitals and other healthcare organizations, the bad news is that the majority of the participant to the survey believe securing medical devices is very difficult.

The study revealed that security practices in place are not effective, manufacturers and HDOs lack of practices such as security testing throughout the SDLC, code review and debugging systems and dynamic application security testing. Surveyed organizations noticed 36 percent of manufacturers and 45 percent of HDOs do not test devices. Companies that tested the medical devices admitted finding vulnerabilities and even malware into their systems.

medical devices survey

“Medical device security practices in place are not the most effective. Both manufacturers and users rely upon following specified security requirements instead of more thorough practices such as security testing throughout the SDLC, code review and debugging systems and dynamic application security testing. As a result, both manufacturers and users concur that medical devices contain vulnerable code due to lack of quality assurance and testing procedures and rush to release pressures on the product development team.” states the report.

Another worrying data emerged with the survey is that budget increase are usually a consequence of a hacking attack.

“In many cases, budget increases to improve the security of medical devices would occur only after a serious hacking incident occurred. Device makers, on average, spend approximately $4 million on the security of their medical devices and HDOs spend an average of $2.4 million each year. As shown in Figure 9, a serious hacking incident or new regulations would influence their organizations to increase the security budget.” continues the report.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – medical devices, security)

medianet_width = “600”;
medianet_height = “120”;
medianet_crid = “757750211”;
medianet_versionId = “111299”;
(function() {
var isSSL = ‘https:’ == document.location.protocol;
var mnSrc = (isSSL ? ‘https:’ : ‘http:’) + ‘//contextual.media.net/nmedianet.js?cid=8CU5BD6EW’ + (isSSL ? ‘&https=1’ : ”);
document.write(”);
})();

The post Insecure Medical devices are enlarging surface of attacks for organizations appeared first on Security Affairs.

Source: Security affairs

Enlarge (credit: Alfredo Mendez)

Uber and Lyft are returning to Austin—the capital of Texas and home to the South by Southwest festival. The move comes one year after the ride-hailing services left the area over a driver-background check dispute with city regulators and voters.

The two companies are coming back now because state lawmakers passed legislation, which Gov. Greg Abbott is expected to sign Monday, that removes a controversial requirement that prospective drivers have their fingerprints run through an FBI database that tracks people’s criminal activity over the course of their lives. Uber and Lyft claimed that the check was too onerous and should be reserved for security sensitive personnel.

The new legislation supersedes the city of Austin’s regulations, paving the way for the companies’ return to Austin possibly as early as this coming week. (The companies said they would return for business immediately following Abbott’s signature.) Austin Mayor Steve Adler said he was “disappointed” with the new state regulations.

Read 3 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

The nations participant at the G7 Summit in Taormina, Italy, demand action from internet service providers and social media giants against extremist content online.

The effort is necessary to fight against terrorism in a wake of the recent tragic Manchester attack.

“The G7 calls for Communication Service Providers and social media companies to substantially increase their efforts to address terrorist content,” the G7 states said in a statement.

“We encourage industry to act urgently in developing and sharing new technology and tools to improve the automatic detection of content promoting incitement to violence, and we commit to supporting industry efforts in this vein including the proposed industry-led forum for combating online extremism,” 

Investigators believe that the Manchester bomber may have been radicalized online by Islamic State groups active on social media.

“Make no mistake: the fight is moving from the battlefield to the internet,” Prime Minister Theresa May told her G7 colleagues while chairing a discussion on counter-terrorism in the Sicilian resort of Taormina.

Another common objective of the G7 is the identification and the prosecution of foreign fighters involved in various conflicts various areas, such as the Syria and the Turkey.

The G7 states are requesting the support from local authorities to prosecute the foreign fighters, Lebanon, Jordan and Iraq are areas of high interested in the investigators.

The investigators believe that the Manchester bomber had been to Syria after visiting his parents’ homeland of Libya.

“It is vital we do more to cooperate with our partners in the region to step up returns and prosecutions of foreign fighters,” added May.

“This means improving intelligence-sharing, evidence gathering and bolstering countries’ police and legal processes.”

Tarmina g7 summit

(L-R): EU Council President Donald Tusk, Canadian Prime Minister Justin Trudeau, German Chancellor Angela Merkel, US President Donald Trump, Italian Prime Minister Paolo Gentiloni, French President Emmanuel Macron, Japanese Prime Minister Shinzo Abe, British Prime Minister Theresa May and European Union Commission President Jean-Claude Juncker pose for a family photo on the first day of the G7 Summit at the Teatro Greco in Taormina, Italy, 26 May 2017. The G7 Summit will be held from 26 to 27 May 2017. ANSA/ETTORE FERRARI ANSA/ETTORE FERRARI

The G7 states have to improve information sharing processes on terrorism issued, law enforcements and intelligence agencies share results of the investigations and border security methods with countries where foreign fighters travel through or fight in.

Every time a foreign fighter cross a border, specific actions must be triggered to track down them and their organizations.

“When our allies find evidence, such as video or papers, of illegal activity involving foreign fighters, for example a Brit in a conflict zone, they should pass that to our authorities. It may help prosecute foreign fighters when they return.”

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – G7 Summit Taormina, Foreign fighters)

medianet_width = “600”;
medianet_height = “120”;
medianet_crid = “757750211”;
medianet_versionId = “111299”;
(function() {
var isSSL = ‘https:’ == document.location.protocol;
var mnSrc = (isSSL ? ‘https:’ : ‘http:’) + ‘//contextual.media.net/nmedianet.js?cid=8CU5BD6EW’ + (isSSL ? ‘&https=1’ : ”);
document.write(”);
})();

The post G7 Summit – States demand Internet Giants to join forces against online propaganda appeared first on Security Affairs.

Source: Security affairs

Enlarge (credit: US Food and Drug Administration)

Pacemakers are devices that are implanted in the chest or abdomen to control life-threatening heartbeat abnormalities. Once they’re in place, doctors use radio signals to adjust the pacemakers so that additional major surgeries aren’t required. A study recently found that pacemakers from the four major manufacturers contain security weaknesses that make it possible for the devices to be stopped or adjusted in ways that could have dire effects on patients.

Chief among the concerns: radio frequency-enabled pacemaker programmers don’t authenticate themselves to the implanted cardiac devices, making it possible for someone to remotely tamper with them.

“Any pacemaker programmer can reprogram any pacemaker from the same manufacturer,” researchers from medical device security consultancy WhiteScope wrote in a summary of their findings. “This shows one of the areas where patient care influenced cybersecurity posture.”

Read 4 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge (credit: Icon Sportswire/Shaun Botterill/Brian Lawdermilk/BMW)

As we prepare to head into Memorial Day weekend, there’s a bumper crop of wheel-to-wheel action on offer for the motorsports fan. Both IndyCar and Formula 1 have their biggest races of the year this Sunday, NASCAR has its 600-mile race at Charlotte, and over in Germany hundreds of thousands of fans are camping around (and possibly setting fire to) the mighty Nürburgring.

Despite not being broadcast here in the US, the last of these is probably the easiest for you to watch. That’s because the organizers have provided a free international livestream on YouTube:

The race starts at 11am ET (3pm CET) on Saturday (May 27) and runs for the next 24 hours. There’s also English language commentary from the always-excellent team at Radio Le Mans.

Read 6 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

(credit: Court documents)

At the heart of Uber’s litigation with Waymo is another oddly-named self-driving startup called Otto. That’s the company founded by Uber engineer Anthony Levandowski right after he left Google, the job at which he was accused of illegally downloading more than 14,000 files. Levandowski sold Otto to Uber within a few months.

While the legal action between Uber and Waymo rages on, Uber is quietly ending another legal fight over the name “Otto” itself. Back in August, just after Uber’s acquisition for $680 million, Otto was sued (PDF) by Clearpath Robotics, a large installed-robotics company with a headquarters in Kitchener, Ontario. Clearpath already had a division called OTTO Motors, which manufactured OTTO, described as “the first self-driving warehouse robot.”

Read 5 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Comcast’s customer satisfaction score for subscription TV service fell 6 percent in a new survey, putting the company near the bottom of rankings published by the American Customer Satisfaction Index (ACSI).

Comcast’s score fell from 62 to 58 on ACSI’s 100-point scale, a drop of more than 6 percent between 2016 and 2017. The ACSI’s 2017 report on telecommunications released this week attributed the decrease to “price hikes for Xfinity (Comcast) subscriptions.”

Satisfaction with pay-TV providers dropped industry-wide, tying the segment with Internet service (a product offered by the same companies) for last place in the ACSI’s rankings. The ACSI summarized the trend as follows:

Read 20 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge (credit: WAVY TV 10)

When a video showing a six-year-old girl getting yanked into the sea by a feisty sea lion went viral this week, her parents quickly received international flak—and some potentially critical health information. The online fuss is raising awareness of a severe infection called seal finger, along with some of the other dangers of messing with sea lions.

The infection, which can lead to severe inflammation and amputations if not properly treated, is rare but well-known to marine life experts and fisherman. It’s caused by Mycoplasma phocacerebrale, a type of bacteria known to live in the mouths of seals and sea lions. Mycoplasma species have several notable features, but a critical one for seal finger is that they’re difficult to kill with many standard antibiotics—something the parents of the snatched six-year-old would clearly want to know. If it weren’t for the Internet, they might not.

The girl, who was swiftly retrieved from the harbor by her quick-thinking grandfather, is reported to have a 5-by-10 centimeter wound on her lower body from her sea lion encounter. Her parents were unaware of the risk of seal finger infection until media reports about the viral video included marine experts, who mentioned the danger. The parents have since consulted with marine experts and doctors. Though it’s not certain that she has the infection, she’s receiving antibiotics as a precaution.

Read 3 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge

With Destiny 2 moving the franchise to the PC for the first time, a lot of players were hoping Activision would use dedicated servers to ensure stability and reliability. The company mentioned last week that those hopes for a dedicated server wouldn’t be fulfilled, but Destiny 2 Engineering Lead Mat Segur says the game’s hybrid server model is a bit more complex than that announcements suggests.

Unlike the original Destiny, where matches were hosted on one player’s console, “every activity in Destiny 2 is hosted by one of our servers,” Segur said in a Bungie blog post yesterday. “That means you will never again suffer a host migration during your Raid attempt or Trials match.”

But those servers won’t handle all the data for every player in the game. While “the server is authoritative over how the game progresses… each player is authoritative over their own movement and abilities,” Segur continued. “This allows us to give players the feeling of immediacy in all their moving and shooting—no matter where they live and no matter whom they choose to play with.”

Read 3 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge (credit: Andrew Harrer/Bloomberg via Getty Images)

Early in March, President Donald Trump surrendered his personal Android phone—the phone from which scores of controversial Twitter posts had been launched. Based on Twitter metadata, Trump retired the Android device after expressing outrage over the DNC’s failure to let the FBI search its servers and taunting Arnold Schwarzenegger on March 5. The next day, he replaced it with an iPhone.

According to a report from Axios’ Mike Allen, Twitter is the only application running on Trump’s new iPhone. And on his current overseas trip, staff have tried to limit his screen time in order to reduce the volume of his 140-character missives, Allen wrote:

Read 2 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/