Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On December 06, 2016

December 2, SecurityWeek – (International) Eight vulnerabilities found in Moxa NPort devices. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) reported that Moxa’s NPort serial device servers are plagued by eight vulnerabilities after security researchers discovered three critical flaws that can be exploited to retrieve an administrator password without authentication, update the device’s firmware without authentication, and use brute force to bypass authentication, as well as high security flaws that can be exploited to cause a denial-of-service (DoS) condition and remotely execute arbitrary code, among other flaws. Moxa released firmware updates for most of the affected servers and advised its customers to install the updates. Source

December 5, Softpedia – (International) Hackers can compromise smart defibrillators and kill the host, researchers warn. A team of security researchers discovered that a malicious actor can compromise and intercept the wireless communication system between Implantable Medical Devices (IMDs) and their monitors to launch reverse engineering and distributed denial-of-service (DDoS) attacks to compromise the devices’ security systems and take control of the devices’ functions. Researchers stated that a standby mode after the communication between the monitors and implanted devices ends is the most effective way to avoid the hack. Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.