December 2, SecurityWeek – (International) Eight vulnerabilities found in Moxa NPort devices. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) reported that Moxa’s NPort serial device servers are plagued by eight vulnerabilities after security researchers discovered three critical flaws that can be exploited to retrieve an administrator password without authentication, update the device’s firmware without authentication, and use brute force to bypass authentication, as well as high security flaws that can be exploited to cause a denial-of-service (DoS) condition and remotely execute arbitrary code, among other flaws. Moxa released firmware updates for most of the affected servers and advised its customers to install the updates. Source
December 5, Softpedia – (International) Hackers can compromise smart defibrillators and kill the host, researchers warn. A team of security researchers discovered that a malicious actor can compromise and intercept the wireless communication system between Implantable Medical Devices (IMDs) and their monitors to launch reverse engineering and distributed denial-of-service (DDoS) attacks to compromise the devices’ security systems and take control of the devices’ functions. Researchers stated that a standby mode after the communication between the monitors and implanted devices ends is the most effective way to avoid the hack. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report