Information Security & Occasional Forays Into Adjacent Realms
via Anna Gorman writing at The Atlantic (along with Kaiser Health News) are sounding the klaxxon horns in warning of an astonishing fact in the United States: The influx of infectious diseases in the homeless populations of several states. This my friends, is a true and deadly emergency.
And then, there's this...
via Joseph Cox, writing at Motherboard (a Vice property), tells ths unfortunate tale of a Russian company selling zero-day exploit code, targeting hospital software... Today's MustRead. H/T
"Gleg offers several different packs of exploits for clients: Agora covers mainstream web software; the “SCADA+ Pack” is focused on “industrial software and hardware environment” issues, and, predictably, the MedPack includes vulnerabilities for medical software. A one year subscription for MedPack costs $4,000, and for that Gleg provides 25 exploits per year, most of which are zero-days, Gurkin wrote." - via Joseph Cox, writing at Motherboard (a Vice property)
Danny Palmer - of ZDNet - tells a tale of a new (and ostensibly - mysterious) worm, evidently targeting health care contraptions (reportedly X-Ray Photography Systems and MRI Scanners). There is some discussion attributing the attacks are performing reconnaissance...
via Zaid Shoorbajee - reporting for Cyberscoop, comes a story of security entropy, this time in medical imaging device system patching and an esteemed University's research targeting those systems. In this case, a research paper from Israel's Ben-Gurion University of the Negev Malware-Lab yielded good (but not-necessarily-acted-upon-advice) to Medical Professionals: Patch Your Flawed Imaging Systems...
'“In cases where even a small delay can be fatal, or where a dangerous tumor is removed or erroneously added to an image, a cyberattack can be fatal,” said Tom Mahler, an author on the paper. “However, strict regulations make it difficult to conduct basic updates on medical PCs, and merely installing anti-virus protection is insufficient for preventing cyber-attacks.” ' - Zaid Shoorbajee - reporting for Cyberscoop
Superb accounting of the built-to-fail systems in healthcare, and the predeliction of those same systems towards victimization by ransomware attacks. Via Robert N. Charette writing at the IEEE's Spectrum Magazine.