“Caution advised to patients as cyber vulnerabilities seem possible”
The insulin pumps in question retain a malfunction that could allow hackers to breach its defenses, causing an overdose of insulin. This news breaks while medical security remains of high concern following a series of stories that particular pacemakers and defibrillators exhibited bugs that may signal security vulnerabilities of their own.
Johnson &Johnson describes the potential risk as low as there have been no reported hacking attempts thus far, but is advising patients that there may be certain security flaws they could be subjected to and sharing advice on potential fixes for the issue.
“IoT devices used to target victims”
Weak default usernames and passwords assigned to internet connected devices seemed to be the target of the Mirai botnet that was responsible for the massive DDoS attack. In contrast to other botnets, this program employs IoT gadgets to select and attack its targets.
This same platform was used to bring down Security reporter Brian Krebs website with another massive DDoS cyber-attack, searching through devices with a list of easily guessable passwords such as ‘12345’ and ‘admin.’
“Would allow attacker to end malicious programs”
Dell’s vApp manager for Unisphere for VMAX was revealed to have five zero day vulnerabilities, announced by digital security consultants Digital Defense. The web application is used to manage all of EMC’s storage platform, and vulnerabilities breached would allow hackers to send Adobe Flash Action Message Format messages from the server running the program.
Attackers may be able to completely shut down or gain total control of the storage platforms, providing grave cause for concern. EMC has patches available through security advisories on these potential breaches available to Dell EMC customers.