Kaspersky counts costs. Another big WordPress vulnerability.


Not rendering correctly? View this email as a web page here.

 
Image
 
 
Facebook
 
Twitter
 
YouTube
 

FRIDAY

March 22, 2019

A vulnerability in widely used heart defibrillators earns a 9.3 out of 10 on the severity scale. Pwn2Own hands out awards for attacks on your web browser. And a Vietnamese hacking group aims at automakers. This is CyberScoop for Friday, March 22.    

MEDICAL SECURITY HEARTBURN: The Department of Homeland Security has issued an advisory about a vulnerability in Medtronic heart defibrillators that could allow hackers to change the settings in a medical device from within radio range. The flaw, designated CVE-2019-6538, has been assigned a 9.3 severity out of a possible 10, according to the Cybersecurity and Infrastructure Security Agency advisory. Medtronic said it was not aware of any patients whose devices had been attacked. The company said it is conducting security checks for unauthorized behavior, and that it is developing a series of software updates to resolve the issues. “It’s a serious issue, but not one to panic over,” Beau Woods, cyber safety innovation fellow at the Atlantic Council, told CyberScoop. “If you may be affected, work with your doctor to see if, how, and when to update [your device].” Jeff Stone has the details.

WHITE HATS, BIG BUCKS: Web browsers were the most popular targets over the first two days of this year’s Pwn2Own hacking contest in Vancouver, British Columbia. One team — the “Flouroacetate” duo of Amat Cama and Richard Zhu — was able to successfully attack Apple’s Safari, Mozilla’s Firefox and Microsoft’s Edge, taking home a total of $340,000 in prize money for those zero-day exploits and others as part of the competition hosted by the Zero Day Initiative. Joe Warminsky has roundups of day one and day two. Friday’s competition is the marquee event: Teams will attempt to take over the software of a Tesla Model 3, marking the first time Pwn2Own, held annually during the CanSecWest security conference, has featured an automotive category.

A MESSAGE FROM RAYTHEON

When everything is connected, security is everything. That's why Raytheon delivers solutions that protect every side of cyber for government agencies, businesses and nations. Protecting the most critical information, systems and operations with breakthrough solutions — to make the world a safer place. Click to protect your side.

FACEBOOK SECURITY DRAMA CONTINUES: Facebook plans to notify hundreds of millions of users their passwords were stored in an insecure format that could have allowed company employees to access and view login credentials. An internal investigation has found that between 200 million and 600 million Facebook users may have had their passwords stored in plain text and searchable by more than 20,000 employees, according to KrebsOnSecurity. There is no evidence anyone outside Facebook viewed the passwords, the company said in a statement Thursday, adding there’s also nothing to indicate company employees improperly accessed the information. In its statement Facebook also says that in the course of its review employees “have been looking at the ways we store certain other categories of information – like access tokens – and have fixed problems as we’ve discovered them.” The company has not elaborated on any such problems. Jeff has more.

MADE IN VIETNAM: Vietnam’s most capable hacking group has ramped up targeting of the global car industry, researchers told CyberScoop. FireEye has seen spearphishing attempts on five to 10 organizations in the industry since February. The Southeast Asian country is trying to develop a domestic car industry, and APT32's data-gathering skills could come in handy. “They’re really getting very creative in the way that they try to bundle their malware together and deploy their attacks,” said Cylance’s Tom Bonner. Sean Lyngaas has more details

A MESSAGE FROM RAYTHEON

When everything is connected, security is everything. That's why Raytheon delivers solutions that protect every side of cyber for government agencies, businesses and nations. Protecting the most critical information, systems and operations with breakthrough solutions — to make the world a safer place. Click to protect your side.

GENERAL CONCERNS ABOUT GOOGLE IN CHINA: Gen. Joseph Dunford, chairman of the Joint Chiefs of Staff, said during an interview hosted by the Atlantic Council that he has a meeting scheduled with Google to discuss the company’s involvement with China and how it “indirectly benefits the Chinese military and creates a challenge for us in maintaining a competitive advantage.” Dunford's first big concern is artificial intelligence, FedScoop's Billy Mitchell reports, particularly the ways A.I. could be used to control populations. “The second this it’s going to do is it’s going to enable the Chinese military to take advantage of the technology that is developed in the United States. Why is it developed in the United States? Why is Silicon Valley in the United States? Because of our system of government and the enabling of individual ideas to bubble up and advance the world, whether it’s medically, education, artificial intelligence, you name it.” 

TWEET OF THE DAY

...and he already knows your family, too. 

How about tossing your favorite website a follow on Twitter and a like on Facebook? Click those shiny social buttons below to get the best we have to offer across the social web.

 

To learn about CyberScoop advertising and sponsorship opportunities, drop us a note - we look forward to hearing from you!

 
Facebook
 
Twitter
 
YouTube
 

This newsletter is produced by Scoop News Group.
Visit cyberscoop.com to read this newsletter on the web.