Data Security News Headlines 11th September 2017

  1. Beware of new malware that steals money via mobile phones

New Delhi: Android users are being targeted by various malware to steal money from user’s devices. According to the latest report, new malware Xafecopy Trojan has been detected in India which steals money through victims’ mobile phones, cyber security firm Kaspersky said in a report. Around 40 per cent of the target of the malware has been detected in India.  “Kaspersky Lab experts have uncovered a mobile malware targeting the WAP billing payment method, stealing money from victims’ mobile accounts without their knowledge,” the report said.  Xafecopy Trojan is disguised as useful apps like BatteryMaster and operates normally. The trojan secretly loads malicious code onto the device. Once the app is activated, the Xafecopy malware clicks on web pages with Wireless Application Protocol (WAP) billing – a form of mobile payment that charges costs directly to the user’s mobile phone bill.

Cyber Security Tips:  Users are strongly recommended that avoid using unnecessary apps, install application from trusted sources only, avoid clicking on any ads, keep using reputed antivirus and keep your device up-to date

  1. Hackers Can Remotely Access Syringe Infusion Pumps to Deliver Fatal Overdoses

Internet connected devices are increasing day-to-day.  Hackers are targeting IOT to earn money. Medical devices are increasingly found vulnerable to hacking. Earlier this month, the US Food and Drug Administration (FDA) recalled 465,000 pacemakers after they were found vulnerable to hackers. According to the latest report, syringe infusion pump used in acute care settings could be remotely accessed and manipulated by hackers to impact the intended operation of the device, ICS-CERT warned in an advisory issued on Thursday. An independent security researcher has discovered eight security vulnerabilities in the Medfusion 4000 Wireless Syringe Infusion Pump, which is manufactured by Minnesota-based specialty medical device maker Smiths Medical. Hacker can easily exploit to “gain unauthorized access and impact the intended operation of the pump.” The high-severity flaws include buffer overflow, Lack of authentication, Presence of hard-coded credentials and Lack of proper host certificate validation. These vulnerabilities impact devices that are running versions 1.1, 1.5 and 1.6 of the firmware.

Cyber Security Tips:  Healthcare organizations are strongly recommended to apply some defensive measures including assigning static IP addresses to pumps, keep monitoring network activity for malicious activities, installing the pump on isolated networks, setting strong passwords, and regularly creating backups until patches are released.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: