Threat Intelligence

Threat Intel: Johnson Controls International (JCI) Hit by Ransomware Attack

Vicki Michaeli

Sep 29, 2023

Threat Intel: Log4j - Critical Zero Day Vulnerability

A critical zero-day vulnerability was published over the weekend that affects the Apache Log4j library. The vulnerability has received the highest possible CVSS score of 10.0, and is already being searched for and exploited in the wild by threat actors.

Cynerio

Dec 13, 2021

Threat Intel: NUCLEUS:13 Vulnerabilities

NUCLEUS:13 is a set of 13 recently identified vulnerabilities that affect Nucleus NET, the TCP/IP stack of the Nucleus Real-Time Operating System (RTOS). Our latest blog summarizes why NUCLEUS:13 is so threatening to healthcare organizations, which medical devices are vulnerable and what can healthcare organizations do to mitigate this threat.

Daniel Brody

Nov 11, 2021

Preventing The Worst-Case Scenario for Hospital Ransomware

In the aftermath of the Colonial Pipeline ransomware attack a few months ago, healthcare cybersecurity professionals wondered when their own industry might have to grapple with an attack so devastating that it caused hospitals and clinics to reconsider whether they were effectively protecting their growing infrastructure of connected devices. However, the hospital ransomware hack in question might have predated Colonial Pipeline’s attack, we just didn’t know it yet.

Daniel Brody

Oct 4, 2021

Threat Intel: PwnedPiper Pneumatic Tube System Zero-Day

PwnedPiper allows attackers to manipulate the control panel that underpins Translogic pneumatic tube systems’ functionality without having to authenticate to the network. This would allow attackers a chance to execute code remotely and launch denial-of-service attacks.

Cynerio

Aug 4, 2021

Threat Intel: ICS Medical Advisory: ZOLL Defibrillator Dashboards

CISA released ICS Medical Advisory (ICSMA-21-161-01) on June 10, 2021, detailing six newly discovered vulnerabilities in ZOLL Defibrillator Dashboards. The vulnerabilities have a CVSS v3 base score of 9.9. These vulnerabilities are remotely executable and are of low attack complexity.

Cynerio

Jun 11, 2021

Threat Intel: NAME:WRECK TCP/IP Vulnerabilities Exposed

Dubbed NAME:WRECK, this new set of vulnerabilities can be added to a growing list of TCP/IP stack vulnerabilities that includes Ripple20, AMNESIA:33, and others.

Cynerio

Apr 14, 2021

Threat Intel: Philips Interventional Workstation Vulnerability Exposed

CISA released ICS Medical Advisory (ICSMA-21-019-01) on January 19, 2021, detailing a newly discovered vulnerability in Philips Interventional Workstation products with a CVSS v3 base score of 6.5.

Cynerio

Jan 20, 2021

Threat Intel: DNSpooq--7 New dnsmasq Vulnerabilities Discovered

JSOF disclosed DNSpooq, a new group of vulnerabilities (CVE-2020-25681-7) with a CVSS v3 base score of 8.1, on January 19, 2021. The new vulnerabilities, found in dnsmasq can result in cache poisoning and buffer overflows.

Cynerio

Jan 20, 2021

Threat Intel: ICS Medical Advisory: GE CARESCAPE CV150 Patient Monitors

An ICS Medical Advisory (ICSMA-21-007-01) with a CVSS v3 base score of 5.3 was issued on two improper neutralization vulnerabilities found in GE CARESCAPE patient monitors.

Cynerio

Jan 8, 2021

AMNESIA:33 Vulnerabilities Affect Millions of IoT Devices

The disclosure of 33 vulnerabilities, collectively dubbed AMNESIA:33, found across four open source TCP/IP stacks yesterday affects multiple Healthcare IoT products provided by various vendors.

Cynerio

Dec 10, 2020

Threat Intel: Critical CVEs Found in GE Imaging and Ultrasound Products

CISA released ICS Medical Advisory (ICSMA-20-343-01) on December 8, 2020 citing two major vulnerabilities discovered in a slew of GE radiology products.

Cynerio

Dec 9, 2020

Threat Intelligence: BD Alaris Network Sessions Vulnerability

On Thursday, November 12, 2020, BD voluntarily alerted the US Department of Homeland Security and the FDA of a network session vulnerability with a CVSS score of 6.5 affecting specific versions of two BD Alaris products.

Cynerio

Nov 12, 2020

Threat Intelligence: BD Releases Advisory on Microsoft’s Zerologon Vulnerability

BD posted an advisory on November 6, 2020 regarding the Microsoft Netlogon elevation of privilege vulnerability (CVE-2020-1472), more widely known as Zerologon.

Cynerio

Nov 8, 2020

Threat Intelligence: B. Braun Device Vulnerabilities

CISA released two ICS Medical Advisories (ICSMA-20-296-01 and ICSMA-20-296-02) on October 22, 2020. The vulnerabilities enable remote exploitation, allowing threat actors to escalate privileges, access ePHI, and upload malicious data packets, compromising the devices’ security.

Cynerio

Oct 22, 2020

Threat Intelligence: Bad Neighbor

Microsoft announced a critical vulnerability (CVE-2020-16898) on October 13, 2020 with a CVSS score of 9.8. The vulnerability is located within an ICMPv6 Neighbor Discovery “Protocol”, and uses the Router Advertisement type in the Windows IPv6 stack.

Cynerio

Oct 14, 2020

Healthcare IoT Attack Surface Expands with Windows Embedded Standard 7 EOL

With the retirement of Microsoft's Windows Embedded Standard 7 operating system, Cynerio offers healthcare facilities a complimentary risk assessment until October 31, in support of CISA’s National Cyber Awareness Month.

Cynerio

Oct 7, 2020

Threat Intelligence: IntelliVue Vulnerabilities

The ICS-CERT issued a new advisory (ICSMA-20-233-01) on September 10, 2020. This is a set of vulnerabilities with a combined CVSS v3 base score of 6.8 that can be exploited remotely.

Cynerio

Sep 11, 2020

Threat Intelligence: Advisory Issued for Philips SureSigns VS4 Devices

Philips SureSigns VS4 patient monitors, versions A.07.107 and older are at risk. These devices monitor patients’ vital signs.

Cynerio

Aug 23, 2020

Threat Intelligence: NSA & CISA Recommendations for Reducing OT and CS Threat Exposure

CISA and the NSA issued an alert (AA20-205A) on July 26, 2020 regarding the increased threat of cyber attacks on critical infrastructure through connected Operational Technologies (OT) and Control Systems (CS) vulnerabilities.

Cynerio

Jul 27, 2020

BD Issues Recall on Alaris Systems Hardware

BD issued a recall on a number of Alaris model infusion pumps for hardware defects and malfunctions that can disrupt the devices’ operation on June 30, 2020. The manufacturer issued an addendum to the original recall on August 20.

Cynerio - updated September 3

Jul 1, 2020

Threat Intelligence: Ripple20 Puts Healthcare IoT at Particular Risk

The Ripple20 threat (CVE-2020-11896/CVE-2020-11898), a series of 19 critical vulnerabilities, impacts millions of connected devices and puts healthcare organizations at particular risk.

Cynerio

Jun 17, 2020

URGENT/11 TCP/IP Stack Vulnerabilities

URGENT/11 is a group of 11 zero-day vulnerabilities found in the VxWorks TCP/IP stack (IPnet) are remotely executable and affect millions of medical and IoT devices.

Cynerio

Aug 1, 2019