CISA Warns of BadAlloc Flaw in Blackberry System That Could Allow Malicious Actors to Take Over Sensitive OT Infrastructure, Medical Devices

Mandiant finds flaw that could let hackers intercept audio and video on smart home devices, T-Mobile offers details on breach reach, Chinese gov't could exploit flaws in 58 top websites, much more

The Cybersecurity and Infrastructure Security Agency (CISA) warns that IoT and OT security flaws known as BadAlloc impact BlackBerry's QNX Real-Time Operating System (RTOS), which is used by critical infrastructure organizations. The exploitation of BadAlloc could result in a malicious actor gaining control of highly sensitive systems.

BadAlloc is a collection of 25 vulnerabilities caused by memory allocation Integer Overflow or Wraparound bugs. The FDA also warns patients, health care providers, and manufacturers about the increased risk of these vulnerabilities for medical devices that incorporate BlackBerry QNX software. (Betsy Woodruff Swan and Eric Geller / Politico)

Related: POLITICO, Bleeping Computer, ZDNet Security, US-CERT, PR Newswire, Cyberscoop, Cybersecurity| Reuters.com, FDA.gov

Security researchers at Mandiant discovered a flaw in a software protocol made by Taiwanese internet of things (IoT) vendor ThroughTek used by millions of smart home devices. This flaw could allow…