Thirteen Flaws That Could Crash Anesthesia Machines, Patient Monitors Discovered

Hackers-for-hire infiltrated accounts, phones of 3,500 people, Microsoft issues fixes for 55 bugs, Biden renews Trump's ban on Chinese tech, Google wins UK case on iPhone user data collection, more

Researchers at Forescout, with support from MediaGate Labs, say they have found thirteen vulnerabilities affecting the Nucleus TCP/IP stack, a library now maintained by Siemens. The flaws affect medical devices and machinery used in other industries that could cause critical equipment such as patient monitors to crash if exploited by a hacker.

The vulnerabilities, dubbed NUCLEUS:13, allow for remote code execution, denial of service, and information leaks in devices such as anesthesia machines, patient monitors, etc. Siemens has released patches for all the vulnerabilities. Some of those had already been patched in existing versions of the stack but never issued CVE IDs. (Sean Lyngaas / CNN)

Related: Forescout, CNN.com, Becker’s Hospital Review, ZDNet, ICS-CERT Advisory Feed, Security Week, The Hacker News, The Record by Recorded Future

Netherlands-based Trend Micro cybersecurity researcher Feike Hacquebord discovered that a Russian-speaking RocketHack crew has quietly infiltrated email …