Thirteen Flaws That Could Crash Anesthesia Machines, Patient Monitors Discovered

Hackers-for-hire infiltrated accounts, phones of 3,500 people, Microsoft issues fixes for 55 bugs, Biden renews Trump's ban on Chinese tech, Google wins UK case on iPhone user data collection, more

Researchers at Forescout, with support from MediaGate Labs, say they have found thirteen vulnerabilities affecting the Nucleus TCP/IP stack, a library now maintained by Siemens. The flaws affect medical devices and machinery used in other industries that could cause critical equipment such as patient monitors to crash if exploited by a hacker.

The vulnerabilities, dubbed NUCLEUS:13, allow for remote code execution, denial of service, and information leaks in devices such as anesthesia machines, patient monitors, etc. Siemens has released patches for all the vulnerabilities. Some of those had already been patched in existing versions of the stack but never issued CVE IDs. (Sean Lyngaas / CNN)

Related: Forescout, CNN.com, Becker’s Hospital Review, ZDNet, ICS-CERT Advisory Feed, Security Week, The Hacker News, The Record by Recorded Future

Netherlands-based Trend Micro cybersecurity researcher Feike Hacquebord discovered that a Russian-speaking RocketHack crew has quietly infiltrated email and Telegram accounts, PCs, and Android phones of as many as 3,500 individuals.

Using primarily phishing emails containing links to fake login pages for Google Gmail journalists, the hackers have targeted human rights activists and politicians to telecommunication engineers and IVF doctors across a few dozen clinics. The hackers’ business model “goes after the most private and personal data of businesses and individuals then sells that data to whoever wants to pay for it.” The crew has also sold call record logs from cell towers, airline data, and banking information. (Thomas Brewster / Forbes)

A scammer who uses the handle Syenrai exploited Instagram’s memorialization feature, which allows users to report to the company that an Instagram account holder has died, to temporarily lock the Instagram account of Adam Mosseri, the head of Instagram, by pretending that the executive was dead.

Instagram confirmed that the lock on Mosseri’s account, which was created using a fake obituary, happened in September and that the company quickly resolved the issue. But Syenrai said others they’ve targeted don’t get their accounts back so swiftly. (Joseph Cox / Motherboard)

Related: RT News

Researchers at Microsoft detected exploits that install webshells to compromise systems running the ZOHO ManageEngine ADSelfService Plus software versions vulnerable to CVE-2021-40539 in a targeted campaign by a group operating out of China.

The same group, DEV-0322, also targeted a zero-day flaw in SolarWinds Serv-U FTP software. The exploit involves a REST API authentication bypass that can lead to remote code execution in vulnerable devices. (Liam Tung / ZDNet)

Related: Infosecurity Magazine, Microsoft, Dark Reading, The Sun, Threatpost

Microsoft issued its Patch Tuesday update to fix at least 55 security bugs in its Windows operating systems and other software. Two of the patches address vulnerabilities already used in active attacks online, and Microsoft publicly disclosed four of the flaws before the security updates.

Among the zero-day bugs is CVE-2021-42292, a “security feature bypass” problem with Microsoft Excel versions 2013-2021 that could allow attackers to install malicious code just by convincing someone to open a booby-trapped Excel file. (Brian Krebs / Krebs on Security)

Related: iTnews - Security, Bleeping Computer, Microsoft, Microsoft, Security Week, Threatpost, Sophos News, The State of Security, Tripwire, Talos Intel, The Register, Dark Reading, IT News, The Hacker News

Researchers at Accenture and Prevailion provided more details on the Iranian state-supported APT known as 'Lyceum' (Hexane, Spilrin), which targeted ISPs and telecommunication service providers in the Middle East and Africa between July and October 2021.

The researchers say that Lyceum uses two distinct malware families, dubbed Shark and Milan, that communicate via DNS and HTTPS with their command and control servers (C2), with Shark also using DNS tunneling. Lyceum appears to monitor researchers, analyzing their malware to update their code and stay ahead of defensive mechanisms. (Bill Toulas / Bleeping Computer)

Related: ZDNet Security, Accenture

According to a new report by the NCC Group, the Clop ransomware gang, also tracked as TA505 and FIN11, exploits a SolarWinds Serv-U vulnerability to breach corporate networks and ultimately encrypt its devices.

The Serv-U Managed File Transfer and Serv-U Secure FTP remote code execution vulnerability tracked as CVE-2021-35211 allows a remote threat actor to execute commands on a vulnerable server with elevated privileges. SolarWinds released an emergency security update in July 2021 after discovering "a single threat actor" exploiting it in attacks, but many vulnerable Serv-U servers remain publicly accessible. (Bill Toulas / Bleeping Computer)

Related: Reddit cybersecurity, Security Affairs, NCC Group, Security Week

President Joe Biden has renewed a ban on U.S. investment into any Chinese companies with alleged ties to China’s military, specifically calling out “Chinese surveillance technology” as a threat to human rights worldwide.

The investment ban, first enacted by President Donald Trump through an Executive Order in November of 2020, denylists 59 companies, including technology giant Huawei, which has ties to China’s People’s Liberation Army. In a statement, Biden said, “the use of Chinese surveillance technology outside the PRC and the development or use of Chinese surveillance technology to facilitate repression or serious human rights abuse continue to constitute unusual and extraordinary threats.” (Matt Novak / Gizmodo)

Related: White House

The UK Supreme Court has blocked a planned 3.2 billion pound ($4.3 billion) British class action against Google over allegations the internet giant unlawfully tracked the personal information of millions of iPhone users.

The case, led by Richard Lloyd, a consumer rights activist and the former director of Which? Magazine sought to extend Britain's class action regime to include compensation claims for alleged data misuse despite no apparent financial loss or distress. Lloyd alleged that Google secretly took more than 5 million Apple iPhone users' data between 2011 and 2012 by bypassing default privacy settings on Safari browsers to track internet browsing histories and used this for commercial purposes. (Kirstin Ridley / Reuters)

Related: Information Age, BNN Bloomberg, Information Age, The Sun, City A.M. - Technology, Natasha Lomas – TechCrunch, 9to5Mac, RT News, MSPoweruser, CNBC Technology, Metro.co.uk, Digital Journal, POLITICO EU, Silicon Republic, Business Insider, WSJ.com: WSJD, MacRumors, iMore, Apple Insider

Researchers at DevOps specialist firm Jfrog discovered 14 vulnerabilities in BusyBox, a software suite used by many of the world’s leading operational technology (OT) and internet of things (IoT) devices that allow for remote code execution, denial of service, and data leaks.

However, the vulnerabilities require effort to exploit and can only be exploited when a lzma-compressed input is decompressed. Lzma is a compression algorithm that uses dictionary compression and encodes its output using a range encoder. (Elizabeth Montalbano / Threatpost)

Related: SC Magazine, Jfrog, CSO Online

AI-based identity verification company Socure raised $450 million as part of an oversubscribed series E round.

Accel and T. Rowe Price led the round with participation by Bain Capital Ventures, Tiger Global, Commerce Ventures, Flint Capital, Scale Venture Partners, Sorenson, and Two Sigma Ventures. (Kyle Wiggers / Venture Beat)

Related: Bloomberg, Reuters, American Banker, TechCrunch

Contrast Security, which develops app security and embedded code analysis technologies, raised $150 million in a Series E venture funding round.

Liberty Strategic Capital, former treasury secretary Steve Mnuchin’s venture firm, led the round participation from existing Contrast investors Warburg Pincus, Battery Ventures, General Catalyst, Microsoft's M-12 Fund, AXA Venture Partners, and Acero Capital.  (Kyle Wiggers / Venture Beat)

Related: Silicon Angle, PR Newswire

Israel-based breach and attack simulation platform provider raised $53.5 million in a Series D funding round.

Sonae IM and Israel Growth Partners (IGP) led the round with additional participation from Sands Capital and Leumi Partners, strategic investment from ServiceNow, and participation from existing investors. (FinSMEs)

Related: Dark Reading, VC News Daily, MSSP Alert, Security Week, Business Wire

Security and compliance automation platform Drata has raised $100 million in a Series B round of funding, elevating the company to a $1 billion valuation.

ICONIQ Growth led the round with additional investments from Alkeon Capital and Salesforce Ventures. (Paul Sawyers / Venture Beat)

Related: Security Week, PR Newswire, PitchBook

Israeli automotive cybersecurity and data management company Upstream Security announced that it had received a strategic investment from BMW i Ventures, BMW’s venture capital fund.

Although the amount of the investment was not disclosed, it will be added to the $62 million raised in its most recent Series C round. (Just Auto)

Related: cTech, PR Newswire

Audubon Companies, engineering, procurement, fabrication, and construction provider, announced its strategic investment in a new start-up affiliate, Armexa, a next-generation industrial cybersecurity company.

Founded by industrial cybersecurity experts Jacob Marzloff and Eric Forner, Armexa delivers end-to-end cybersecurity solutions that protect critical operational technology (OT) and industrial control system (ICS) environments against cyber risks to maintain resiliency revenue-generating operations. (Business Wire)

Photo by Endobariatric Endohospital on Unsplash