Infosec Weekly Round-up May 14 – 20 , 2012

Attack Surface: Healthcare and Public Health Sector

US Department of Homeland Security Issues Warning on Medical Device Threats.

“This Bulletin highlights how the portability and remote connectivity of MDs introduce additional risk into Medical IT networks and failure to implement a robust security program will impact the organization’s ability to protect patients and their medical information from intentional and unintentional loss or damage.”

http://www.kslaw.com/library/publication/HH051412_Bulletin.pdf

ZTE confirms security hole in U.S. phone

“ZTE, the world’s No.4 handset vendor and one of two Chinese companies under US scrutiny over security concerns, said one of its mobile phone models sold in the United States contains a vulnerability that researchers say could allow others to control the device.”

http://www.iol.co.za/scitech/technology/security/security-hole-found-in-us-phone-1.1299640

IBM Research domain hacked and defaced

“Hacker collective group dubbed Kosova Hacker Security or in other word KHS targeted IT giant & multinational technology and consulting corporation IBM.”

http://thehackernews.com/2012/05/ibm-research-domain-hacked-and-defaced.html

Iranian Hackers Compromise NASA SSL Certificate, Agency Investigates

“On May 16, a group of Iranian hackers and programmers operating under the name of Cyber Warriors Team claimed to have compromised an SSL certificate issued to the Research and Education Support Services of NASA. “

http://news.softpedia.com/news/Iranian-Hackers-Compromise-NASA-SSL-Certificate-Agency-Investigates-270552.shtml

The Common Vulnerability Reporting Framework (CVRF)

“The ICASI Common Vulnerability Reporting Framework (CVRF) is an XML-based language that enables different stakeholders across different organizations to share critical security-related information in a single format, speeding up information exchange and digestion. CVRF is a common and consistent framework for exchanging not just vulnerability information, but any security-related documentation. CVRF Version 1.0 was released in May 2011; the current version is CVRF 1.1, released in May 2012.”

http://www.icasi.org/cvrf

That’s all for this week, if you have more information security news please to share them with our readers by sending emails or using the contact form.

Share