IOActive may not be a household name but you almost certainly know its work.
The Seattle-headquartered company has been behind some of the most breathtaking hacks in the past decade. Its researchers have broken into in-flight airplanes from the ground and reverse engineered an ATM to spit out gobs of cash. One of the company’s most revered hackers discovered a way to remotely shock a pacemaker out of rhythm. And remember that now-infamous hack that remotely killed the engine of a Jeep? That was IOActive, too.
If it’s connected, they will bet that they can hack it.
IOActive has made a name for itself with its publicly reported findings, [...]
Homeland Security’s cyber agency says it has tested a working exploit for the BlueKeep vulnerability, capable of achieving remote code execution on a vulnerable device.
To date, most of the private exploits targeting BlueKeep would have triggered a denial-of-service condition, capable of knocking computers offline. But an exploit able to remotely run code or malware on an affected computer — an event feared by government — could trigger a similar global incident similar to the WannaCry ransomware attack in 2017.
The Cybersecurity and Infrastructure Security Agency (CISA) confirmed in an alert Monday it had used BlueKeep to remotely run code on a [...]
A hospital infusion pump widely used in hospitals and medical facilities has critical security flaws that allow it to be remotely hijacked and controlled, according to security researchers.
Researchers at healthcare security firm CyberMDX found two vulnerabilities in the Alaris Gateway Workstation, developed by medical device maker Becton Dickinson.
Infusion pumps are one of the most common bits of kit in a hospital. These devices control the dispensing of intravenous fluids and medications, like painkillers or insulin. They’re often hooked up to a central monitoring station so medical staff can check on multiple patients at the same [...]
Google will now allow iPhone and iPad owners to use their Android security key to verify sign-ins, the company said Wednesday.
Last month, the search and mobile giant said it developed a new Bluetooth-based protocol that will allow modern Android 7.0 devices and later to act as a security key for two-factor authentication. Since then, Google said 100,000 users are already using their Android phones as a security key.
Since its debut, the technology was limited to Chrome sign-ins. Now Google says Apple device owners can get the same protections without having to plug anything in.