A look at some of the top stories from this past week in the world of automotive, IoT, Industry 4.0, and Enterprise Edge product cybersecurity.
Hacker Pleads Guilty to Crafting Sartori Botnet that Infected Hundreds of Thousands of IoT Devices (Ars Technica)
A 21-year-old Washington man and two co-conspirators confessed to creating Sartori and two other botnets that infected more than 800,000 devices, including 32,000 devices belonging to a large Canadian ISP. The trio also sold denial of service attacks to the highest bidder.
New Malware “BRATA” Targets Brazil-based Android Devices - By Posing as a WhatsApp Update (SC Magazine)
The malware poses as a patch meant to fix a buffer overflow vulnerability in WhatsApp that can allow a remote code execution attack. More than 20 variants have been found so far.
Flaw Affecting Supermicro X9-X11 Servers Opens the Door to Remote Attacks (threatpost)
Researchers say the bug allows attackers to attain credentials for the server’s baseboard management controllers, giving them “virtually omnipotent control over a server and its contents.”
New Advisory Issued for Change Healthcare Cardiology Devices After Vulnerability Found (US Govt)
Warning from the US Department of Homeland Security says that flaws in cardiology machines could allow attackers with local system access to execute unauthorized arbitrary code.
Vulnerability Allows Remote Code Execution Attacks on EZAutomation EZPLC (Zero Day Initiative)
The flaw requires a user to visit a malicious page or open a dangerous file, and results from improper validation of user-supplied data.
Flaw in Philips HDI Ultrasound System Could Allow Hackers Access to Patient Images, Personal Data (Security Newspaper)
The flaw requires a user to visit a malicious page or open a dangerous file, and results from improper validation of user-supplied data.