GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for “Setup and Activation” using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability.
Monthly Archives: August 2015
CVE-2014-9736 (centricity_clinical_archive_audit_trail_repository)
GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststore; and atna for the (4) primary storage database and (5) archive storage database, which has unspecified impact and attack vectors.
UK Government is addressing SMB cyber security needs, but are you doing enough?
The scheme will offer micro, small and medium sized businesses up to £5,000 for specialist advice to boost their cyber security and protect new business ideas and intellectual property.
The initiative will also enable firms to access services from the UK cyber security industry, and help them to adopt Cyber Essentials, a government-backed, industry supported scheme to help organisations protect themselves against common cyber-attacks.
With small businesses still guilty of underestimating how valuable their data is to the global, cybercriminal network, I fully support the initiative and would advise any small business to take advantage of the offer. In the UK, many small businesses are still not investing significantly in cyber security measures – recent government figures suggest SMEs with 100 or more employees spend about £10,000 per year, while the smallest firms spend as little as £200.
It’s clear that more guidance is needed, and with so many resources now available there is no reason not to be better informed. I wonder if this news has prompted you to consider your own cyber security needs and if so, how many of you plan to sign up?
It would be great to see similar schemes rolled out beyond the UK, and I fully expect this will happen as security continues to rise further up the news agenda. For those not eligible for schemes such as this, I would advise you to adhere to the following best practices:
- Educate your staff via in-person training sessions and by providing regularly updated resources on the threats landscape
- Always make sure your customer data is stored in an encrypted database
- Require multiple levels of passwords to access any database storing customer information; and change these passwords frequently
- Regularly run background checks on employees handling customer data
- Make sure to have malware detection software running on both your servers (hosted or not) and workstations and that it, and your operating systems, are regularly patched and updated
- Review and implement the standard network security health check controls
- Make sure your Crisis Management or Disaster Plan (which you should also have) includes a data breach plan
With the volume and scope of small business security threats on the rise, SMEs simply cannot afford to wait and risk becoming the next breach we read about in the morning papers. It’s great to see that government is taking further steps to address the cyber security issues SMBs face, but it’s an issue we all need to address – both as businesses and employees.
For more information on keeping your business safe, visit the AVG Business website.
Hackers Can Seize Control Of Electric Skateboards And Toss Riders
Hackers Target Internet Address Bug To Disrupt Sites
Hackers Use Yahoo Ad Network To Spread Malware To Millions
0-Day Bug In Macs Comes Under Active Exploit
RHBA-2015:1542-1: unixODBC bug fix update
Red Hat Enterprise Linux: Updated unixODBC packages that fix one bug are now available for Red Hat
Enterprise Linux 7.
RHBA-2015:1541-1: Satellite 5.7 bug fix update
RHN Satellite and Proxy: Updated cobbler, osa-dispatcher, satellite-schema, spacewalk-backend,
spacewalk-java and spacewalk-schema packages that fix several bugs and add one
enhancement are now available for Red Hat Satellite 5.7.
Hackers exploit OS X zero-day vulnerability
Hackers have exploited a zero-day vulnerability in the latest version of Apple’s OS X.
The post Hackers exploit OS X zero-day vulnerability appeared first on We Live Security.