FDA Issues Cybersecurity Warning for Medical Devices

Infosecurity | October 03, 2019

FDA Issues Cybersecurity Warning for Medical Devices
The US Food and Drug Administration (FDA) issued a warning on Tuesday over vulnerabilities detected in decades-old software being used by many medical devices and hospital networks. The 11 vulnerabilities exist in IPnet, a third-party software component that supports network communications between computers. If exploited, the vulnerabilities could allow hackers to remotely control a medical device, change its function, obstruct service, or trigger information leaks that could stop it from working. Makers of the original IPnet software, Interpeak, no longer support it, but some manufacturers have a license to use it without support, meaning it could be incorporated into other software applications, equipment, and systems still in use in medical devices.

Spotlight

Cybercrime netted a whopping $450 billion in profits last year, with 2 billion records lost or stolen worldwide. Security expert Caleb Barlow calls out the insufficiency of our current strategies to protect our data. His solution? We need to respond to cybercrime with the same collective effort as we apply to a health care crisis, sharing timely information on who is infected and how the disease is spreading. If we're not sharing, he says, then we're part of the problem.

Related News

DATA SECURITY

ISARA, Carillon and Crypto4A Partnership enables a world first Canadian fully integrated Quantum-Safe Now PKI solution

Crypto4A | October 23, 2021

Crypto4A Technologies Inc., ISARA Corp., and Carillon Information Security Inc. today announced their partnership agreement focused on providing organizations with a next generation Quantum Safe NowTM Public Key Infrastructure (PKI) solution. The Quantum-Safe Now™ PKI solution integrates ISARA's Radiate Quantum-safe Toolkit and Catalyst Agile Digital Certificate Methodology, which provide hybrid crypto-agility, with Carillon's world class PKI CertServ ID Management Suite operating on Crypto4A's QxEDGE™ and QxCloud™ Hybrid Security Platform (HSP). By working together, the three Canadian organizations provide a world first quantum safe PKI solution running on purpose-built hybrid crypto-agile hardware. As part of the partnership, the companies intend to develop and market seamless, easy to use quantum-safe PKI cryptographic solutions that ease digital transformations, enable cryptographic agility and simplify cryptographic management. Today's connected economies, identity based digital transformations, DevSecOps teams and cloud-based deployments require new cryptographic capabilities based on quantum-safe software and hardware to provide enterprises with the forward agility, seamless access, security and controls required for cloud, edge, and end user environments. "ISARA's suite of proven crypto-agile capabilities effectively complements the proven capabilities of both Carillon's PKI software and Crypto4A's hardware based crypto-agility resulting in a more robust and easier to use Quantum-Safe Now™ PKI solution. Our approach is to enable customers to discover and manage their cryptographic capabilities in an agile, quantum-safe and trusted way. Our collective experiences, knowledge and integrated Quantum Safe Now™ PKI solution de-risks digital transformations and migrations to address the evolving security requirements for today and tomorrow," said Scott Totzke, CEO and Co-founder at ISARA. Identity based digital environments, applications and relationships rely on cryptography for their trust, innovation, security and privacy. By working with ISARA and Carillon, we demonstrate the power of the Canadian cryptography industry to elevate the original PKI architecture as well as demonstrate the agile capabilities of our FPGA based QxTrust Architecture™(QxTA™). As progress is made in better cloud and edge security, privacy and data management, new requirements are emerging that place material stress on the foundations of today's cryptographic hardware. This new collaborative offering helps to remove some of these stresses and represents our approach to cooperation John Scott, CEO of Crypto4A "We are excited to be partnering with Crypto4A and ISARA on this common PKI initiative. The experience that they both bring from a cryptography and an engineering perspective, provides Carillon and its customers with an integrated approach to an agile Quantum Safe Now™ PKI solution. Quantum Safe Now™ demonstrates our ongoing commitment to meet the emerging needs of the connected enterprise for innovation with digital trust", said Patrick Patterson, President and Chief PKI Architect of Carillon. About Radiate™ Quantum-safe Toolkit and Catalyst Agile Digital Certificate Methodology The ISARA Radiate™ Quantum-safe Toolkit is a high-performance, lightweight, standards-based quantum-safe software development kit, built for developers who want to test and integrate next-generation post-quantum cryptography into their commercial products. ISARA Catalyst™ Agile Digital Certificate Methodology enables a seamless, cost-effective and simplified migration to quantum-safe security today to protect investments in durable connected devices and the Internet of Things (IoT) and complex public key infrastructures with no impact to end-users. Catalyst certificates support two cryptographic algorithms within a single certificate and can support both classic and quantum-safe public keys and signatures. About CertServ ID Management Suite CertServ ID Management Suite is the first, single technology PKI platform that is designed with the users in mind. It offers a simple, easy to use, easy to deploy series of components that facilitate all aspects of PKI credential management. From devices to people, hardware or software-based credentials are simple to issue, manage, and maintain. About QxEDGETM and QxCloudTM QxEDGETM and QxCloud™ HSP's provide a suite of next generation capabilities that are an alternative to traditional HSM capabilities. Architected to be native for quantum-safe crypto-agility in cloud, zero trust and remote working environments. QxEDGETM and QxCloud™ enable the adoption of hybrid certificate techniques and post quantum cryptographic algorithms, ensuring cost and security effective crypto-agility for identity-based application environments. About ISARA ISARA, with its knowledge and experience in cybersecurity over the years, is a global leader in crypto-agile technologies and quantum-safe security solutions that can continue to protect current computing ecosystems into the quantum age. Capitalizing on know-how garnered in using agile methods to develop these cryptography implementation and public key authentication technologies, ISARA will target the development of crypto agility and quantum-safe security solutions compliant with the international standardization of quantum secure cloud technology. About Carillon Information Security Carillon Information Security Inc. provides a complete spectrum of identity management solutions that are designed to prevent identity theft, promote the migration from paper to electronic authentication, and avoid the loss of intellectual property. From consulting services, to credential issuance and validation software to managed identity services, Carillon can provide the skill sets and tools to help companies take control of their corporate digital credentials. About Crypto4A Crypto4A QxTrust Architecture™(QxTA™) helps enable crypto agility for Zero Trust environments. Developed by founders who created previous crypto key and HSM architectures, our patented QxTA™ helps secure and accelerate digital transformations, cloud migrations and crypto-agility by deploying, managing and protecting digital keys, workloads, data and applications from anywhere in the world.

Read More

Axis Security named a winner among the Top 100 Cybersecurity Startups for 2020

prnewswire | August 03, 2020

Axis Security, the secure application access company, today announced that is has been named a Top 100 Cybersecurity Startup for 2020.Axis Security competed against many of the industry's hot startups in cybersecurity for this prestigious award. Cyber Defense Magazine searched the globe and found over 3200 cybersecurity companies with nearly 30% in the startup range having been incorporated within the last 36 months or releasing their first round of innovative cybersecurity products and services. "We're pleased to name Axis Security as a winner among the Top 100 Cybersecurity Startups for 2020 in our second annual Black Unicorn awards. This award showcases those companies like Axis Security with this kind of incredible potential in the cybersecurity marketplace.

Read More

SOFTWARE SECURITY

midmarket businesses, NormCyber has launched Cyber Security and Data Protection as a Service offerings.

NormCyber | March 10, 2021

NormCyber, a main supplier of oversaw network safety and information insurance administrations, today reported the presentation of its Cyber Security and Data Protection as a Service arrangements. Planned explicitly to address the security and individual information difficulties of midmarket associations, the two administrations offer degrees of insurance and ability which are generally simply available to endeavors, for around 33% of the expense of an in-house arrangement. Digital protection as a Service from standard. unites the three mainstays of a powerful digital safeguard technique – individuals, interaction and innovation – and gives clients close to ongoing perceivability of their digital related danger through its online client entry. The help consolidates innovation from worldwide network protection pioneers like FireEye, Fortinet and Qualys, digital mindfulness and phishing preparing from CybSafe, and accreditation to Cyber Essentials or Cyber Essentials Plus. CSaaS can be conveyed inside merely days, and is offered for one month to month membership expense. Information Protection as a Service is a virtual DPO offering driven by a completely qualified information insurance legal advisor. Accessible as either a Basic or Premium assistance, it underpins clients in accomplishing consistence with the GDPR and other information assurance laws, just as assisting them with cultivating believed, reasonable associations with clients and partners by showing their obligation to ensuring singular security rights. "Midmarket organisations have traditionally been underserved and underrepresented when it comes to both cyber security and data protection," said Pete Bowers, COO at NormCyber. "Regarded as too complex and expensive for many, these companies have had to either make do with a limited selection of point products, or simply hope that a breach will never happen to them. We don't think it should be that way, which is why we developed both of these services to deliver the levels of protection they need, without the cost, resource and stress burden that they would rather do without"

Read More

Spotlight

Cybercrime netted a whopping $450 billion in profits last year, with 2 billion records lost or stolen worldwide. Security expert Caleb Barlow calls out the insufficiency of our current strategies to protect our data. His solution? We need to respond to cybercrime with the same collective effort as we apply to a health care crisis, sharing timely information on who is infected and how the disease is spreading. If we're not sharing, he says, then we're part of the problem.