Security

Juniper Networks has issued an update after finding hardcoded credentials had been left in some of its datacenter switches.

The exposed login, designated CVE-2019-0034, was found in the Junos Network Agent, a software tool used to manage sensors and other devices that monitor network performance. Specifically, hardcoded credentials were found in Google gRPC, a component used with the Junos Telemetry Interface.

A backdoor discovered in MyCar, a smartphone app that awards old vehicles some degree of connected-car tech and capabilities, has recently been unearthed. The vulnerability, which was recently patched, enabled attackers to read telemetrics and even send commands to an unsuspecting vehicle without needing the owner's credentials.

A team of security researchers at Ben-Gurion University's Cyber Security Research Centre in Israel claim to have created proof-of-concept malware that can alter computed tomography (CT) scans making it appear as if a sick patient is healthy or that a healthy patient has cancer.

The aim of the research was to draw attention to cybersecurity issues associated with networked medical equipment, and to show how attackers can use malicious programmes to dupe doctors into misdiagnosing patients.

A wave of DNS hijacking attacks that abuse Google's cloud computing service is causing consumer routers to connect to fraudulent and potentially malicious websites and addresses, a security researcher has warned.

Hackers have demonstrated some worrisome ways to manipulate and confuse the various systems on a Tesla Model S. Their most dramatic feat: sending the car careening into the oncoming traffic lane by placing a series of small stickers on the road.

Attack vector: This an example of an “adversarial attack,” a way of manipulating a machine-learning model by feeding in a specially crafted input. Adversarial attacks could become more common as machine learning is used more widely, especially in areas like network security.

More cybersecurity professionals believe that artificial intelligence can improve security now more than ever before, because it can draw on the ever-growing amount of data captured and analysed from the internet of things.

According to a study by BlackBerry Cylance, titled Security Gets Smart with AI, cyber defence, malware prevention and advanced threat detection will be key uses for AI in future.

Medical gear maker Medtronic is once again at the center of a hacker panic storm. This time, a number of its heart defibrillators, implanted in patients' chests, can, in certain circumstances, be wirelessly hijacked and reprogrammed, perhaps to lethal effect.

The Police Federation of England and Wales (PFEW) today said it fell victim to an attack on 9 March, and said it had put steps in place to isolate the impact and reduce the risk of it spreading.

“There is no evidence at this stage that any data was extracted from our systems, but this cannot be discounted,” the organisation said in a tweet.

A scan of billions of files from 13 percent of all GitHub public repositories over a period of six months has revealed that over 100,000 repos have leaked API tokens and cryptographic keys, with thousands of new repositories leaking new secrets on a daily basis.

The scan was the object of academic research carried out by a team from the North Carolina State University (NCSU), and the study's results have been shared with GitHub, which acted on the findings to accelerate its work on a new security feature called Token Scanning, currently in beta.

Facebook has mined a lot of data about its users over the years—relationships, political leanings, and even phone call logs. And now it appears Facebook may have inadvertently extracted another bit of critical information: users' login credentials, stored unencrypted on Facebook's servers and accessible to Facebook employees.