CISA Issues Warning on Critical Vulnerabilities Found in Illumina’s DNA Sequencing Devices - 1

CISA Issues Warning on Critical Vulnerabilities Found in Illumina’s DNA Sequencing Devices

  • Written by Ari Denial Cybersecurity & Tech Writer

An Industrial Control Systems (ICS) medical advisory has been issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) regarding a severe vulnerability affecting medical devices manufactured by Illumina.

In a warning issued, the Cybersecurity and Infrastructure Security Agency (CISA) has cautioned that Illumina’s medical devices contain a severe vulnerability that could enable an unauthorized individual to upload and execute code at the operating system level remotely.

This could potentially lead to unauthorized access to sensitive data, manipulation of settings, configurations, and software. Illumina, a California-based medical technology firm that specializes in developing and producing advanced bioanalysis and DNA sequencing machines, has its devices utilized for DNA sequencing in various settings, such as clinical, research, academic, biotech, and pharmaceutical environments across 140 countries.

The FDA has issued an advisory stating that Illumina has notified its affected customers to check their medical devices for any indication of exploitation of the recently discovered vulnerabilities.

One of the vulnerabilities (CVE-2023-1968) is deemed critical and could enable remote attackers to bind to exposed IP addresses, potentially leading to unauthorized access to network traffic and finding more vulnerable hosts within the network.

Additionally, some of these devices, which can operate in either clinical diagnostic mode or RUO mode, have been labeled “For Research Use Only. Not for use in diagnostic procedures.” Some labs may utilize them for clinical diagnostic purposes, despite being intended for research use only.

Illumina has identified two vulnerabilities in its software, with the first flaw allowing for modification of settings, sending of commands, and possible unauthorized data access. The second flaw permits UCS users to execute commands with heightened privileges.

Devices and software versions not listed are unaffected by these vulnerabilities. Illumina has released a bulletin detailing the necessary steps to be taken based on the product and system configuration.

To address the vulnerabilities in Illumina’s medical devices, recommended actions include updating system software using product-specific installers, configuring UCS account credentials, and closing firewall ports.

Additionally, CISA advises users to minimize control system exposure to the internet, using firewalls to isolate them from the wider network and employing VPNs for remote access .

ViperSoftX Malware Expands Targets to Include Password Managers in Information Theft Scheme - 2

ViperSoftX Malware Expands Targets to Include Password Managers in Information Theft Scheme

  • Written by Ari Denial Cybersecurity & Tech Writer

The ViperSoftX malware, known for stealing information primarily related to cryptocurrencies, gained notoriety in 2022 for hiding malicious code within log files.

However, since its initial discovery in November, the malware has evolved to include the use of DLL sideloading for its arrival and execution, along with a more sophisticated encryption method of byte remapping and monthly rotation of command-and-control servers. This new update makes decryption and analysis of the shellcode more challenging for analysts, as the correct byte map is necessary for proper decryption.

Researchers from Trend Micro have recently reported that ViperSoftX, an information-stealing malware that was first discovered in 2020, has expanded its focus beyond just cryptocurrencies. The malware is now targeting additional cryptocurrency wallets and browsers such as Brave, Edge, Opera, and Firefox, as well as password managers.

The latest version of the malware also features stronger code encryption and new evasion techniques to bypass security software. According to Trend Micro’s analysis, the malware has affected both the consumer and enterprise sectors, with the majority of the victims located in the US, Japan, Italy, Taiwan, Australia, Malaysia, Taiwan, France, and India.

According to the analysts’ findings, the malware usually enters systems disguised as benign software such as software cracks, activators, or key generators.

Avast’s documentation of the version revealed that VenomSoftX had aimed for various cryptocurrency wallets such as Binance, eToro, Kucoin, Blockchain, Coinbase, Kraken, and Gate.io.

Trend Micro’s report highlights that ViperSoftX has become more concerning, as the malware is now targeting two password managers, specifically 1Password and KeePass 2, in an effort to extract sensitive data saved within their browser extensions.

The latest version of ViperSoftX includes anti-detection, anti-analysis, and stealth features such as DLL sideloading, virtualization and monitoring tool checks, byte mapping encryption, and a new communication blocker to avoid C2 infrastructure analysis and detection.