The Qualcomm Life Capsule Datacaptor Terminal Server and the Becton Dickinson Alaris TIVA Syringe Pump allow remote access without authentication.

An attacker could escalate privileges on the server, further penetrating the network, harvesting customer information or mounting credible social-engineering campaigns.

In testing, an Internet of Things (IoT) botnet of large, power-consuming appliances was used to carry out coordinated attacks on the energy grid.

Respondents in a survey from Venafi said they believe voting machines, encrypted communications from polling stations and databases that store voter registration data are all vulnerable.

The Threatpost team debriefs on the top news and topics from last week’s Black Hat and DEF CON conferences.

The Vote Hacking Village invited attendees – including kids as young as six – to hack the voting infrastructure, including ballot machines, a voter database and more.

LAS VEGAS – In recent years there has been more attention paid to the security of medical devices; however, there has been little security research done on the unique protocols used by these devices. Many of the insulin pumps, heart monitors and other gadgets found in hospital rooms use aging protocol to communicate with nurses’...

More than a dozen flaws in smart-city gear could open the door to attackers bent on sowing public panic, according to IBM X-Force.

Government entities and educational institutions in the Middle East are under attack in an ongoing credential-harvesting campaign.

Vectra’s 2018 Spotlight Report found that attackers can easily spy, spread and steal information, largely unhindered by the insufficient internal access controls that are in place.