What Ails Our Healthcare Systems?
|
|
- Loren Rich
- 6 years ago
- Views:
Transcription
1 SESSION ID: FLE-F04 What Ails Our Healthcare Systems? Minatee Mishra Sr. Group Leader Product Security, Philips Jiggyasu Sharma Technical Specialist Product Security, Philips
2 Digital revolution in Healthcare Courtesy: futureforall.org 2
3 The new medical devices ecosystem North America IoT in Healthcare Market, in (USD Billion) Courtesy: 3
4 Hacker s favorite target Courtesy: 4
5 Reasons for the topping the charts 5
6 Healthcare Hacks Courtesy: media.graytvinc.com, ilookbothways.com 6
7 Case Studies Case Study 1: Hacking IoT. Goal : Get sensitive information.
8 Case Study: 1 Hacking into Medical device hardware Architecture: Medical Device Mobile Application Back End Server 8
9 IoT possible entry points: Reconnaissance Communication Channel Communication Protocols CUSTOM Application Interfaces Hardware Interfaces 9
10 Attack surfaces (for IoT Hardware) Hardware interfaces JTAG pins (Identified) MCU (Identified) Firmware Possibly unencrypted file system EEPROM (Identified) Information (Patient data, Server ID & Device ID) Credentials (Hardcoded Credentials and Keys) JTAG Pins EEPROM MCU 10
11 Attack Scenario Tapping through ports (JTAG) Getting a Shell/ Connect to port through (JTAG) Reading the Firmware/Assembly Failed: Due to read out protection Dumping the file system Failed: Due to read out protection Exporting information from file system Failed: Due to read out protection Updating the Firmware/file system Failed: Due to read out protection Reading the EEPROM chip Read through programmers Success 11
12 Attack Impact Significant findings: Sensitive information leaked (patient information) Hardcoded Keys found on the device 12
13 Demo 13
14 Mitigations Encrypt sensitive information Never hardcode credentials/keys 14
15 Case Studies Case Study 2: Rogue Bluetooth. Goal: Manipulate data from the device.
16 Rogue Bluetooth device Architecture: IoT Device Mobile Application Back End Server 16
17 Attack surfaces ( for Bluetooth) Pairing mechanism MitM attack Exposed services 17
18 Attack Scenario Discover the Bluetooth device to attack Tap into GATT interface of device Connect to device and read characteristics Modify the characteristics value 18
19 Attack Impact DoS the Bluetooth device Sniff the information through Characteristics Connect, control and command the Bluetooth device 19
20 Demo 20
21 Mitigations Secure configuration 21
22 Case Studies Case Study 3: Mobile App and Backend Server hacking. Goal : Backend server takeover.
23 Case Study: 3 Compromising Server through Mobile App Architecture: Medical Device Mobile Application Back End Server 23
24 Attack surfaces (for Mobile Application & Backend Server) Mobile Application Insecure data storage Broken Cryptography Hardcoded secrets (credentials/keys/ip ).. Server ports and services Weak authentication Injection attacks Vulnerable services.. 24
25 Attack Scenario Reverse engineering the mobile application Find the server related information Find the services to communicate to server Exploit the vulnerable services on server Server take over Game Over!! 25
26 Attack Impact Server take over by the attacker Possibilities are plenty Family of Devices can be compromised over the internet Risk to the whole network Backdoors can be installed Malware/Ransomware can be planted Access to the whole database of sensitive information... 26
27 Demo 27
28 Mitigations Encrypt sensitive information Never hardcode credentials/keys Patch systems 28
29 What Device Manufacturer should do?
30 What Device Manufacturer should do? Development The 3 deadly sins: Default or hardcoded credentials/keys. None/improper patch strategy No encryption at rest and transit. The Virtue: No system can be perfect BUT remember to make the update strategy fool proof. During update ensure to support Secure update. Digitally sign the upgrade package. 30
31 What Device Manufacturer should do? Process Security Governance and Management Risk Management Framework Training and Awareness Vendor Management Secure Development Incident Management Post Market Surveillance Responsible Disclosure 31
32 Takeaways Healthcare ecosystem is getting connected and pervasive. Healthcare is a top target of hackers. Secure the ecosystem: secure the entire chain from the IoT to the backend server. Remember the 3 deadly sins and a virtue. Security Governance and management 32
33 Food for thought? Hacking in Progress Courtesy: 33
34 Special Thanks Android apps: Kartik Lalan, Philips. Bluetooth Device: P.N. Aravinda, Philips. Security Center of Excellence, Philips HealthTech. 34
35 Questions THANK YOU 35
What someone said about junk hacking
What someone said about junk hacking Yes, we get it. Cars, boats, buses, and those singing fish plaques are all hackable and have no security. Most conferences these days have a! whole track called "Junk
More informationW e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s
W e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s Session I of III JD Nir, Security Analyst Why is this important? ISE Proprietary Agenda About ISE Web Applications
More informationTHE NEW LANDSCAPE OF AIRBORNE CYBERATTACKS
SESSION ID: MBS-W04 THE NEW LANDSCAPE OF AIRBORNE CYBERATTACKS Nadir Izrael CTO & Co-Founder Armis, Inc. Ben Seri Head of Research Armis, Inc. Placeholder Slide: Image of spread of infection Placeholder
More informationOWASP Broken Web Application Project. When Bad Web Apps are Good
OWASP Broken Web Application Project When Bad Web Apps are Good About Me Mordecai (Mo) Kraushar Director of Audit, CipherTechs OWASP Project Lead, Vicnum OWASP New York City chapter member Assessing the
More informationIRL: Live Hacking Demos!
SESSION ID: SBX2-R3 IRL: Live Hacking Demos! Omer Farooq Senior Software Engineer Independent Security Evaluators Rick Ramgattie Security Analyst Independent Security Evaluators What is the Internet of
More informationPatient Information Security
Patient Information Security An overview of practice and procedure UK CAB Meeting 13th April 2012 Nathan Lea Senior Research Associate CHIME, UCL Overview - Questions that have been asked What happens
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More informationMOBILE THREAT LANDSCAPE. February 2018
MOBILE THREAT LANDSCAPE February 2018 WHERE DO MOBILE THREATS COME FROM? In 2017, mobile applications have been a target of choice for hackers to access and steal data, with 86% of mobile threats coming
More informationFrequently Asked Questions WPA2 Vulnerability (KRACK)
Frequently Asked Questions WPA2 Vulnerability (KRACK) Release Date: October 20, 2017 Document version: 1.0 What is the issue? A research paper disclosed serious vulnerabilities in the WPA and WPA2 key
More informationhidden vulnerabilities
hidden vulnerabilities industrial networks in 30 minutes Cyber Security introduction Frank Kemeling Certified Ethical Hacker [CEH] EC-Council Certified Security Analyst [ESCA] Licensed Penetration Tester
More informationConnected Medical Devices
Connected Medical Devices How to Reduce Risks Inherent in an Internet of Things that Can Help or Harm Laura Clark Fey, Esq., Principal, Fey LLC Agenda Overview of the Internet of Things for Healthcare
More informationMitigating Security Breaches in Retail Applications WHITE PAPER
Mitigating Security Breaches in Retail Applications WHITE PAPER Executive Summary Retail security breaches have always been a concern in the past, present and will continue to be in the future. They have
More informationSECURITY OF VEHICLE TELEMATICS SYSTEMS. Daniel Xiapu Luo Department of Computing The Hong Kong Polytechnic University
SECURITY OF VEHICLE TELEMATICS SYSTEMS Daniel Xiapu Luo Department of Computing The Hong Kong Polytechnic University 1 2 3 TELEMATICS 4 TELEMATICS 5 OBD-II On-Board Diagnostic Perform emissions related
More informationAddressing the elephant in the operating room: a look at medical device security programs
Addressing the elephant in the operating room: a look at medical device security programs Ernst & Young LLP Presenters Michael Davis Healthcare Leader Baltimore +1 410 783 3740 michael.davis@ey.com Esther
More informationMobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing
Mobile Malfeasance Exploring Dangerous Mobile Code Jason Haddix, Director of Penetration Testing Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to
More informationHP 2012 Cyber Security Risk Report Overview
HP 2012 Cyber Security Risk Report Overview September 2013 Paras Shah Software Security Assurance - Canada Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationWireless LAN Security (RM12/2002)
Information Technology in Education Project Reference Materials Wireless LAN Security (RM12/2002) Infrastructure Division Education Department The Government of HKSAR www.ited.ed.gov.hk December 2002 For
More informationWhy bother? Causes of data breaches OWASP. Top ten attacks. Now what? Do it yourself Questions?
Jeroen van Beek 1 Why bother? Causes of data breaches OWASP Top ten attacks Now what? Do it yourself Questions? 2 In many cases the web application stores: Credit card details Personal information Passwords
More informationWhen Hardware Attacks. Marc Witteman
When Hardware Attacks scale Marc Witteman Croatian Summer school 2017 Attack exploitation space: time vs distance Remote software protocol key brute force Fast relay attack mitm side channel Slow Hardware
More informationSECURITY TESTING. Towards a safer web world
SECURITY TESTING Towards a safer web world AGENDA 1. 3 W S OF SECURITY TESTING 2. SECURITY TESTING CONCEPTS 3. SECURITY TESTING TYPES 4. TOP 10 SECURITY RISKS ate: 2013-14 Few Security Breaches September
More informationSecurity in NFC Readers
Security in Readers Public Content and security, a different kind of wireless Under the hood of based systems Enhancing the security of an architecture Secure data exchange Information security goals Cryptographic
More informationExecutive Insights. Protecting data, securing systems
Executive Insights Protecting data, securing systems February 2018 Protecting data, securing systems Product and information security is a combination of education, policies and procedures, physical security
More informationNetwork Access Control and VoIP. Ben Hostetler Senior Information Security Advisor
Network Access Control and VoIP Ben Hostetler Senior Information Security Advisor Objectives/Discussion Points Network Access Control Terms & Definitions Certificate Based 802.1X MAC Authentication Bypass
More informationHacking challenge: steal a car!
Hacking challenge: steal a car! Your "local partner in crime" Sławomir Jasek IT security expert since 2005, and still loves this job Agenda BLE vs security How to hack the car New tool Vulnerabilities
More informationOWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati
OWASP TOP 10 2017 Release Andy Willingham June 12, 2018 OWASP Cincinnati Agenda A quick history lesson The Top 10(s) Web Mobile Privacy Protective Controls Why have a Top 10? Software runs the world (infrastructure,
More informationProfessional Services Overview
Professional Services Overview Internet of Things (IoT) Security Assessment and Advisory Services IOT APPLICATION MOBILE CLOUD NETWORK Company Overview HISTORY HISTORY Founded in 2010 Headquartered in
More informationEXPLOITING CLOUD SYNCHRONIZATION TO HACK IOTS
SESSION ID: SBX1-R1 EXPLOITING CLOUD SYNCHRONIZATION TO HACK IOTS Alex Jay Balan Chief Security Researcher Bitdefender @jaymzu 2 IoT = hardware + OS + app (+ Cloud) wu-ftpd IIS5.0 RDP Joomla app 3 EDIMAX
More informationCyber Attacks & Breaches It s not if, it s When
` Cyber Attacks & Breaches It s not if, it s When IMRI Team Aliso Viejo, CA Trusted Leader with Solution Oriented Results Since 1992 Data Center/Cloud Computing/Consolidation/Operations 15 facilities,
More informationINNOV-09 How to Keep Hackers Out of your Web Application
INNOV-09 How to Keep Hackers Out of your Web Application Michael Solomon, CISSP PMP CISM Solomon Consulting Inc. www.solomonconsulting.com What is a Web Application? Any access to your data via the Internet
More informationTHE POWER AND RISK OF MOBILE. White paper
THE POWER AND RISK OF MOBILE White paper TABLE OF CONTENTS Executive Summary - 3 Introduction - 4 The Power and Risk of Mobile - 4 Growing Dominance of Android - 5 Best Practices to Develop Secure Mobile
More informationCh 1: The Mobile Risk Ecosystem. CNIT 128: Hacking Mobile Devices. Updated
Ch 1: The Mobile Risk Ecosystem CNIT 128: Hacking Mobile Devices Updated 1-12-16 The Mobile Ecosystem Popularity of Mobile Devices Insecurity of Mobile Devices The Mobile Risk Model Mobile Network Architecture
More informationPenetration testing a building automation system
Penetration testing a building automation system Is your smart office creating backdoors for hackers? IBM X-Force Research Click here to start There is much focus in the IT industry on securing web servers,
More informationWhite Paper. Why IDS Can t Adequately Protect Your IoT Devices
White Paper Why IDS Can t Adequately Protect Your IoT Devices Introduction As a key component in information technology security, Intrusion Detection Systems (IDS) monitor networks for suspicious activity
More informationDissecting Data Breaches. What Keeps Going Wrong?
Dissecting Data Breaches What Keeps Going Wrong? 02 WHO WE ARE Tom Stewart Uriah Robins Senior Manager IT Consulting Protiviti Senior Consultant IT Consulting Protiviti PRESENTATION AGENDA 3 START BREACH
More informationCertified Secure Web Application Engineer
Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),
More informationMedical Device Safety in a Connected World
Mr. Clark Fortney Senior Software Engineer Medical Device Safety in a Connected World IoT Expo June 6-8 2017 1 Clark Fortney My Background 20 years designing systems & software for medical devices at Battelle.
More informationBusiness White Paper. Healthcare IT In The Cloud: Predicting Threats, Protecting Patient Data
Business White Paper Healthcare IT In The Cloud: Predicting Threats, Protecting Patient Data Page 2 of 7 Healthcare IT In The Cloud: Predicting Threats, Protecting Patient Data Table of Contents Page 2
More informationBank Infrastructure - Video - 1
Bank Infrastructure - 1 05/09/2017 Threats Threat Source Risk Status Date Created Account Footprinting Web Browser Targeted Malware Web Browser Man in the browser Web Browser Identity Spoofing - Impersonation
More informationIoT The gift that keeps on giving
IoT The gift that keeps on giving Contributors labs@bitdefender.com Radu Alexandru Basaraba - rbasaraba@bitdefender.com Alexandru Lazar allazar@bitdefender.com Mihai Moldovan - mimoldovan@bitdefender.com
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationDEEP ARMOR. Hands-on Exploitation & Hardening of Wearable and IoT Platforms. Sumanth Naropanth & Sunil Kumar
DEEP ARMOR Hands-on Exploitation & Hardening of Wearable and IoT Platforms Sumanth Naropanth & Sunil Kumar Agenda Technical overview of an IoT/wearable ecosystem Building blocks Communication Protocols
More informationME?
ME? VULNEX: Blog: Twitter: www.vulnex.com www.simonroses.com @simonroses TALK OBJECTIVES Apps are the new Web Peek into current state of Apps security on Markets Bugs will be revealed but not the victims
More informationMOBILE SECURITY OVERVIEW. Tim LeMaster
MOBILE SECURITY OVERVIEW Tim LeMaster tim.lemaster@lookout.com Your data center is in the cloud. Your users and customers have gone mobile. Starbucks is your fall-back Network. Your mobile device is a
More informationIOT SECURITY TOP 20 R E Q U I R E M E N T S
IOT SECURITY TOP 20 R E Q U I R E M E N T S LIST OF IOT SECURITY TOP 20 REQUIREMENTS 1. Provide a manual override for any safety critical operations. 2. Ensure parameters for which a disclosure could lead
More informationNRENs and IoT Security: Challenges and Opportunities. Karen O Donoghue TICAL 2018 Cartagena 4 September 2018
NRENs and IoT Security: Challenges and Opportunities Karen O Donoghue TICAL 2018 Cartagena 4 September 2018 The number of IoT devices and systems connected to the Internet will be more than 5x the global
More informationSECURING DEVICES IN THE INTERNET OF THINGS
SECURING DEVICES IN THE INTERNET OF THINGS EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe consequences, including steep financial losses, damage
More informationThe Android security jungle: pitfalls, threats and survival tips. Scott
The Android security jungle: pitfalls, threats and survival tips Scott Alexander-Bown @scottyab The Jungle Ecosystem Google s protection Threats Risks Survival Network Data protection (encryption) App/device
More information3/3/2017. Medical device security The transition from patient privacy to patient safety. Scott Erven. Who i am. What we ll be covering today
www.pwc.com Medical device security The transition from patient privacy to patient safety Scott Erven Who i am Scott Erven - Managing Director Healthcare Industries Advisory Cybersecurity & Privacy Medical
More informationSECURING DEVICES IN THE INTERNET OF THINGS
SECURING DEVICES IN THE INTERNET OF THINGS WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe consequences, including
More informationThe Attacker s POV Hacking Mobile Apps. in Your Enterprise to Reveal Real Vulns and Protect the Business. Tony Ramirez
The Attacker s POV Hacking Mobile Apps in Your Enterprise to Reveal Real Vulns and Protect the Business Tony Ramirez AGENDA & SPEAKERS Introduction Attacks on Mobile Live Demo Recommendations Q&A Tony
More informationOWASP Thailand. Proxy Caches and Web Application Security. OWASP AppSec Asia October 21, Using the Recent Google Docs 0-Day as an Example
Proxy Caches and Web Application Security Using the Recent Google Docs 0-Day as an Example Tim Bass, CISSP Chapter Leader, Thailand +66832975101, tim@unix.com AppSec Asia October 21, 2008 Thailand Worldwide
More informationAddressing Credential Compromise & Account Takeovers: Bearersensitive. Girish Chiruvolu, Ph.D., CISSP, CISM, MBA ISACA NTX April 19
Addressing Credential Compromise & Account Takeovers: Bearersensitive OTPS Girish Chiruvolu, Ph.D., CISSP, CISM, MBA ISACA NTX April 19 Impact Across Every Industry Phishing: Low Cost, Big Impact for
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationEmbedded/Connected Device Secure Coding. 4-Day Course Syllabus
Embedded/Connected Device Secure Coding 4-Day Course Syllabus Embedded/Connected Device Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted
More informationUART Thou Mad? An Introduction to the UART Hardware Interface. Mickey Shkatov. Toby Kohlenberg
UART Thou Mad? An Introduction to the UART Hardware Interface Mickey Shkatov Toby Kohlenberg 1 Table of Contents Abstract... 2 Introduction to UART... 2 Essential Tools... 4 UART and Security... 5 Conclusion...
More informationBest Practices for VoIP Security
Best Practices for VoIP Security Agenda A brief introduction to REDCOM A short history of phone system hacking VoIP overview VoIP vulnerabilities VoIP Security Standards Risk mitigation methods Conclusion
More informationMBFuzzer - MITM Fuzzing for Mobile Applications
MBFuzzer - MITM Fuzzing for Mobile Applications Fatih Özavcı Mentor of MBFuzer @ yakindanegitim.org fatih.ozavci at gamasec.net gamasec.net/fozavci Scope Yakindan Egitim Project Security Vulnerabilities
More informationAbout The Presentation 11/3/2017. Hacker HiJinx-Human Ways to Steal Data. Who We Are? Ethical Hackers & Security Consultants
November 3, 2017 Hacker HiJinx-Human Ways to Steal Data Who We Are? Ethical Hackers & Security Consultants Respond To Incidents & Breaches Perform Digital Forensic Investigations Data Mine Internet Intelligence
More informationGovernance Ideas Exchange
www.pwc.com.au Anatomy of a Hack Governance Ideas Exchange Robert Di Pietro October 2018 Cyber Security Anatomy of a Hack Cyber Security Introduction Who are the bad guys? Profiling the victim Insights
More informationCompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management
CompTIA Security+ Lecture Six Threats and Vulnerabilities Vulnerability Management Copyright 2011 - VTC Malware Malicious code refers to software threats to network and systems, including viruses, Trojan
More informationWhat are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards
PCI DSS What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards Definition: A multifaceted security standard that includes requirements for security management, policies, procedures,
More informationSECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi
SECURITY ON PUBLIC WI-FI New Zealand A guide to help you stay safe online while using public Wi-Fi WHAT S YOUR WI-FI PASSWORD? Enter password for the COFFEE_TIME Wi-Fi network An all too common question
More informationOmar Alrawi. Security Evaluation of Home-based IoT Deployments
Omar Alrawi Security Evaluation of Home-based IoT Deployments About Us Astrolavos Research Lab at Georgia Tech We specialize in Network Security Measurements Work is presented on behalf of my team Omar
More informationTopics. Ensuring Security on Mobile Devices
Ensuring Security on Mobile Devices It is possible right? Topics About viaforensics Why mobile security matters Types of security breaches and fraud Anticipated evolution of attacks Common mistakes that
More informationCYBERSECURITY. Recent OCR Actions & Cyber Awareness Newsletters. Claire C. Rosston
CYBERSECURITY Recent OCR Actions & Cyber Awareness Newsletters Claire C. Rosston DISCLAIMER This presentation is similar to any other legal education materials designed to provide general information on
More informationMedical device security The transition from patient privacy to patient safety
www.pwc.com Medical device security The transition from patient privacy to patient safety Scott Erven Who i am Scott Erven - Managing Director Healthcare Industries Advisory Cybersecurity & Privacy Medical
More informationDon t blink or how to create secure software. Bozhidar Bozhanov, LogSentinel
Don t blink or how to create secure software Bozhidar Bozhanov, CEO @ LogSentinel About me Senior software engineer and architect Founder & CEO @ LogSentinel Former IT and e-gov advisor to the deputy prime
More informationStop sweating the password and learn to love public key cryptography. Chris Streeks Solutions Engineer, Yubico
1 Stop sweating the password and learn to love public key cryptography Chris Streeks Solutions Engineer, Yubico Stop Sweating the Password! 2 Agenda Introduction The modern state of Phishing How to become
More informationProtect Your Organization from Cyber Attacks
Protect Your Organization from Cyber Attacks Leverage the advanced skills of our consultants to uncover vulnerabilities our competitors overlook. READY FOR MORE THAN A VA SCAN? Cyber Attacks by the Numbers
More informationSecuring Devices in the Internet of Things
AN INTEL COMPANY Securing Devices in the Internet of Things WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe
More informationBuilding Trust in the Internet of Things
AN INTEL COMPANY Building Trust in the Internet of Things Developing an End-to-End Security Strategy for IoT Applications WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Recent security breaches
More informationNIST Cybersecurity Framework Protect / Maintenance and Protective Technology
NIST Cybersecurity Framework Protect / Maintenance and Protective Technology Presenter Charles Ritchie CISSP, CISA, CISM, GSEC, GCED, GSNA, +6 Information Security Officer IT experience spanning two centuries
More informationSHA-1 to SHA-2. Migration Guide
SHA-1 to SHA-2 Migration Guide Web-application attacks represented 40 percent of breaches in 2015. Cryptographic and server-side vulnerabilities provide opportunities for cyber criminals to carry out ransomware
More informationHow Secure is Your Border? An Attack and Penetration Audit Houston IIA Annual Conference
How Secure is Your Border? An Attack and Penetration Audit 2019 Houston IIA Annual Conference Bill Jenkins Manager, One Cyber Background A proven Cyber Security professional providing insights and recommendations
More informationTowards Trustworthy Internet of Things for Mission-Critical Applications. Arjmand Samuel, Ph.D. Microsoft Azure - Internet of Things
Towards Trustworthy Internet of Things for Mission-Critical Applications Arjmand Samuel, Ph.D. Microsoft Azure - Internet of Things Internet of Things is a game changer Organizations are benefiting from
More informationSolutions Business Manager Web Application Security Assessment
White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security
More informationZimperium Global Threat Data
Zimperium Global Threat Report Q2-2017 700 CVEs per Year for Mobile OS 500 300 100 07 08 09 10 11 12 13 14 15 16 17 Outdated ios Outdated ANDROID 1 of 4 Devices Introduces Unnecessary Risk 1 out of 50
More informationThis ethical hacking course puts you in the driver's seat of a hands-on environment with a systematic process.
EC Council Certified Ethical Hacker V9 This ethical hacking course puts you in the driver's seat of a hands-on environment with a systematic process. Here, you will be exposed to an entirely different
More informationUPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA
UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA ljohnson@ffalaw.com INTRODUCTION Cyber attacks increasing Liability/actions resulting
More informationThe modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.
Automotive The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020. Cars are becoming increasingly connected through a range of wireless networks The increased
More information18-642: Security Pitfalls
18-642: Security Pitfalls 4/18/2018 "On two occasions I have been asked [by members of Parliament]: 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' I am
More informationDelivering High-mix, High-volume Secure Manufacturing in the Distribution Channel
Delivering High-mix, High-volume Secure Manufacturing in the Distribution Channel Steve Pancoast Vice President, Engineering Secure Thingz Inc Rajeev Gulati Vice President and CTO Data IO Corporation 1
More informationSecurity Evaluation of the Implantable Cardiac Device Ecosystem Architecture and Implementation Interdependencies
Security Evaluation of the Implantable Cardiac Device Ecosystem Architecture and Implementation Interdependencies Billy Rios Jonathan Butts, PhD ` May 17, 2017 CONTENTS Introduction... 3 Architecture and
More information6 Vulnerabilities of the Retail Payment Ecosystem
6 Vulnerabilities of the Retail Payment Ecosystem FINANCIAL INSTITUTION PAYMENT GATEWAY DATABASES POINT OF SALE POINT OF INTERACTION SOFTWARE VENDOR Table of Contents 4 7 8 11 12 14 16 18 Intercepting
More informationIOActive Labs: Breaking Embedded Devices
IOActive Labs: Breaking Embedded Devices Mike Davis Joshua Hammond Thomas Kilbride Daniel Schaffner IOActive is the only global security consultancy with a state-of-the-art hardware lab and deep expertise
More informationRESEARCH INSIGHTS. How we are breaking in: Mobile Security. Author: Thomas Cannon
RESEARCH INSIGHTS How we are breaking in: Mobile Security Author: Thomas Cannon CONTENTS Author 3 Introduction 4 How We Are Breaking In: Mobile Security 6 Introduction 6 Common Issues 7 Conclusion 8 NCC
More informationComputer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers
Computer Information Systems (CIS) CIS 101 Introduction to Computers This course provides an overview of the computing field and its typical applications. Key terminology and components of computer hardware,
More informationHow Big Data Enables building Risk Profiles. Kayvan Alikhani. RSA, Senior Director of Technology
RISK ß à Auth How Big Data Enables building Risk Profiles Kayvan Alikhani RSA, Senior Director of Technology 1 RISK BASED AUTHENTICATION Local Auth History Devices Network Apps Sessions PASS Desktop or
More informationSecure Firmware Update Lab Session
Secure Firmware Update Lab Session Shotaro Saito, Staff Application Engineer, Secure MCU Class ID: BL02I Renesas Electronics America Inc. Shotaro Saito, Application Engineer 24 years in Embedded Systems
More informationSecuring Your Web Application against security vulnerabilities. Alvin Wong, Brand Manager IBM Rational Software
Securing Your Web Application against security vulnerabilities Alvin Wong, Brand Manager IBM Rational Software Agenda Security Landscape Vulnerability Analysis Automated Vulnerability Analysis IBM Rational
More informationSecure Access & SWIFT Customer Security Controls Framework
Secure Access & SWIFT Customer Security Controls Framework SWIFT Financial Messaging Services SWIFT is the world s leading provider of secure financial messaging services. Their services are used and trusted
More informationMeasuring and Evaluating Cyber Risk in ICS Components, Products and Systems
Measuring and Evaluating Cyber Risk in ICS Components, Products and Systems Copyright 2018 UL LLC. All rights reserved. No portion of this material may be reprinted in any form without the express written
More informationCyber Risk and Networked Medical Devices
Cyber Risk and Networked Medical Devices Hot Topics Deloitte & Touche LLP February 2016 Copyright Scottsdale Institute 2016. All Rights Reserved. No part of this document may be reproduced or shared with
More informationSpoofing iclass and iclass SE
Introduction The concept of emulating (spoofing) security access cards has become more and more difficult with the introduction of smart card technology. The older proximity based RFID access cards were
More informationQ WEB APPLICATION ATTACK STATISTICS
WEB APPLICATION ATTACK STATISTICS CONTENTS Introduction...3 Results at a glance...4 Web application attacks: statistics...5 Attack types...5 Attack trends...10 Conclusions...12 2 INTRODUCTION This report
More informationChanging face of endpoint security
Changing face of endpoint security S A N T H O S H S R I N I V A S A N C I S S P, C I S M, C R I S C, C E H, C I S A, G S L C, C G E I T D I R E C T O R S H A R E D S E R V I C E S, H C L T E C H N O L
More informationThe 3 Pillars of SharePoint Security
The 3 Pillars of SharePoint Security Liam Cleary CEO/Owner SharePlicity Jeff Melnick Systems Engineer Netwrix Corporation AGENDA The Problem Attack Vectors Intranet, Extranet and Public Facing Proactive
More informationStrategy is Key: How to Successfully Defend and Protect. Session # CS1, February 19, 2017 Karl West, CISO, Intermountain Healthcare
Strategy is Key: How to Successfully Defend and Protect Session # CS1, February 19, 2017 Karl West, CISO, Intermountain Healthcare 1 Speaker Introduction Karl West Chief Information Security Officer Intermountain
More information