New 5G flaws can track phone locations and spoof emergency alerts
Security researchers at Purdue University and the University of Iowa have found close to a dozen vulnerabilities, which they say can be used to track a victim’s real-time location, spoof emergency alerts that can trigger panic or silently disconnect a 5G-connected phone from the network altogether.

New 5G flaws can track phone locations and spoof emergency alerts

NTSB Investigation Into Deadly Uber Self-Driving Car Crash Reveals Lax Attitude Toward Safety
The Uber car that hit and killed Elaine Herzberg in Tempe, Ariz., in March 2018 could not recognize all pedestrians, and was being driven by an operator likely distracted by streaming video, according to documents released by the U.S. National Transportation Safety Board (NTSB) this week.
https://spectrum.ieee.org/cars-that-think/transportation/self-driving/ntsb-investigation-into-deadly-uber-selfdriving-car-crash-reveals-lax-attitude-toward-safety

US-CERT warns of critical flaws in Medtronic equipment
The problem this time is in the Valleylab FT10 (V4.0.0 and below) and Valleylab FX8 (v1.1.0 and below), electrosurgical generators used by surgeons for procedures such as cauterisation during operations.
https://nakedsecurity.sophos.com/2019/11/13/us-cert-warns-of-critical-flaws-in-medtronic-equipment/

Trend Micro Launches New ICS Security Solutions
The number of Industrial Internet of Things (IIoT) devices that control and monitor industrial processes such as manufacturing is expected to continue to grow, the same as the number of reported ICS vulnerabilities, which went up 224% from 2017 to 2018.
https://www.securityweek.com/trend-micro-launches-new-ics-security-solutions

IoT Security Woes Plague Healthcare Industry
More hospitals are adopting internet of things (IoT) devices, from wearables to smart insulin pens. But neither hospitals nor the device manufacturers themselves are ready to address the onslaught of security and privacy challenges that come with medical connected devices.

IoT Security Woes Plague Healthcare Industry

US-CERT Warns of Remotely Exploitable Bugs in Medical Devices
Vulnerabilities in key surgical equipment could be remotely exploited by a low-skill attacker.
https://www.darkreading.com/threat-intelligence/us-cert-warns-of-remotely-exploitable-bugs-in-medical-devices/d/d-id/1336362

Undocumented Access Feature Exposes Siemens PLCs to Attacks
Siemens is working on addressing a vulnerability that can be exploited by a skilled attacker to execute arbitrary code on its SIMATIC S7-1200 programmable logic controller (PLC) by abusing a hardware-based access mode
https://www.securityweek.com/undocumented-access-feature-exposes-siemens-plcs-attacks

Security of North American Energy Grid Tested in GridEx Exercise
The grid security exercise, GridEx V, was organized last week by the North American Electric Reliability Corporation (NERC) and it was hosted by its Electricity Information Sharing and Analysis Center (E‑ISAC).
https://www.securityweek.com/security-north-american-energy-grid-tested-gridex-exercise

A Notorious Iranian Hacking Crew Is Targeting Industrial Control Systems
The recent shift away from IT networks raises the possibility that Iran’s APT33 is exploring physically disruptive cyberattacks on critical infrastructure.
https://www.wired.com/story/iran-apt33-industrial-control-systems/

5G security and privacy for smart cities
The 5G telecommunications revolution is imminent. It is the next generation of cellular network, making use of the existing 4G LTE in addition to opening up the millimeter wave band. 5G will be able to welcome more network-connected devices and increase speeds considerably for users. It will serve as the foundation for advanced services, including

5G security and privacy for smart cities

Iran’s APT33 sharpens focus on industrial control systems
Iran’s elite hacking group is upping its game, according to new evidence delivered at a cybersecurity conference this week. The country’s APT33 cyberattack unit is evolving from simply scrubbing data on its victims’ networks and now wants to take over its targets’ physical infrastructure by manipulating industrial control systems (ICS), say reports.
https://nakedsecurity.sophos.com/2019/11/22/irans-apt33-sharpens-focus-on-industrial-control-systems/

How Medical Device Vendors Hold Healthcare Security for Ransom
While being pummeled by ransomware attacks, healthcare centers also face growing IoT-related threats. Here’s how they manage security amid a complex set of risks.
https://www.darkreading.com/edge/theedge/how-medical-device-vendors-hold-healthcare-security-for-ransom/b/d-id/1336388

Compromised by Connection: 5G Will Unite Cities and Also Put Them at Risk
Watch enough old science fiction movies, and you’re bound to look outside and wonder why the cars on the road don’t drive themselves, why the litter on the sidewalk hasn’t been cleaned up by drones, and why robots aren’t whizzing by with bags full of groceries. The present, it seems, has failed to make good on past promises of the future.
https://www.securityweek.com/compromised-connection-5g-will-unite-cities-and-also-put-them-risk

Bon sang! French hospital contracts 6,000 PC-locking ransomware infection
Rouen’s Centre Hospitalier Universitaire (CHU) reverted to pen and paper instead of computerised record-keeping during last week’s attack, according to Le Monde.
https://www.theregister.co.uk/2019/11/21/french_hospital_rouen_ransomware/

What’s the answer for 5G security?
Learn about the planning of 3GPP in developing specifications for 5G security in this synopsis of 5G Americas’ white paper, ‘The Evolution of Security in 5G.’
https://searchsecurity.techtarget.com/opinion/Whats-the-answer-for-5G-security

5G IoT security: Opportunity comes with risks
Slowly but surely, 5G digital cellular networks are being set up around the world

5G IoT security: Opportunity comes with risks

Hacking robotic vehicles is easier than you might think
Robotic vehicles like Amazon delivery drones or Mars rovers can be hacked more easily than people may think, a research from the University of British Columbia suggests.

Hacking robotic vehicles is easier than you might think

Uber’s first safety review contains thousands of sexual assault reports
Over the last few years Uber — among other ridesharing services — has been accused of failing to respond adequately to reports of sexual assault and other crimes linked to those on its platform. Now the company has released its first safety report (PDF), along with a number of notes about steps it’s taking to make things safer for passengers and drivers.
https://www.engadget.com/2019/12/05/uber-safety-report-2019/

Moxa Addresses Industrial AP Vulnerabilities Several Months After Disclosure
More than a dozen serious vulnerabilities have been found in an industrial wireless access point (AP) made by Taiwan-based industrial networking and automation solutions provider Moxa, but the vendor only addressed the flaws several months after exploits were made public.
https://www.securityweek.com/moxa-addresses-industrial-ap-vulnerabilities-several-months-after-disclosure