Skip to content

Corruption Ledger

The Public Ledger of Corruption

  • Corruption
    • banks
    • corporate
    • environment
    • government
    • health
    • leaks
    • misinformation
    • protest & unrest
  • Crime
  • Sanctions
    • sanctions news
    • global sanctions feed
    • european sanctions feed
    • canadian sanctions feed
    • US sanctions feed
  • International Conflict
    • war
    • war machines
  • Business & Economy
  • Tech
  • Privacy
  • Regions
    • Africas
    • Asias
    • Europe
    • Oceania
    • Middle East
    • U.S.
    • World
  • News about Journalism
  • Toggle search form
  • US / SEC sues Coinbase and Binance, files motion to freeze Binance assets _enforcement
  • Document reveals why Canada arms Saudi Arabia – media Business & Economy
  • Kremlin comments on WSJ correspondent arrest Aerospace
  • Nord Stream attack: Leaked US intel. suggests pro-Ukrainian group behind sabotage + Corruption Ledger #RealityCheck corporate corruption
  • Kremlin critic Kara-Murza goes on trial for treason Censorship Free Speech
  • Wave of raids, arrests target government critics in Tunisia government corruption
  • Russia vs. journalism: Vladimir Putin must release Wall Street Journal reporter Evan Gershkovich Censorship Free Speech
  • Ukraine, media falsely report that Jewish Babyn Yar memorial was bombed by Russia Corruption

Critical-rated security flaw in Illumina DNA sequencing tech exposes patient data

Posted on April 28, 2023May 15, 2023 By 5amResearch No Comments on Critical-rated security flaw in Illumina DNA sequencing tech exposes patient data
 

The U.S. government has sounded the alarm about a critical software vulnerability found in genomics giant Illumina’s DNA sequencing devices, which hackers can exploit to modify or steal patients’ sensitive medical data.

In separate advisories released on Thursday, U.S. cybersecurity agency CISA and the U.S. Food and Drug Administration warned that the security flaw — tracked as CVE-2023-1968 with the maximum vulnerability severity rating of 10 out of 10 — allows hackers to remotely access an affected device over the internet without needing a password. If exploited, the bug could allow hackers to compromise devices to produce incorrect or altered results, or none at all.

The advisories also warn of a second vulnerability, tracked as CVE-2023-1966 with a lower severity rating of 7.4 out of 10. The bug could allow attackers to remotely upload and run malicious code at the operating system level, allowing them to alter settings and access sensitive data on the affected product.

The vulnerabilities affect Illumina’s iScan, iSeq, MiniSeq, MiSeq, MiSeqDx, NextSeq and NovaSeq products. These products, used worldwide in the healthcare sector, are designed for clinical diagnostic use in sequencing a person’s DNA for various genetic conditions or research purposes.

Illumina spokesperson David McAlpine told TechCrunch that Illumina has “not received any reports indicating that a vulnerability has been exploited, nor do we have any evidence of any vulnerabilities being exploited.” McAlpine declined to say whether Illumina has the technical means to detect exploitation, or say how many devices are vulnerable to the flaws.

Illumina CEO Francis deSouza said in January that its installed base was more than 22,000 sequencers.

In a LinkedIn post, Illumina CTO Alex Aravanis said that the company discovered the vulnerability as part of routine efforts to assess its software for potential vulnerabilities and exposures.

“Upon identifying this vulnerability, our team worked diligently to develop mitigations to protect our instruments and customers,” Aravanis said. “We then contacted and worked in close partnership with regulators and customers to address the issue with a simple software update at no cost, requiring little to no downtime for most.”

News of the Illumina vulnerability comes after the FDA last month announced it will require medical device makers to meet specific cybersecurity requirements when submitting an application for a new product. Device makers will have to submit a plan explaining how they plan to track and address vulnerabilities, and include a software bill of materials detailing every component in a device.

Related

https://techcrunch.com/2023/04/28/illumina-dna-tech-fda-security-flaw/

Business & Economy, corporate corruption, Corruption, government corruption, health, Leaks, Misinformation, Spotlight, Surveillance & Privacy, Tech, x.tech Tags:z.techcrunch

Post navigation

Previous Post: FBI searches home of top FTX executive
Next Post: Fed says it failed to take forceful action on SVB

You must log in to post a comment.

Wall of Shame

  • Ledger of Lies
  • Enforcement Actions
  • Misinformation & Censorship
  • In Court

Recent

  • US / SEC sues Coinbase and Binance, files motion to freeze Binance assets
  • Raging Canada Wildfires Threaten Critical Infrastructure, Force Evacuations
  • Disgruntled employer Fox News says Tucker Carlson breached his contract: Report
  • Saudi crown prince, US’ Blinken had ‘candid’ talks in Jeddah
  • Italian police search former defense exec’s home in corruption probe
  • Meta to let users refuse its cross-site tracking following German antitrust intervention
  • Ex-CIA advisor theorizes date when Dollar’s dominance may start to crumble
  • Treasury ‘sleeping at the wheel’ on PwC tax scandal
  • Biden Signs Bill to Raise US Debt Ceiling to Avoid Default
  • A federal judge rejects Tennessee’s anti-drag law as too broad and vague
About CL
  • The U.S. could run out of cash to pay its bills by June 1, Yellen warns Congress Business & Economy
  • Amid a child labor crisis, U.S. state governments are loosening regulations corporate corruption
  • Ukraine rejects China overture for immediate ceasefire in war with Russia International Conflict
  • Nord Stream blasts staged by a state-level actor – Putin Spotlight
  • German authorities raid Deutsche Bank in money laundering investigation _enforcement
  • Raging Canada Wildfires Threaten Critical Infrastructure, Force Evacuations environment
Rumble Video

Copyright © 2022 Corruption Ledger. This web site contains no ads.