Security News > 2023 > April > CISA warns of critical bugs in Illumina DNA sequencing systems
The U.S. Cybersecurity Infrastructure Security Agency and the FDA have issued an urgent alert about two vulnerabilities that impact Illumina's Universal Copy Service, used for DNA sequencing in medical facilities and labs worldwide.
"An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or access sensitive data on the affected product," warns a CISA advisory released yesterday.
Illumina is a California-based medical technology company that develops and manufactures advanced bioanalysis and DNA sequencing machines.
The company's devices are one of the most widely used for DNA sequencing in clinical settings, research organizations, academic institutions, biotechnology firms, and pharmaceutical companies in 140 countries.
"On April 5, 2023, Illumina sent notifications to affected customers instructing them to check their instruments and medical devices for signs of potential exploitation of the vulnerability," reads an advisory by the FDA. "Some of these instruments have a dual boot mode that allows a user to operate them in either clinical diagnostic mode or RUO mode. Devices intended for RUO are typically in a development stage and must be labeled"For Research Use Only.
CISA also recommends that users of medical devices minimize the exposure of control systems to the internet as much as possible, using firewalls to isolate them from the wider network and using VPNs when remote access is needed.
News URL
Related news
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List (source)