Security News

Devices on six-year-old firmware vulnerable to takeover and destruction Argentine cybersecurity shop Eclypsium claims security issues affecting leading DNA sequencing devices could lead to...

BIOS/UEFI vulnerabilities in the iSeq 100 DNA sequencer from U.S. biotechnology company Illumina could let attackers disable devices used for detecting illnesses and developing vaccines. [...]

Cybersecurity researchers have uncovered firmware security vulnerabilities in the Illumina iSeq 100 DNA sequencing instrument that, if successfully exploited, could permit attackers to brick or...

Prime minister Pham Minh Chinh instructed the nation's Ministry of Public Security to collect the data in the form of iris scans, voice samples and actual DNA, in accordance with amendments to Vietnam's Law on Citizen Identification. Ammendments to the Law on Citizen Identification that allow collection of biometrics passed on November 27 of last year.

Biotech and DNA-collection biz 23andMe, the one that blamed its own customers for the October mega-breach, just admitted it failed to detect any malicious activity for the entire five months attackers were breaking into user accounts. In a collection of data breach notifications filed with California's attorney general Rob Bonta, 23andMe revealed attackers were using credential stuffing techniques between April 29 and September 27, 2023.

The Federal Trade Commission has alleged that genetic testing firm 1Health.io, also known as Vitagene, deceived people when it said it would dispose of their physical DNA sample as well as their collected health data. The company asks users to spit into a tube and uses the customer's genetic data, in combination with a health quiz, to check if a user has, or may soon have, certain health conditions.

The U.S. Cybersecurity and Infrastructure Security Agency has released an Industrial Control Systems medical advisory warning of a critical flaw impacting Illumina medical devices. "Successful exploitation of these vulnerabilities could allow an attacker to take any action at the operating system level," CISA said.

The U.S. Cybersecurity Infrastructure Security Agency and the FDA have issued an urgent alert about two vulnerabilities that impact Illumina's Universal Copy Service, used for DNA sequencing in medical facilities and labs worldwide. "An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or access sensitive data on the affected product," warns a CISA advisory released yesterday.

A DNA diagnostics company will pay $400,000 and tighten its security in the wake of a 2021 attack where criminals broke into its network and swiped personal data on over two million people from a nine-year-old "Legacy" database the company forgot it had. The genetic testing firm, DNA Diagnostics Center reached a settlement deal with states' attorneys general in Ohio and Pennsylvania last week, after the social security numbers of 45,000 residents of the two states was exposed, with each of the states getting $200k. DDC offers paternity testing, immigration testing, veterinary DNA testing and forensic testing.

The U.S. Cybersecurity and Infrastructure Security Agency and Food and Drug Administration have issued an advisory about critical security vulnerabilities in Illumina's next-generation sequencing software. The issues impact software in medical devices used for "Clinical diagnostic use in sequencing a person's DNA or testing for various genetic conditions, or for research use only," according to the FDA. "Successful exploitation of these vulnerabilities may allow an unauthenticated malicious actor to take control of the affected product remotely and take any action at the operating system level," CISA said in an alert.