Security News

The U.S. Cybersecurity and Infrastructure Security Agency and Food and Drug Administration have issued an advisory about critical security vulnerabilities in Illumina's next-generation sequencing software. The issues impact software in medical devices used for "Clinical diagnostic use in sequencing a person's DNA or testing for various genetic conditions, or for research use only," according to the FDA. "Successful exploitation of these vulnerabilities may allow an unauthenticated malicious actor to take control of the affected product remotely and take any action at the operating system level," CISA said in an alert.

An Ohio-based DNA testing company, has disclosed a hacking incident that affects 2,102,436 persons. The incident resulted in a confirmed data breach that occurred between May 24, 2021, and July 28, 2021, but the firm discovered it only on October 29, 2021.

A cross-site request forgery vulnerability in the Cisco Digital Network Architecture Center could open enterprise users to remote attack and takeover. The flaw, tracked as CVE-2021-1257, exists in the web-based management interface of the Cisco DNA Center, which is a centralized network-management and orchestration platform for Cisco DNA. It carries a CVSS vulnerability-severity score of 7.1, making it high-severity.

Cisco this week released patches to address a significant number of vulnerabilities across its product portfolio, including several critical flaws in SD-WAN products, DNA Center, and Smart Software Manager Satellite. Several command injection bugs addressed in SD-WAN products could allow an attacker to perform actions as root on the affected devices, the most important of which is rated critical severity, featuring a CVSS score of 9.9.

The idea is to collect and analyze random DNA floating around the ocean, and using that to figure out where the giant squid are. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Threat actors could target DNA researchers with malware in an effort to modify synthetic DNA orders and create pathogens or toxins, researchers warn. In a newly published article in Nature, a group of academic researchers from Israel's Interdisciplinary Center Herzliya and Ben-Gurion University of the Negev detail a cyberattack that exploits gaps within the security of the DNA procurement process for malicious purposes.

A genealogy website used to catch one of California's most wanted serial killers remained shut down Thursday after a security breach exposed the DNA profiles of more than a million people to law enforcement agencies. GEDmatch said in a message emailed to members and posted Wednesday on its Facebook page that on Sunday a "Sophisticated attack" on their servers through an existing user account made the DNA profiles of its members available for police to search for about three hours.

In rather more ways than many readers hea suspect, most security problems happen due to people not noticing or disregarding information in the form of observations. Remember an attacker will almost always select your weaknesses to their advantage and "Pinning you down" is a very standard millitary tactic to gain significant advantage over much greater numbers.

This is a "game changer" when it comes to genetic privacy rights, experts say.

The US government plans to collect the DNA of all migrants detained after entering the country illegally, officials said Wednesday. read more