11th March: FDA Cybersecurity alert ++ Google takes over Mandiant ++ Joint security guidance for data centre operators and users

FDA Cybersecurity alert: medical IoT devices might be compromised

On March 8th, the FDA, the US Food & Drug Administration issued a cybersecurity warning: Axeda Agent and Axeda Desktop Servers show vulnerabilities affecting over 150 devices from well-known vendors.

The medical device software components are used for the remote maintenance of medical IoT products such as x-ray systems, mammogram systems and injection systems used for example to inject contrast media before a CT scan.

The vulnerability exists due to presence of hard-coded credentials in application code for UltraVNC installation. A remote unauthenticated attacker can access the affected system using the hard-coded credentials. Successful exploitation of some of the known vulnerabilities could allow an attacker to obtain full file-system access and remote code execution.

A threat actor could shut down the Axeda agent on a device in a targeted attack, making remote service impossible – this can lead to the healthcare unit interrupting therapy or diagnosing a patient.

CISA, the US Cybersecurity and Infrastructure Security Agency advises customers perform proper impact analysis and risk assessment prior to deploying defensive measures.
According to bleepincomputer.com, it took 210 days form the first report of the vulnerability to public disclosure.

No records of whether the vulnerability have been successfully exploited or if people were harmed could have been found so far.


Google takes over security provider Mandiant – for 5 billion USD

Google said that when the deal closes, Mandiant will become part of the Google Cloud organization. With 5 billion USD it is the second largest acquisition after Google bought Motorola in 2011.

The Financial Times writes:

Thomas Kurian, chief executive officer of Google Cloud, said that the deal was a response to fact that “the sophistication and severity of attacks that were previously used to target major governments are now being used to target companies in every industry”.

It is suspected that Google wanted to close the deal in order to gain advantages over Microsoft. Google and Microsoft currently fight for the status as second largest cloud providers, after AWS.

The acquisition is subject to closing conditions, including the receipt of Mandiant stockholder and regulatory approvals, and is expected to close later this year.

Mandiant was founded in 2004. The company employs more than 600 consultants and 300 intelligence analysts that respond to thousands of security incidents each year, including many of the highest profile attacks as for example the SolarWinds hack in 2019. The company was acquired by FireEye in 2013 but became standalone again in 2021 when it sold its products business and the FireEye name to a private equity firm. In 2017 Mandiant itself, known as FireEye at that time, was hacked.


Joint security guidance offered to data centre operators and users

New guidance from the NCSC and CPNI sets out a holistic security strategy for data centres to the keep the UK’s online assets secure.

“Datacenter owners should assume that a cyber compromise is inevitable, take steps to detect intrusions and minimize their impact and take preventative cybersecurity measures,” the strategy says. In light of current geopolitical developments, the fear of cyber attacks rises as we already reported last week. This step is considered a preparation for possible future cyber attacks aiming to mitigate the vulnerability for datacenter owners and users.

“Data is one of the UK’s most valuable assets, and it underpins almost all facets of modern life. However, this can make data centres an attractive target for threat actors, both physically and in cyberspace,” the NCSC states on its website.

The new guidance differentiates between security for data centre owners and users and lists case studies of attacks on T-Mobile, the United States Office of Personnel Management (OPM) and Meta.

The guidance lists all kind of measures ranging from security the physical perimeters and buildings, supply chain to cyber security measures.


Is cybersecurity a topic of interest for your company? As an independent entity with a portfolio of proven security providers, CyberCompare can provide you with comparative offers at no charge and with no obligation. Reach out to us or use our diagnostic to learn more about your cyber risk profile.

Please remember: this article is based our knowledge at the time it was written – but we learn more every day. Do you think important points are missing or do you see the topic from a different perspective? We would be happy to discuss current developments in greater detail with you and your company’s other experts and welcome your feedback and thoughts.

And one more thing: the fact that an article mentions (or does not mention) a provider does not represent a recommendation from CyberCompare. Recommendations always depend on the customer’s individual situation.