Security Affairs
US and allied Governments’ Recommendations: Securing Network Devices Against Russian APT Groups|Chaotic Eclipse Unveils LegacyHive Exploit Affecting Fully Patched Windows Systems|AsyncAPI npm Supply Chain Attack: Malware Injected Into Packages With 2 Million Weekly Downloads|U.S. CISA adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog|SonicWall warns of active exploitation of two SMA 1000 zero-days|Patch Tuesday security updates for July 2026, the largest update ever. 621 CVEs in one month|U.S. Treasury Sanctions VPN Provider and Cryptor Seller Behind Billions in Ransomware Losses|Attacker Used AI to Build Custom PowerShell Recon Malware|Malware Hits Japan’s Largest Taxi Company Nihon Kotsu, Services Temporarily Suspended|CrashStealer: New macOS Infostealer Uses Signed Apps to Evade Gatekeeper|Lidl Notified Online Shop Customers in Germany, Belgium, and the Netherlands of a Data Breach|U.S. CISA adds a Cisco IOS flaw to its Known Exploited Vulnerabilities catalog|US and allied Governments’ Recommendations: Securing Network Devices Against Russian APT Groups|Chaotic Eclipse Unveils LegacyHive Exploit Affecting Fully Patched Windows Systems|AsyncAPI npm Supply Chain Attack: Malware Injected Into Packages With 2 Million Weekly Downloads|U.S. CISA adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog|SonicWall warns of active exploitation of two SMA 1000 zero-days|Patch Tuesday security updates for July 2026, the largest update ever. 621 CVEs in one month|U.S. Treasury Sanctions VPN Provider and Cryptor Seller Behind Billions in Ransomware Losses|Attacker Used AI to Build Custom PowerShell Recon Malware|Malware Hits Japan’s Largest Taxi Company Nihon Kotsu, Services Temporarily Suspended|CrashStealer: New macOS Infostealer Uses Signed Apps to Evade Gatekeeper|Lidl Notified Online Shop Customers in Germany, Belgium, and the Netherlands of a Data Breach|U.S. CISA adds a Cisco IOS flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

CISA warns of a critical flaw affecting Illumina medical devices

U.S. CISA released an Industrial Control Systems (ICS) medical advisory warning of a critical flaw affecting Illumina medical devices. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) medical advisory warning of vulnerabilities that could allow an attacker to take any action at the operating system level. The issues […]

CISA BlueHammer (CVE-2026-33825)

U.S. CISA released an Industrial Control Systems (ICS) medical advisory warning of a critical flaw affecting Illumina medical devices.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) medical advisory warning of vulnerabilities that could allow an attacker to take any action at the operating system level.

The issues impact the following products using the Illumina Universal Copy Service: 

  • iScan Control Software: v4.0.0 
  • iScan Control Software: v4.0.5 
  • iSeq 100: All versions 
  • MiniSeq Control Software: v2.0 and newer 
  • MiSeq Control Software: v4.0 (RUO Mode) 
  • MiSeqDx Operating Software: v4.0.1 and newer 
  • NextSeq 500/550 Control Software: v4.0 
  • NextSeq 550Dx Control Software:  v4.0 (RUO Mode) 
  • NextSeq 550Dx Operating Software:  v1.0.0 to 1.3.1 
  • NextSeq 550Dx Operating Software: v1.3.3 and newer 
  • NextSeq 1000/2000 Control Software: v1.4.1 and prior 
  • NovaSeq 6000 Control Software: v1.7 and prior 
  • NovaSeq Control Software: v1.8 

The above medical devices are used either in clinical diagnostic use in sequencing a person’s DNA for various genetic conditions or for research use only (RUO).

“Successful exploitation of these vulnerabilities could allow an attacker to take any action at the operating system level. A threat actor could impact settings, configurations, software, or data on the affected product; a threat actor could interact through the affected product via a connected network.” reads the Industrial Control Systems Medical Advisory published by CISA.

The most severe of the vulnerabilities, tracked as CVE-2023-1968 (CVSS score: 10.0), allows an unauthenticated, remote attacker to bind to an unrestricted IP address. An attacker could use UCS to listen on all IP addresses, including those capable of accepting remote communications. 

A remote attacker can potentially eavesdrop on network traffic and inject arbitrary commands.

The second issue reported in the advisory, tracked as CVE-2023-1966 (CVSS score: 7.4), is an unnecessary privileges vulnerability.

“An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or access sensitive data on the affected product.” continues the advisory.

The Food and Drug Administration (FDA) also published an advisory that remarks that an unauthorized attacker can exploit the first vulnerability by:

  • taking control remotely;
  • altering settings, configurations, software, or data on the instrument or a customer’s network; or
  • impacting genomic data results in the instruments intended for clinical diagnosis, including causing the instruments to provide no results, incorrect results, altered results, or a potential data breach.

“At this time, the FDA and Illumina have not received any reports indicating this vulnerability has been exploited.” reads the alert published by FDA. “llumina developed a software patch to protect against the exploitation of this vulnerability. The FDA wants health care providers and laboratory personnel to be aware of the required actions to mitigate these cybersecurity risks.”

The good news is that there is no evidence that the two vulnerabilities have been exploited in the wild.

The company urges customers to install the security updates released on April 5, 2023.

Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections:

  • The Teacher – Most Educational Blog
  • The Entertainer – Most Entertaining Blog
  • The Tech Whizz – Best Technical Blog
  • Best Social Media Account to Follow (@securityaffairs)

Please nominate Security Affairs as your favorite blog.

Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)