The backdoor on Contec CMS8000 patient-monitoring devices could allow an IP address at an unnamed university to remotely download and execute unverified files, according to CISA.
The backdoor on Contec CMS8000 patient-monitoring devices could allow an IP address at an unnamed university to remotely download and execute unverified files, according to CISA.
I get lots of mileage out of Hanlon’s Razor, and I acknowledge the rampant incompetence that suggests its applicability, but digital security seems like about the least appropriate place to apply this rule of thumb.
As someone who has to deal with PCI compliance issues, there’s plenty of noob mistakes, out-of-date thinking and outright “let’s log this data for debugging purposes even though if any regulator found out they’d nuke us from orbit.”
Fair enough, I can imagine that pretty easily.