Today the DHS ICS-CERT published their first WannaCry update in
almost two weeks. The last update was
published on May 31st for the alert that was originally
published on May 15th, 2017. The update includes a link to new
vendor information and a link
to the update in the STYX
format, a machine readable format for sharing cyber threat information.
The new vendor information comes from Johnson & Johnson.
The Update provides a link to a new ‘Security Advisories’ page which contains
links to two product advisories; Certus®140
System, and Carto®3
System. No really new information is available in either document.
ICS-CERT kept the original Johnson & Johnson link
in the Update. Unfortunately, that link now has nothing to do with WannaCry.
All mention was removed leaving it just a generic cybersecurity disclosure
reporting page. That link probably should have been removed from the Update.
ICS-CERT did miss reporting on Siemens WannaCry updates for
a number of their products, including (thanks to the Siemens ProductCERT for
their tweets):
• Ultrasound
products, published June 1st;
• Mammography
products, published June 1st;
• Multimodality
Workplace products, published June 1st;
• Siemens
Healthineer products, published June 1st; and
• Advanced Therapy
products, published June 9th.
These were just mainly product update reporting.
BTW: I half expected to see an ICS-CERT alert on
CrashOverride today since US-CERT came out with their alert today. I’m still
reading the Dragos
paper but it sounds interesting. More to come, I’m sure.
Posts
No comments:
Post a Comment