Hello, welcome to the Tuesday, May 31st, 2016 edition of the Santernet Storm Center's

Stormcast.

My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida.

According to a vulnerability note is released by cert.org, a METhost preoperative information management systems, essentially where you keep patient data

and the like, suffers from hard-coded usernames and passwords.

These passwords aren't widely known, but if someone does get a hold of it, they can log in

to any instance of this particular software and retrieve

patient data stored in the system.

I don't think I'm really surprised by this.

After all, this is just a database.

It's not actual equipment connected to the patient, which has had similar vulnerabilities

and verse before. And in general, medical software has been sort of part of the low-hanging

fruits when it comes to finding vulnerabilities like this. What's different here compared to most of these cases I've seen in the past, the vendor

actually patched the flaw.

So if you're using this particular software, you can apply the vendor patch in order to fix

this vulnerability.

And well, I missed it last week, but there is a new version of Chrome and Chromium fixing 42 different

vulnerabilities.

I am seeing here nine different vulnerabilities rated as high.

Some of them allow quote execution.

Others are cross-origin vulnerabilities that could be exploited, for example,

for cross-site request forging and information leakage. And the payment card industry security

...