Healthcare Software Exploit: CVE-2023-43208
Вставка
- Опубліковано 5 вер 2024
- jh.live/vanta || Prove your security compliance with Vanta! Get $1,000 off with my link: jh.live/vanta
Free Cybersecurity Education and Ethical Hacking with John Hammond
📧 JOIN MY NEWSLETTER ➡ jh.live/email
🙏 SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎 FOLLOW ME EVERYWHERE ➡ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/discord ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
🔥 UA-cam ALGORITHM ➡ Like, Comment, & Subscribe!
lol - when you showed the deny list, I thought was a easy capture the flag game - 😊 not a live medical platform
In my experience, CTFs tend to be genuinely harder than real world platforms. Real platforms tend to be messy and complicated, and while there's a lot of focus on compliance and security, it's almost impossible for the engineering or blue team to protect against all possible attacks.
There's two important parts to understanding this, one is this is why monitoring is so damned important, and two the red team is gonna win every time but it's our job to make sure they win a different way each time.
Love seeing the defensive side.
Awesome! First time seeing zero-day in action. Thankyou John!
I’m a integration engineer for a hospital…. thank god we don’t use Mirth.
But overall, hospital systems are super tight in network security. Ain’t no way anyone is breaking into our application servers. We get tested constantly for social attacks, plus our systems are all local/self-hosted anyways. Our security guards are all pretty paranoid scary looking dudes
I can’t think of any reason why you would ever expose your integration endpoints over a public network.
The stages involved in resolving issues related to CVE-2023-43208 include:
1. Discovery: The vulnerability is discovered, in this case, arising from an incomplete patch for CVE-2023-37679.
2. Reporting: The vulnerability is reported by IHTeam.
3. Patching: A patch for the vulnerability is developed and released, as seen in Mirth Connect version 4.4.0.
4. Investigation: The patch is analyzed to understand the impact and scope of the vulnerability.
5. Mitigation: Organizations utilizing affected software versions are advised to update to Mirth Connect version 4.4.1 to mitigate the risks associated with CVE-2023-43208.
They way you type with your middle finger is wild, John.
I love your videos man, but wow the popping on your condenser mic rips through my speakers!
Can you give me a timestamp on where you have poping?
I love this channel. Their simple methods of teaching are amazing.
Thanks John, your timing is impeccable. I was just reading about the hospital hacks and was wondering how it was happening. This is great to see the whole process of what it is, how its attackable and how to defend against the threat. Been in IT for awhile and hoping to transfer to cyber. Is there a role that doesn't both sides like you demo here in the video thrse days?
I am working as a medical biller and I have used that software before
Great practical: both building the novel intrusion side and the detection rule authoring side.
Welp, time to go remediate
This is loose in the wild. I've got several letters saying my stuff was compromised.
Yes amazing channel. Its just Inspire me.
Careful john, dont hand over those knives to script kitties….
So, you have an API. Which is publicly available, not just to your frontend. With user objects exposed. How does this not throw up enough red flag as it is, did it have to have an XML demarshalling vulnerability as well?
And, their position on the log4j issue was also... a bit iffy, to say the least. "We use log4j v1.2.x, the vulnerability came first in v2.x" - eh.... well, I bet that version of log4j has even more exploit potential being so old (1.2.17, which was the last version of 1.x, was discontinued in 2015). Ok, they upgraded to a newer, non-vulnerable (at least for the JNDI-exploit) version now, but who says we'll not end up there with other third-part libraries or even log4j again?
Excellent Video John, thanks for sharing
Seems like the License Key is only if you want to install extensions via that Mirth Connect program, weird
Another awesome video from John 🎉
a good learning experience for me. Thank you John!
What a fantastic video John. Keep up the good work!
Excellent, Please do more of such exploit demos.
Nice john 👌❤️😉
Awesome content as usual John. Keep doing what you do. You’re the man!
This reminds me of Hacknet.
Hey John, If I want to find this vulnerable code in ghidra, what file should I target? There are so many complications
As a technician in the medical field for over 20 yrs, I have ZERO tolerance with MDs. More worried about having their license pulled than anything. Already changing doctors for my MOM because one was PUSHING for a new med on TV. Take note doctors, license or not, we are not FOOLED!
next malware analysis
Ah gotta love XML rest apis
Going to see an insane amount of hacks this year. It's to scare you into CBDC and close the trap. Resist at all costs!
Is it just me or does this guy sound like Seth Rogan?
i saw this... Good explanation!
Great video , thank you
Man. I used to managed these interfaces. HL7 is kind of a shit show and the interface engines are really in need of some love.
The vast majority of diagnostic instruments still send data in plain text via ASTM or HL7. This is not going to change anytime soon as managing encryption certificates can be a shitshow as well. However, this issue can be easily mitigated by segmentation and tunnels.
Hello John can you make a video on how to create custom cve detectors like how pentest tools works or share a good reference to am trying to make mine thanks
great video, loved it
Ah ya goda patch it!
👏👏👏
Aint no way a python script written by chatgpt worked without issue in runtime or with the exploit itself
"a standalone Python script" Python's requests library isn't installed by default.
1:25 Give me a break with the AI. Any IT thing is only as good as the humans who set it up, program it, and run it.
Awesome! Thank you John for the insight!
5:37 what song is this?
Peter Spacey - Roar - Instrumental Version
Let’s fucking go!
Love from india
Aku tidak bisa bahasa engles pa engga ngerti artinya pa
is there a way to find PoC's of some latest exploits? anyone who know just comment down some suggestions
Diff changes and craft your own
What's so special about arch linux?
It’s the best, the ALHP or CachyOS repos also bring up the overall speed, making it nearly one of the fastest OSs, also no bloat (besides systemd)
people get it mainly for its diy ability. you can pretty much customize every part of your install including the kernel and firmware. if you wanna learn more about linux and how it works, or just to have full control over your build i recommend it!
I only like it more because it has the AUR.
Not having "bloat" is good and bad. You might be using it and find that you have something missing. While using Ubuntu, this shouldn't be a problem.
@LetrixAR you could just install what’s missing lol
@@deadchannel3 sometimes it isn't clear what's missing and it's also a bother to do it everytime I reinstall Arch.