Medical device security is a growing concern in healthcare IT. Issues include limited visibility into devices on the network and ownership disputes between clinical engineering, IT, and security. Acquiring security tools can make things worse if not properly administered or managed. David Finn recommends a holistic approach, prioritizing risks and implementing solutions over time. Critical risk categories include clinical, organizational, regulatory, and financial risks. The goal is to become resilient rather than risk-free. Hospitals should also prepare and rehearse for cybersecurity events. David Finn will discuss best practices at HIMSS21.
Windows Remote Desktop Gateway UAF Vulnerability Allows Remote Code Execution
Microsoft disclosed a critical vulnerability (CVE-2025-21297) in Remote Desktop Gateway that enables remote code execution due to a use-after-free bug. Discovered by VictorV, it affects
