Sven HerpigOne person's backdoor is another person's fucked up update mechanism connecting to a random university's server in #China
Oh #cybersecurity, you never seize to amaze me.
# # #
"Although the full update process is VERY dangerous and risky, to us it does not appear to have malicious intent behind it, especially when considering the manual boldly refers to this IP address, and white-label vendors ask users to configure their internal CMS with this IP address."
However, as the IP address specified in the manual is a public address in China, it could lead to inadvertent data leaks and takeover risks if an NFS server is running. Currently, no NFS server is configured at this IP address.
# # #
Backdoor found in two healthcare patient monitors, linked to IP in China
The US Cybersecurity and Infrastructure Security Agency (CISA) is warning that Contec CMS8000 devices, a widely used healthcare patient monitoring device, include a backdoor that quietly sends patient data to a remote IP address and downloads and executes files on the device.