Alerts

For questions or to provide an update from your organization regarding the action alerts detailed below, please email tips@isac.bio.

Active Alerts

As a reminder, BIO-ISAC will facilitate the ethical submission of your findings, please view our disclosure process for more information.

Illumina CVE

Active! Critical Vulnerability in Illumina software (LRM) - CVSS 10/10 - Fix ASAP

(Includes hashes for patch, as verified with Illumina by BIO-ISAC)

BIO-ISAC has followed up on this vulnerability and has been able to positively confirm the hashes (file identity signature) for the patch that Illumina created for these critical vulnerabilities. Many of you asked for confirmation and BIO-ISAC engaged with Illumina to ensure that you are not installing a maliciously modified or patch that an opportunist attacker may have taken advantage of given that Illumina had not publicly confirmed the hashes for the correct patch - information below. 

 

Patch File Name: LocalRunManagerSecurityPatch.msi

SHA256: 595b724f1c5b4bac446001400b38b748b4ef05520b5489ea4711a2a4289e721a

SHA512: 52b5cfdc462b10011027e94f184c2f0da25b0b1363fddb7fa5793938d11f976259a7f73e77c2fd157f560439ec3df70446aa561b586dc8ef94db2ed95fcce841

For those of you who are not yet members of the BIO-ISAC, please consider joining the organization - it helps us do this vital work of engagement and vulnerability disclosure/follow through. Membership in the org also allows us to create programs like our emergency threat hunting service with our founding member John Hopkins Advanced Physics Laboratory (JHU APL). More about that program, including how to become involved for your organization, is detailed here: https://www.wired.com/story/biotech-security-threats/ and https://www.isac.bio/post/bio-isac-partners-to-provide-free-emergency-threat-hunting-service-to-bioeconomy-companies.

Thank you again to everyone involved. 

Tardigrade

Active! An APT attack on vaccine manufacturing infrastructure.  More info.