Sergiu Gatlan reports:
Malicious DICOM files can be crafted to contain both CT and MRI scan imaging data and potentially dangerous PE executables, a process which can be used by threat actors to hide malware inside seemingly harmless files.
Cylera’s Markel Picado Ortiz achieved this by taking advantage of a DICOM format design flaw which allows for the “128-byte section at the beginning of the file, called the Preamble,” to be modified to add compatibility with non-DICOM image viewers.
Read more on BleepingComputer.
h/t,@MRJDWoodard