Security News > 2022 > February

The rush to roll out remote healthcare has also unleashed a universe of wearable medical devices to collect sensitive data, which researchers say are widely vulnerable to attack. Analysts with Kaspersky Labs reported finding 33 vulnerabilities last year in the most widely used data transfer protocol for internet of things medical devices, known as MQTT - that's 10 more than the previous year.

A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites. The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.

In an analysis of more than 21 billion application transactions analyzed by the Cequence Security Threat Research Team between June and December of last year, API-based account login and registration transactions increased by 92 percent to more than 850 million. Highlighting the fact that attackers love APIs just as much as developers, that same dataset showed account takeover attacks on login APIs increased by 62 percent.

Cloudflare, an American company focused on web infrastructure and website security, has announced the launch of a new public bug bounty program. "Today we are launching Cloudflare's paid public bug bounty program," said Rushil Shah, a Product Security Engineer at Cloudflare.

There are two bills working their way through Congress that would force companies like Apple to allow competitive app stores. Apple hates this, since it would break its monopoly, and it's making a variety of security arguments to bolster its argument.

A critical severity vulnerability in the Samba platform could allow attackers to gain remote code execution with root privileges on servers. Samba is an interoperability suite that allows Windows and Linus/Unix-based hosts to work together and share file and print services with multiplatform devices on a common network, including SMB file-sharing.

That's the sort of glitch behind CVE-2022-0330, a Linux kernel bug in the Intel i915 graphics card driver that was patched last week. Permission to load and run code on the GPU. Once again, in some environments, users might have graphics processing uniut "Coding powers" not because they are avid gamers, but in order to take advantages of the GPU's huge performance for specialised programming - everything from image and video rendering, through cryptomining, to cryptographic research.

A number of security vulnerabilities have been disclosed in 42 Gears' SureMDM device management solution that could be weaponized by attackers to perform a supply chain compromise against affected organizations. The India-based company's SureMDM is a cross-platform mobile device management service that allows enterprises to remotely monitor, manage, and secure their fleet of company-owned machines and employee-owned devices.

Samba has issued software updates to address multiple security vulnerabilities that, if successfully exploited, could allow remote attackers to execute arbitrary code with the highest privileges on affected installations. Chief among them is CVE-2021-44142, which impacts all versions of Samba before 4.13.17 and concerns an out-of-bounds heap read/write vulnerability in the VFS module "Vfs fruit" that provides compatibility with Apple SMB clients.

The Greek data protection authority has imposed fines of 5,850,000 EUR to COSMOTE and 3,250,000 EUR to OTE, for leaking sensitive customer communication due to a cyberattack. As the agency says in an announcement, COSMOTE infringed at least eight articles of the GDPR, including violating its duty to inform affected customers of the true impact of the incident.