Security News

Global cybersecurity company Positive Technologies identified several potential vulnerabilities in 5G standalone networks that could result in denial of service for customers and trouble for network operators. In the new report, "5G Standalone core security research," researchers analyzed the security of the network architecture, interaction of network elements, and subscriber authentication and registration procedures.

Vulnerabilities in the protocols used by standalone 5G network implementations could expose users to information theft, impersonation, and other types of attacks, Positive Technologies warned on Wednesday. Current 5G networks are non-standalone implementations that are based on the existing 4G LTE infrastructure, but wireless carriers are expected to invest heavily into transitioning to standalone implementations in the next few years.

Updates released this week by Apple for its macOS operating systems patch a total of 59 vulnerabilities, including roughly 30 that could lead to the execution of arbitrary code. Some of the bugs, Apple explains in its advisory, could be exploited to execute code with system or kernel privileges.

Vulnerabilities discovered in Medtronic's MyCareLink Smart 25000 Patient Reader product could be exploited to take control of a paired cardiac device. Designed to obtain information from a patient's implanted cardiac device, the MCL Smart Patient Reader then sends the data to the Medtronic CareLink network, to facilitate care management, through the patient's mobile device.

A vast majority of operational technology devices affected by the Urgent/11 vulnerabilities and many devices impacted by the CDPwn flaws remain unpatched, IoT security firm Armis reported on Tuesday. According to the company, 97% of industrial devices affected by the Urgent/11 vulnerabilities have not been patched.

"Comparing data from the last two years, we see that crowdsourced cybersecurity is growing rapidly as a result of rapid digital transformation and increased threats caused by the COVID-19 pandemic. Vulnerability submissions are up, with higher numbers of critical vulnerabilities, and total payouts are growing steadily by about 15-20% per quarter." The most submitted vulnerabilities in 2020 stem from broken access controls, while the second-highest number of vulnerabilities were related to cross-site scripting.

While the number of identified vulnerabilities has increased significantly over the past years, the percentage of flaws that are exploitable or have actually been exploited has been dropping, according to vulnerability management company Kenna Security. Kenna Security has conducted an analysis of more than 100,000 vulnerabilities disclosed since 2011 and noticed that the number of exploitable and exploited flaws has been on a downwards trend over the past years.

A total of 46 vulnerabilities were addressed this week with the release of the December 2020 security updates for Android. A total of 33 flaws are patched as part of the 2020-12-05 security patch level.

Siemens and Schneider Electric on Tuesday informed customers about the availability of patches and mitigations for several potentially serious vulnerabilities affecting their industrial control system products. The new advisories describe vulnerabilities affecting the company's SICAM, SIMATIC, SIPLUS, LOGO! 8, SENTRON, SIRIUS, and XHQ products.

Millions of connected devices from over 150 vendors are affected by tens of vulnerabilities found in open source TCP/IP stacks, enterprise IoT security company Forescout revealed this week. The Ripple20 flaws disclosed earlier this year and the URGENT/11 bugs made public in 2019 were revealed to render millions of devices vulnerable to remote attacks.