Weekly Cyber Security News 31/12/2021

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. We’ve been here before right? Many times? I know many countries have or are cracking down on IoT security but would it also cover this market?

• That Toy You Got for Christmas Could Be Spying on You – Security flaws in the recently released Fisher-Price Chatter Bluetooth telephone can allow nearby attackers to spy on calls or communicate with children using the device.

Sigh…. You put something on the Internet which has an API. What do you do first? I don’t expect an answer, those that know wouldn’t be in this position in the first place and those that are breached wouldn’t know how to answer that obviously:

• Cryptomining Attack Exploits Docker API Misconfiguration Since 2019 – Campaign exploits misconfigured Docker APIs to gain network entry and ultimately sets up a backdoor on compromised hosts to mine cryptocurrency.

A bit of a lapse….

• 4-Year-Old Microsoft Azure Zero-Day Exposes Web App Source Code – The security vulnerability could expose passwords and access tokens, along with blueprints for internal infrastructure and finding software vulnerabilities.