Select Page
Google Warns of Zero-Click Bluetooth Flaws in Linux-based Devices

Google Warns of Zero-Click Bluetooth Flaws in Linux-based Devices

Google security researchers are warning of a new set of zero-click vulnerabilities in the Linux Bluetooth software stack that can allow a nearby unauthenticated, remote attacker to execute arbitrary code with kernel privileges on vulnerable devices.

According to security engineer Andy Nguyen, the three flaws — collectively called BleedingTooth — reside in the open-source BlueZ protocol stack that offers support for many of the core Bluetooth layers and protocols for Linux-based systems such as laptops and IoT devices.

The first and the most severe is a heap-based type confusion (CVE-2020-12351, CVSS score 8.3) affecting Linux kernel 4.8 and higher and is present in the Logical Link Control and Adaptation Protocol (L2CAP) of the Bluetooth standard, which provides multiplexing of data between different higher layer protocols.

“A remote attacker in short distance knowing the victim’s [Bluetooth device] address can send a malicious l2cap packet and cause denial of service or possibly arbitrary code execution with kernel privileges,” Google noted in its advisory. “Malicious Bluetooth chips can trigger the vulnerability as well.”

The vulnerability, which is yet to be addressed, appears to have been introduced in a change to the “l2cap_core.c” module made in 2016.

images from Hacker News

India Witnessed Spike in Cyber Attacks Amidst Covid-19 – Here’s Why?

India Witnessed Spike in Cyber Attacks Amidst Covid-19 – Here’s Why?

The COVID-19 outreach is turning out to be not only health, social, and economic hazard but also a cybersecurity crisis. The pandemic has presented new challenges for businesses in the areas of remote collaboration and business continuity.

With increased remote working for better business continuity, employees are using numerous Internet tools. As businesses and people have started relying more on technology and are busy fighting with the pandemic, the attackers now have plenty of options to target them more than ever.

According to PWC’s April report, the number of security threats to the Indian company doubled in March 2020—especially what’s more worrying is a 100% rise between March 17 and 20—from Jan 2020.

Sanjay Dhotre, the Union Minister of State for Electronics & Information Technology (MeITY), said that India has seen over 350,000 cyberattacks in the second quarter, triple the number of recorded events in the first quarter of 2020. He also highlighted that there were 700,000 cybersecurity incidents until August 2020.

Key Cybersecurity Crises in Numbers

According to ACRONIS Cyber Readiness Report 2020, 31% of companies worldwide are faced with at least one cybersecurity incident per day. However, India reported twice as many cyberattacks per day, where most of the cyberattacks comprise phishing, DDoS, video conferencing, exploiting weak services, and malware.

images from Hacker News

Police Raided German Spyware Company FinFisher Offices

Police Raided German Spyware Company FinFisher Offices

German investigating authorities have raided the offices of Munich-based company FinFisher that sells the infamous commercial surveillance spyware dubbed ‘FinSpy,’ reportedly in suspicion of illegally exporting the software to abroad without the required authorization.

Investigators from the German Customs Investigation Bureau (ZKA), ordered by the Munich Public Prosecutor’s Office, searched a total of 15 properties in Munich, including business premises of FinFisher GmbH, two other business partners, as well as the private apartments of the managing directors, along with a partner company in Romania from October 6 to 8.

For those unaware, FinSpy is extremely powerful spying software that is being sold as a legal law enforcement tool to governments around the world but has also been found in use by oppressive and dubious regimes to spy on activists, political dissidents and journalists.

FinSpy malware can target both desktop and mobile operating systems, including Android, iOS, Windows, macOS, and Linux, and gives its operator spying capabilities, including secretly turning on victims’ webcams and microphones, recording everything they types on the keyboard, intercepting calls, and exfiltration of sensitive data.

However, a new report from BR (Bayerischer Rundfunk) and (Norddeutscher Rundfunk) NDR suggests the spying firm illegally exported FinSpy to other countries without the correct export license issued by the federal government.

images from Hacker News

FIN11 Hackers Spotted Using New Techniques In Ransomware Attacks

FIN11 Hackers Spotted Using New Techniques In Ransomware Attacks

A financially-motivated threat actor known for its malware distribution campaigns has evolved its tactics to focus on ransomware and extortion.

According to FireEye’s Mandiant threat intelligence team, the collective — known as FIN11 — has engaged in a pattern of cybercrime campaigns at least since 2016 that involves monetizing their access to organizations’ networks, in addition to deploying point-of-sale (POS) malware targeting financial, retail, restaurant, and pharmaceutical sectors.

“Recent FIN11 intrusions have most commonly led to data theft, extortion and the disruption of victim networks via the distribution of CLOP ransomware,” Mandiant said.

Although FIN11’s activities in the past have been tied to malware such as FlawedAmmyyFRIENDSPEAK, and MIXLABEL, Mandiant notes significant overlap in TTPs with another threat group that cybersecurity researchers call TA505, which is behind the infamous Dridex banking Trojan and Locky ransomware that’s delivered through malspam campaigns via the Necurs botnet.

It’s worth pointing that Microsoft orchestrated the takedown of the Necurs botnet earlier this March in an attempt to prevent the operators from registering new domains to execute further attacks in the future.

images from Hacker News

Guide: Scale or Fail — Why MSSPs Need Multitenant Security Solutions

Guide: Scale or Fail — Why MSSPs Need Multitenant Security Solutions

Managed Security Services Providers (MSSPs) have it rough. They have the burden of protecting their client organizations from cyberattacks, with clients from different industries, different security stacks, and different support requirements. And everything is in a constant state of flux.

MSSPs are turning to multitenant solutions to help reduce the complexity of managing multiple security solution instances across their client base. Multitenancy allows various independent instances of a solution to be managed in a single, shared environment.

Cybersecurity company Cynet just published an instructive paper on the benefits along with the key considerations MSSPs should evaluate when selecting a multitenant platform (download here).

Eliminating Information Overload with a Single Pane of Glass

Many MSSPs suffer from information whiplash – jumping between screens every time a different client environment needs attention. And, effectively monitoring and responding to the torrent of security data across multiple clients requires a significant investment in resources.

According to a recent [Cynet report], multitenant platforms allow MSSPs to scale their business with far fewer resources while improving their security posture by consolidating all operations oversight and management into a single, unified platform.

images from Hacker News