Bluetooth Low Energy (BLE) Protocol Vulnerability

Bluetooth Low Energy (BLE) protocol is known for its battery-saving features. But its improper BLE reconnection procedure has made billions of Android and iOS devices vulnerable to the new attack dubbed Bluetooth Low Energy Spoofing Attack (BLESA). According to researchers, two critical security flaws in the BLE link-layer authentication mechanism expose Bluetooth...

The Largest Automated Hack In Five Years

Over 2,000 e-commerce stores running older Magento version 1 were attacked to steal credit card details with an automated skimming script. Researchers say:"Dubbed “CardBleed”, it was a typical Magecart attack: injected malicious code would intercept the payment information of unsuspected store customers. The campaign started with a zero-day vulnerability sold...

Bug in TikTok Android App Could Allow Stealing Files

Researchers have found multiple vulnerabilities in the TikTok Android app. One of the bugs could let an attacker steal arbitrary files from the device. Th researchers say:"An attacker could therefore gain access to any files stored in the app’s private directory, and also to history, private messages, and session tokens,...

$5.4 Million Stolen From Eterbase Cryptocurrency Exchange

An unknown group of hackers stole cryptocurrencies worth 5.4 million dollars from the European cryptocurrency exchange Eterbase. Hackers managed to raid six Eterbase's hot wallets for Bitcoin, Ethereum, XRP, Tezos, Algorand, and TRON and transferred the funds into their wallets managed at six rival crypto exchanges. Eterbase tracked a big part of...

New Unpatched Bluetooth Flaw

An organization that oversees the development of Bluetooth standards has published a post reporting an unpatched vulnerability that potentially affects hundreds of millions of devices worldwide. They identified vulnerabilities related to Cross-Transport Key Derivation (CTKD) in implementations supporting pairing and encryption with both Bluetooth BR/EDR and LE in Bluetooth Specifications 4.2...

Attackers Can Break SSL/TLS Encryption

Researchers have found d a new timing vulnerability in the Transport Layer Security (TLS) protocol that could potentially allow an attacker to break the encryption. They named it Raccoon Attack and shared how the server-side attack exploits a side-channel in the cryptographic protocol (versions 1.2 and lower) to extract the...

New Linux Malware Affects VoIP Softswitch Systems

Cybersecurity researchers from ESET have discovered a new Linux malware that targets voice over IP (VoIP) softswitches in an attempt to steal phone call metadata. They say:"The primary goal of the malware is to exfiltrate various private data from a compromised softswitch, including call detail records. To steal this metadata,...

Facebook Launches Instagram Security Tool As Open Source

Facebook has released Pysa, their internally-developed security tool as open source. It is designed as a static code analyzer and it specifically looks for security bugs. Facebook's internal team used the tool for identifying various bugs. They say:"Pysa helps us detect a wide range of issues. For example, we use it...

Cloud Monitoring Tools Used By Hackers As Backdoor

Israeli cybersecurity firm Intezer has published an analysis claiming that cloud monitoring tools are used as a backdoor to carry out malicious attacks. They say:"To our knowledge, this is the first time attackers have been caught using legitimate third party software to target cloud infrastructure. When abused, Weave Scope gives...

Microsoft Defender Update Causing Problems

A researcher has found a bug in the latest Microsoft Defender update. The Microsoft Malware Protection Command Line tool MpCmdRun.exe has received an update that now allows downloading files from a remote location. An attacker can exploit it to load malicious programs onto a target device.  

en_USEnglish
de_DEDeutsch en_USEnglish