Google security researchers are warning of a new set of zero-click vulnerabilities in the Linux Bluetooth software stack that can allow a nearby unauthenticated, remote attacker to execute arbitrary code with kernel privileges on vulnerable devices. According to security engineer Andy Nguyen, the three flaws — collectively called BleedingTooth — reside in the open-source BlueZ … [Read more...] about Google Warns of Zero-Click Bluetooth Flaws in Linux-based Devices
Devices
ALERT! Hackers targeting IoT devices with a new P2P botnet malware
Cybersecurity researchers have taken the wraps off a new botnet hijacking Internet-connected smart devices in the wild to perform nefarious tasks, mostly DDoS attacks, and illicit cryptocurrency coin mining. Discovered by Qihoo 360's Netlab security team, the HEH Botnet — written in Go language and armed with a proprietary peer-to-peer (P2P) protocol, spreads via a brute-force … [Read more...] about ALERT! Hackers targeting IoT devices with a new P2P botnet malware
Chinese Hackers Exploiting Unpatched Devices to Target U.S. Agencies
The US Cybersecurity and Infrastructure Security Agency (CISA) issued a new advisory on Monday about a wave of cyberattacks carried by Chinese nation-state actors targeting US government agencies and private entities."CISA has observed Chinese [Ministry of State Security]-affiliated cyber threat actors operating from the People's Republic of China using commercially available … [Read more...] about Chinese Hackers Exploiting Unpatched Devices to Target U.S. Agencies
New Unpatched Bluetooth Flaw Lets Hackers Easily Target Nearby Devices
Bluetooth SIG—an organization that oversees the development of Bluetooth standards—today issued a statement informing users and vendors of a newly reported unpatched vulnerability that potentially affects hundreds of millions of devices worldwide.Discovered independently by two separate teams of academic researchers, the flaw resides in the Cross-Transport Key Derivation (CTKD) … [Read more...] about New Unpatched Bluetooth Flaw Lets Hackers Easily Target Nearby Devices
QSnatch Data-Stealing Malware Infected Over 62,000 QNAP NAS Devices
Cybersecurity agencies in the US and UK yesterday issued a joint advisory about a massive ongoing malware threat infecting Taiwanese company QNAP's network-attached storage (NAS) appliances.Called QSnatch (or Derek), the data-stealing malware is said to have compromised 62,000 devices since reports emerged last October, with a high degree of infection in Western Europe and … [Read more...] about QSnatch Data-Stealing Malware Infected Over 62,000 QNAP NAS Devices
Ripple20: Critical Vulnerabilities Might be Putting Your IoT/OT Devices at Risk
Cybersecurity researchers from JSOF have just published a set of 19 vulnerabilities, dubbed Ripple20 that are impacting the TCP/IP stack developed by Treck. This software stack is integrated into millions of systems used in the healthcare, transportation, manufacturing, telecoms and energy markets, potentially affecting a very large number of organizations and critical … [Read more...] about Ripple20: Critical Vulnerabilities Might be Putting Your IoT/OT Devices at Risk
New Ripple20 Flaws Put Billions of Internet-Connected Devices at Risk of Hacking
The Department of Homeland Security and CISA ICS-CERT today issued a critical security advisory warning about over a dozen newly discovered vulnerabilities affecting billions of Internet-connected devices manufactured by over 500 vendors across the globe.Dubbed "Ripple20," the set of 19 vulnerabilities resides in a low-level TCP/IP software library developed by Treck, which, if … [Read more...] about New Ripple20 Flaws Put Billions of Internet-Connected Devices at Risk of Hacking
New WhatsApp Bug Could Have Let Hackers Secretly Install Spyware On Your Devices
The recent controversies surrounding the WhatsApp hacking haven't yet settled, and the world's most popular messaging platform is in choppy waters once again.The Hacker News has learned that WhatsApp has recently patched yet another critical vulnerability that could have allowed attackers to remotely compromise targeted devices and potentially steal secured chat messages and … [Read more...] about New WhatsApp Bug Could Have Let Hackers Secretly Install Spyware On Your Devices
Qualcomm Chip Flaws Let Hackers Steal Private Data From Android Devices
Hundreds of millions of devices, especially Android smartphones and tablets, using Qualcomm chipsets, are vulnerable to a new set of potentially serious vulnerabilities.According to a report cybersecurity firm CheckPoint shared with The Hacker News, the flaws could allow attackers to steal sensitive data stored in a secure area that is otherwise supposed to be the most … [Read more...] about Qualcomm Chip Flaws Let Hackers Steal Private Data From Android Devices
How to gain visibility into Mobile Devices
Introduction Falcon for Mobile is CrowdStrike’s EDR solution on mobile devices. Falcon for Mobile monitors and records activities taking place on Android and iOS, providing the visibility necessary to detect attackers, malicious insider activity, and corporate data leakage Falcon for Mobile allows organizations to benefit from powerful reporting, investigation, and threat … [Read more...] about How to gain visibility into Mobile Devices