15 matches found
EUVD-2019-18880
Malware in sbrugna...
kernel: bluetooth: BR/EDR Bluetooth Impersonation Attacks (BIAS)
A flaw was discovered in the Bluetooth protocol affecting the Bluetooth BR/EDR authentication. An attacker with physical access to the Bluetooth connection could perform a spoofing attack impersonating the address of a previously paired remote device. This attack may result in the attacking devic...
CVE-2020-10135
A flaw was discovered in the Bluetooth protocol affecting the Bluetooth BR/EDR authentication. An attacker with physical access to the Bluetooth connection could perform a spoofing attack impersonating the address of a previously paired remote device. This attack may result in the attacking devic...
New Bluetooth Vulnerability Exposes Billions of Devices to Hackers
Academics from École Polytechnique Fédérale de Lausanne EPFL disclosed a security vulnerability in Bluetooth that could potentially allow an attacker to spoof a remotely paired device, exposing over a billion of modern devices to hackers. The attacks, dubbed Bluetooth Impersonation AttackS or BIA...
Important: Red Hat Security Advisory: kernel security and bug fix update
An update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB)
A flaw was discovered in the Bluetooth protocol. An attacker within physical proximity to the Bluetooth connection could downgrade the encryption protocol to be trivially brute forced...
hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB)
A flaw was discovered in the Bluetooth protocol. An attacker within physical proximity to the Bluetooth connection could downgrade the encryption protocol to be trivially brute forced...
Debian DLA-1930-1 : linux security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2016-10905 A race condition was discovered in the GFS2 file-system implementation, which could lead to a use-after-free. On a system using GFS2, a...
[SECURITY] [DLA 1930-1] linux security update
Package : linux Version : 3.16.74-1 CVE ID : CVE-2016-10905 CVE-2018-20976 CVE-2018-21008 CVE-2019-0136 CVE-2019-9506 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14821 CVE-2019-14835 CVE-2019-15117 CVE-2019-15118 CVE-2019-15211 CVE-2019-15212 CVE-2019-15215 CVE-2019-15218 CVE-2019-15219...
Debian DLA-1919-2 : linux-4.9 security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. This updated advisory text mentions the additional non-security changes and notes the need to install new binary packages. CVE-2019-0136 It was...
A week in security (August 19 – 25)
Last week on Malwarebytes Labs, we reported on the presence of Magecart on a type of poker software; outlined how the Key Negotiation of Bluetooth KNOB attack works; followed the money on a Bitcoin sextortion campaign; looked back at DEF CON 27; and reported on continuing ransomware attacks on...
Bluetooth vulnerability can be exploited in Key Negotiation of Bluetooth (KNOB) attacks
Those who are familiar with Bluetooth BR/EDR technology aka Bluetooth Classic, from 1.0 to 5.1 can attest that it is not perfect. Like any other piece of hardware or software technology already on market, its usefulness comes with flaws. Early last week, academics at Singapore University of...
Code injection
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks aka "KNOB" that can decrypt traffic and inject arbitrary...
New Bluetooth Vulnerability Lets Attackers Spy On Encrypted Connections
Over a billion Bluetooth-enabled devices, including smartphones, laptops, smart IoT devices, and industrial devices, have been found vulnerable to a high severity vulnerability that could allow attackers to spy on data transmitted between the two devices. The vulnerability, assigned as...
Bluetooth BR/EDR supported devices are vulnerable to key negotiation attacks
Overview The encryption key length negotiation process in Bluetooth BR/EDR Core v5.1 and earlier is vulnerable to packet injection by an unauthenticated, adjacent attacker that could result in information disclosure and/or escalation of privileges. This can be achieved using an attack referred to...