Ukraine links members of Gamaredon hacker group to Russian FSB
Samsung Galaxy S21 hacked on second day of Pwn2Own Austin
Microsoft Exchange ProxyShell exploits used to deploy Babuk ransomware
US targets DarkSide ransomware, rebrands with $10 million reward
The Week in Ransomware – November 5th 2021 – Placing bounties
Windows 11 KB5008295 OOB update fixes certificate issue breaking apps
Pwn2Own: Printer plays AC/DC, Samsung Galaxy S21 hacked twice
FBI: Ransomware gangs hit several tribal-owned casinos in the last year
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
CISA urges vendors to patch BrakTooth bugs after exploits release
Researchers have released public exploit code and a proof of concept tool to test Bluetooth devices against System-on-a-Chip (SoC) security bugs impacting multiple vendors, including Intel, Qualcomm, Texas Instruments, and Cypress.
Collectively known as BrakTooth, these 16 flaws impact commercial Bluetooth stacks on over 1,400 chipsets used in billions of devices such as smartphones, computers, audio devices, toys, IoT devices, and industrial equipment.
The list of devices with vulnerable SoCs includes Dell desktops and laptops, MacBooks and iPhones, multiple Microsoft Surface laptop models, Sony and Oppo smartphones, Volo infotainment systems,
CISA asked vendors Thursday to patch these vulnerabilities after the security researchers released the proof of concept tool to test Bluetooth devices against BrakTooth exploits.
The federal agency also encouraged manufacturers and developers to review the vulnerability details published by researchers in August and “update vulnerable Bluetooth System-on-a-Chip (SoC) applications or apply appropriate workarounds.”
BrakTooth tool now available for vendors to test and guard against Bluetooth vulnerabilities. Learn more at #Cybersecurity #InfoSec
The impact associated with the BrakTooth bugs ranges from denial-of-service (DoS) by crashing the device firmware or freezes via deadlock conditions that block Bluetooth communication to arbitrary code execution that can lead to complete takeover depending on the vulnerable SoC used in the targeted device.
Threat actors who may want to launch a BrakTooth attack would only need an off-the-shelve ESP32 board that costs less than $15, custom Link Manager Protocol (LMP) firmware, and a computer to run the proof-of-concept (PoC) tool.
While some vendors have already issued security patches to address the BrakTooth vulnerabilities, it will take months to propagate to all unpatched devices.
In other cases, vendors are still investigating the issues, are still working on a patch, or haven’t yet announced their patch status.
A list of impacted vendors tracked by the researchers and their patch status can be found here or in the table embedded below.
BrakTooth patches
All Windows versions impacted by new LPE zero-day vulnerability
NSA, CISA share VPN security tips to defend against hackers
Hackers exploiting critical VMware vCenter CVE-2021-22005 bug
Researcher drops three iOS zero-days that Apple refused to fix
Windows MSHTML zero-day exploits shared on hacking forums
Not a member yet? Register Now
Popular ‘coa’ NPM library hijacked to steal user passwords
BlackMatter ransomware claims to be shutting down due to police pressure
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

Log4j vulnerability now used by state-backed hackers, access brokers

Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flawsNew ransomware now…

The Week in Ransomware – December 3rd 2021 – Seizing Bitcoin

FBI: Cuba ransomware breached 49 US critical infrastructure orgsResearchers discover 14 new…

Microsoft Defender scares admins with Emotet false positives

FBI seized $2.3M from affiliate of REvil, Gandcrab ransomware gangsEwDoor botnet targets…

Cloudflare is experiencing widespread latency and timeouts

Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flawsNew ransomware now…