Security Newsletter

14 September 2020

New Unpatched Bluetooth Flaw Lets Hackers Easily Target Nearby Devices

Bluetooth SIG—an organization that oversees the development of Bluetooth standards—today issued a statement informing users and vendors of a newly reported unpatched vulnerability that potentially affects hundreds of millions of devices worldwide.

Dubbed 'BLURtooth' and tracked as CVE-2020-15802, the flaw exposes devices powered with Bluetooth 4.0 or 5.0 technology, allowing attackers to unauthorizedly connect to a targeted nearby device by overwriting the authenticated key or reducing the encryption key strength. In other words, the flaw leverage ability under specific implementations of the pairing process that could allow devices to overwrite authorization keys when the transport enforces a higher level of security.

"This may permit a Man In The Middle (MITM) attack between devices previously bonded using authenticated pairing when those peer devices are both vulnerable. The Bluetooth SIG further recommends that devices restrict when they are pairable on either transport to times when user interaction places the device into a pairable mode or when the device has no bonds or existing connections to a paired device," the researchers said.

 

Data center giant Equinix discloses ransomware incident

Equinix, one of the world's largest providers of on-demand colocation data centers, has disclosed today a security breach.Equinix says ransomware hit internal systems but that data centers are OK.

Equinix is just the latest in a long list of ransomware incidents that have impacted web hosting and data center providers. The list also includes CyrusOne, Cognizant, A2 Hosting, SmarterASP.NET, Dataresolution.net, and Internet Nayana. Such companies are ripe targets for cyber-criminals, and especially for ransomware gangs. The reasons are simple and involve the immediate effect of their attacks, which often bring down services for impacted companies, but also for their respective customers, all of whom are expecting near-perfect uptime.

There is no suggestion that the company is downplaying the incident, with no major outages being reported at the time of writing, and no wave of customer complaints flooding social media.

 

More #News

 

#Patch Time!

 

#Tech and #Tools

This content was created by Kindred Group Security. Please share if you enjoyed!

Kindred Group in brief

Kindred is one of the largest online gambling companies in the world with a diverse team of 1,600 people serving over 26 million customers across Europe, Australia and the US. We offer pre-game and live Sports betting, Poker, Casino and Games through 11 brands across our markets. We are committed to offer our customers the best deal and user experience possible, while ensuring a safe and fair gambling environment. Kindred is a pioneer in the online gambling industry and is an innovation driven company that builds on trust.