Search results for: broadcom

Bluetooth

Critical Bluetooth flaw opens millions of devices to eavesdropping attacks

A newly disclosed vulnerability (CVE-2019-9506) in the Bluetooth Core Specification can be exploited by attackers to intercept and manipulate Bluetooth communications/traffic between two vulnerable devices. Researchers Daniele Antonioli, Nils Ole Tippenhauer and Kasper Rasmussen discovered the flaw and demonstrated a practical Key Negotiation Of Bluetooth (KNOB) attack taking advantage of it. They also shared their discovery with the Bluetooth Special Interest Group (Bluetooth SIG), the CERT Coordination Center, and members of the International Consortium for … More

abstract, generic

Week in review: SWAPGS attack, DNS security, vulnerable Siemens PLCs, Black Hat USA 2019

Here’s an overview of some of last week’s most interesting news, interviews and articles: Embracing the cloud and meeting its security demands You might expect that the largest companies are the most organized and mature when it comes to security but, he says, that’s not always the case – there is a wide range of security approaches and differences arise due to variations in internal organization, to mergers and acquisitions creating islands of technology, and … More

traffic

Quality Assurance and Testing is a bottleneck to implementing DevOps for many organizations

The practice of Continuous Testing – the process of fast and efficient validation of software releases in agile developments through highly automated tests – is gaining ground in large enterprises, with almost a third of IT executives (32%) stating that their IT departments had ‘fully embraced Continuous Testing’. However, with 58% of enterprises deploying a new build daily (and 26% at least hourly), companies must work to improve their continuous testing effectiveness by streamlining their … More

Digital Guardian appointing Mordecai Rosen as CEO

Digital Guardian announced that its Board of Directors has appointed Mordecai (“Mo”) Rosen as its new Chief Executive Officer, effective immediately. Mr. Rosen was most recently the General Manager for Cybersecurity at CA Technologies (now a Broadcom company), and brings more than 25 years of high-tech senior leadership experience to Digital Guardian. With Rosen at the helm, Digital Guardian expects to aggressively grow its core data loss prevention business and extend its push into the … More

code

Helping researchers with IoT firmware vulnerability discovery

John Toterhi, a security researcher with IoT security company Finite State, believes that many of the security problems plaguing IoT devices are solvable problems through transparency. “Manufacturers who make their firmware public and follow GPL practices are doing themselves a huge favor: by making firmware public, manufacturers are enabling a world-wide network of the best security talent to find bugs, disclose them responsibly, and improve security for their customers. Without this transparency they exclude so … More

SFP-DD MSA releases high-speed, high-density interface specification 2.0

The Small Form Factor Pluggable Double Density (SFP-DD) Multi Source Agreement (MSA) Group announces the release of the v2.0 specification for the SFP-DD pluggable interface. The MSA consortium released the initial SFP-DD specification version 1.0 in September 2017 and earlier this year released version 1.1. The newly updated specification version 2.0 reflects enhancements to the mechanicals, extended modules and enhanced polarizing key of the SFP-DD electrical interface, targeting support of up to 3.5 W optical … More

Bluetooth

Bluetooth vulnerability allows snooping of traffic between paired devices

Researchers Eli Biham and Lior Neumann have discovered a vulnerability in two Bluetooth features that could be exploited by attackers to gain a man-in-the-middle position and to monitor and fiddle with the traffic between two devices connected via that wireless technology. “Both Bluetooth low energy (LE) implementations of Secure Connections Pairing in operating system software and BR/EDR implementations of Secure Simple Pairing in device firmware may be affected,” the Carnegie-Mellon CERT notes. The vulnerability (CVE-2018-5383) … More

patch

Patch Tuesday: 80+ vulnerabilities fixed, one exploited in the wild

As part of its regular, monthly Patch Tuesday update, Microsoft has released patches for 81 new vulnerabilities, including a zero-day in the .NET Framework. The September patch dump also includes details of a spoofing vulnerability in the Windows Bluetooth driver (CVE-2017-8628), which has been disclosed as part of the BlueBorne batch of vulnerabilities. The flaw was apparently patched silently in July, but Microsoft chose to delay releasing details about it until other vendors could develop … More

geometry

Week in review: macOS security, Segway vulns, and the SOC of the future

Here’s an overview of some of last week’s most interesting news and articles: The future of macOS security: Baked-in protection and third-party tools Anyone in the information security industry who’s interested in Mac security probably knows who Patrick Wardle is. Apart from being Chief Security Researcher at Synack, he’s also the creator of a number of security tools for macOS, which he makes available for free on his Objective-See project site. Attackers are taking over … More

Apple

Apple patches critical Broadpwn vulnerability in its various OSes

Apple has released security updates for iOS, macOS (Sierra, El Capitan, and Yosemite), Safari, iCloud, iTunes, watchOS and tvOS. As per usual, the same fixed Webkit flaws abound in all of the updates, as it is the web browser engine used by Safari, App Store, and many other applications. Among the other plugged holes a few stand out, for various reasons: Among the WebKit flaws, there’s one disclosed to Apple by the UK’s National Cyber … More

modem router

Exploit revealed for remote root access vulnerability affecting many router models

Back in January 2013, researchers from application security services firm DefenseCode unearthed a remote root access vulnerability in the default installation of some Cisco Linksys (now Belkin) routers. The flaw was actually found in Broadcom’s UPnP implementation used in popular routers, and ultimately the researchers extended the list of vulnerable routers to encompass devices manufactured by the likes of ASUS, D-Link, Zyxel, US Robotics, TP-Link, Netgear, and others. Since there were millions of vulnerable devices … More

Wi-Fi

Apple patches drive-by Wi-Fi flaw with emergency iOS patch

Less than a week after Apple pushed out iOS 10.3 comes an iOS emergency patch that all iDevice owners should implement as soon a possible. The security note accompanying iOS 10.3.1 says simply that the fixed problem is a stack buffer overflow vulnerability that was addressed through improved input validation, and that it allows an attacker within range to execute arbitrary code on the Wi-Fi chip. No more details about it were shared, but Gal … More