November 28, 2023 at 04:59PM Researchers at Eurecom have discovered six new Bluetooth attacks called ‘BLUFFS’ that can compromise the secrecy of Bluetooth sessions, leading to device impersonation and man-in-the-middle attacks. These attacks exploit flaws in the Bluetooth standard and can impact billions of devices. The researchers have provided a toolkit on GitHub to demonstrate … Read more
November 22, 2023 at 02:09PM Security researchers discovered vulnerabilities in fingerprint sensors on Dell Inspiron, Lenovo ThinkPad, and Microsoft Surface Pro X laptops. The researchers were able to bypass Windows Hello fingerprint authentication using man-in-the-middle attacks. Microsoft’s Secure Device Connection Protocol (SDCP) was supposed to prevent these attacks, but it was not enabled on two … Read more
October 17, 2023 at 09:20AM Attackers have exploited a critical zero-day bug to compromise and infect Cisco IOS XE devices with malicious implants. Threat intelligence company VulnCheck found thousands of compromised hosts. Cisco has advised administrators to disable the vulnerable HTTP server feature and look for breach indicators. A patch is not yet available. Key … Read more