Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

Artikkelin numero: 000199050

**Yhteenveto: Dell Unity, Dell UnityVSA, and Dell Unity XT remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.**

*   Artikkelin sisältö
*   Juridiset tiedot
*   Artikkelin ominaisuudet
*   Arvostele tämä artikkeli

**Artikkelin sisältö**

**Vaikutus**

Critical

**Tiedot**

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-29084

Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users.

8.1

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-29085

Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

6.4

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

 

**Third-party Component**

**CVEs**

**More Information**

aide

CVE-2021-45417

See NVD (http://nvd.nist.gov/) for individual scores for each CVE.  
 

apache2

CVE-2021-33193

CVE-2021-34798

CVE-2021-36160

CVE-2021-39275

CVE-2021-40438

CVE-2022-22719

CVE-2022-22720

CVE-2022-22721

CVE-2022-23943

Apache-tomcat

CVE-2021-25122

CVE-2021-25329

CVE-2021-30639

CVE-2021-30640

CVE-2021-33037

CVE-2021-41079

CVE-2021-42340

avahi

CVE-2021-3468

cyrus-sasl

CVE-2022-24407

Dell BSAFE™ Micro Edition Suite

CVE-2020-5359

See Dell KB DSA-2020-114: https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities for individual scores for each CVE.

CVE-2020-5360

docker, containerd, runc

CVE-2021-30465

See NVD (http://nvd.nist.gov/) for individual scores for each CVE.

CVE-2021-32760

CVE-2021-41089

CVE-2021-41091

CVE-2021-41092

CVE-2021-41103

expat

CVE-2021-45960

CVE-2021-46143

CVE-2022-22822

CVE-2022-22823

CVE-2022-22824

CVE-2022-22825

CVE-2022-22826

CVE-2022-22827

CVE-2022-23852

CVE-2022-23990

CVE-2022-25235

CVE-2022-25236

CVE-2022-25313

CVE-2022-25314

CVE-2022-25315

glibc

CVE-2021-33574

CVE-2021-35942

json-c

CVE-2020-12762

kernel

CVE-2021-40490

libesmtp

CVE-2019-19977

net-snmp

CVE-2018-18065

CVE-2020-15862

openssl (Unisphere UI)

CVE-2022-0778

p11-kit

CVE-2020-29361

polkit

CVE-2021-4034

python3

CVE-2021-3426

CVE-2021-3733

CVE-2021-3737

sqlite3

CVE-2015-3414

CVE-2015-3415

CVE-2019-19244

CVE-2019-19317

CVE-2019-19603

CVE-2019-19645

CVE-2019-19646

CVE-2019-19880

CVE-2019-19923

CVE-2019-19924

CVE-2019-19925

CVE-2019-19926

CVE-2019-19959

CVE-2019-20218

CVE-2020-13434

CVE-2020-13435

CVE-2020-13630

CVE-2020-13631

CVE-2020-13632

CVE-2020-15358

CVE-2020-9327

tcpdump

CVE-2018-16301

tiff

CVE-2017-17095

CVE-2019-17546

CVE-2020-19131

CVE-2020-35521

CVE-2020-35522

CVE-2020-35523

CVE-2020-35524

CVE-2022-22844

ucode-intel

CVE-2020-24489

CVE-2020-24511

CVE-2020-24512

CVE-2020-24513

CVE-2021-0127

CVE-2021-0145

CVE-2021-0146

CVE-2021-33120

vim

CVE-2021-3778

CVE-2021-3796

CVE-2021-3872

CVE-2021-3927

CVE-2021-3928

CVE-2021-3984

CVE-2021-4019

CVE-2021-4193

CVE-2021-46059

CVE-2022-0319

CVE-2022-0351

CVE-2022-0361

CVE-2022-0413

xerces-s

CVE-2018-1311

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-29084

Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users.

8.1

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-29085

Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

6.4

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

 

**Third-party Component**

**CVEs**

**More Information**

aide

CVE-2021-45417

See NVD (http://nvd.nist.gov/) for individual scores for each CVE.  
 

apache2

CVE-2021-33193

CVE-2021-34798

CVE-2021-36160

CVE-2021-39275

CVE-2021-40438

CVE-2022-22719

CVE-2022-22720

CVE-2022-22721

CVE-2022-23943

Apache-tomcat

CVE-2021-25122

CVE-2021-25329

CVE-2021-30639

CVE-2021-30640

CVE-2021-33037

CVE-2021-41079

CVE-2021-42340

avahi

CVE-2021-3468

cyrus-sasl

CVE-2022-24407

Dell BSAFE™ Micro Edition Suite

CVE-2020-5359

See Dell KB DSA-2020-114: https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities for individual scores for each CVE.

CVE-2020-5360

docker, containerd, runc

CVE-2021-30465

See NVD (http://nvd.nist.gov/) for individual scores for each CVE.

CVE-2021-32760

CVE-2021-41089

CVE-2021-41091

CVE-2021-41092

CVE-2021-41103

expat

CVE-2021-45960

CVE-2021-46143

CVE-2022-22822

CVE-2022-22823

CVE-2022-22824

CVE-2022-22825

CVE-2022-22826

CVE-2022-22827

CVE-2022-23852

CVE-2022-23990

CVE-2022-25235

CVE-2022-25236

CVE-2022-25313

CVE-2022-25314

CVE-2022-25315

glibc

CVE-2021-33574

CVE-2021-35942

json-c

CVE-2020-12762

kernel

CVE-2021-40490

libesmtp

CVE-2019-19977

net-snmp

CVE-2018-18065

CVE-2020-15862

openssl (Unisphere UI)

CVE-2022-0778

p11-kit

CVE-2020-29361

polkit

CVE-2021-4034

python3

CVE-2021-3426

CVE-2021-3733

CVE-2021-3737

sqlite3

CVE-2015-3414

CVE-2015-3415

CVE-2019-19244

CVE-2019-19317

CVE-2019-19603

CVE-2019-19645

CVE-2019-19646

CVE-2019-19880

CVE-2019-19923

CVE-2019-19924

CVE-2019-19925

CVE-2019-19926

CVE-2019-19959

CVE-2019-20218

CVE-2020-13434

CVE-2020-13435

CVE-2020-13630

CVE-2020-13631

CVE-2020-13632

CVE-2020-15358

CVE-2020-9327

tcpdump

CVE-2018-16301

tiff

CVE-2017-17095

CVE-2019-17546

CVE-2020-19131

CVE-2020-35521

CVE-2020-35522

CVE-2020-35523

CVE-2020-35524

CVE-2022-22844

ucode-intel

CVE-2020-24489

CVE-2020-24511

CVE-2020-24512

CVE-2020-24513

CVE-2021-0127

CVE-2021-0145

CVE-2021-0146

CVE-2021-33120

vim

CVE-2021-3778

CVE-2021-3796

CVE-2021-3872

CVE-2021-3927

CVE-2021-3928

CVE-2021-3984

CVE-2021-4019

CVE-2021-4193

CVE-2021-46059

CVE-2022-0319

CVE-2022-0351

CVE-2022-0361

CVE-2022-0413

xerces-s

CVE-2018-1311

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen****Versiohistoria**

**Revision**

**Date**

**More Informatio**n

1.0

2022-04-29

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

**Juridiset tiedot**

Tämän Dell Technologiesin tietoturvatiedotteen tiedot on luettava, ja niiden avulla voidaan välttää tilanteita, jotka voivat johtua tässä kuvatuista ongelmista. Dell Technologiesin tietoturvatiedotteet tuovat tärkeitä tietoturvatietoja haavoittuvuudelle alttiiden tuotteiden käyttäjien tietoon. Dell Technologies arvioi riskin perustuen asennettujen järjestelmien hajautetun joukon keskimääräisiin riskeihin, eikä se välttämättä vastaa paikallisen asennuksen ja yksittäisen ympäristön todellista riskiä. Suositus on, että kaikki käyttäjät ratkaisevat näiden tietojen sovellettavuuden yksittäisten ympäristöjen mukaan ja ryhtyvät tarvittaviin toimenpiteisiin. Tässä esitetyt tiedot annetaan "sellaisenaan" ilman minkäänlaista takuuta. Dell Technologies kiistää kaikki suorat tai epäsuorat takuut, mukaan lukien takuut soveltuvuudesta kaupankäynnin kohteeksi, sopivuudesta tiettyyn käyttötarkoitukseen, omistusoikeudesta ja loukkaamattomuudesta. Dell Technologies, sen tytäryhtiöt tai toimittajat eivät missään tilanteessa ole vastuussa mistään vahingoista, jotka johtuvat tässä asiakirjassa mainituista tiedoista tai toimenpiteistä, joihin käyttäjä päättää ryhtyä. Tämä koskee kaikkia suoria, epäsuoria, satunnaisia, välillisiä, liikevoiton menetykseen liittyviä tai erityisluontoisia vahinkoja, vaikka Dell Technologies tai sen tytäryhtiöt tai toimittajat olisivat saaneet tiedon tällaisten vahinkojen mahdollisuudesta. Jotkin osavaltiot eivät salli satunnaisten tai seuraamuksellisten vahinkojen vastuun poistamista tai rajoittamista, joten edellä mainittua rajoitusta sovelletaan vain lain sallimassa laajuudessa.

**Artikkelin ominaisuudet**

**Tuote, johon asia vaikuttaa**

Dell EMC Unity 300, Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 450F, Dell EMC Unity 500, Dell EMC Unity 500F, Dell EMC Unity 550F, Dell EMC Unity 600

**Tuote**

Product Security Information, Dell EMC Unity 600F, Dell EMC Unity 650F, Dell EMC Unity XT 680, Dell EMC Unity XT 680F, Dell EMC Unity XT 880, Dell EMC Unity XT 880F, Dell EMC UnityVSA (Virtual Storage Appliance)

**Edellinen julkaisupäivä**

29 huhtik. 2022

**Versio**

1

**Artikkelin tyyppi**

Dell Security Advisory

CVE-2022-29085: DSA-2022-021: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for Multiple Vulnerabilities

79% of CISOs say continuous runtime vulnerability management is an essential capability to keep up with the expanding complexity of modern multi-cloud environments.

WALTHAM, Mass.--(BUSINESS WIRE)--Software intelligence company Dynatrace (NYSE: DT) announced today the findings of an independent global survey of 1,300 chief information security officers (CISOs) in large-size organizations. The research reveals that the speed and complexity created by using multicloud environments, multiple coding languages, and open source software libraries are making vulnerability management more difficult. 75% of CISOs say that despite having a multi-layered security posture, persistent coverage gaps allow vulnerabilities into production. This highlights the growing need for observability and security to converge, paving the way toward AISecDevOps practices. This will empower organizations with a more effective way of managing vulnerabilities at runtime, and the ability to detect and block attacks in real time. The complimentary report, _Observability and security must converge to enable effective vulnerability management_, is available for download.

Findings from the research include:

*   69% of CISOs say vulnerability management has become more difficult as the need to accelerate digital transformation has increased.
*   More than three-quarters (79%) of CISOs say that automatic, continuous runtime vulnerability management is key to filling the gap in the capabilities of existing security solutions. However, just 4% of organizations have real-time visibility into runtime vulnerabilities in containerized production environments.
*   Only 25% of security teams can access a fully accurate, continuously updated report of every application and code library running in production in real time.

“These findings underscore that there are always opportunities for vulnerabilities to slip past security teams, regardless of how robust their defenses might be. Both new applications and stable legacy software are prone to vulnerabilities that are more reliably detected in production. Log4Shell was the poster child for this problem, and there will undoubtedly be other scenarios like it in the future,” said Bernd Greifeneder, Chief Technology Officer at Dynatrace. “It’s also clear that most organizations still lack real-time visibility into runtime vulnerabilities. The problem stems from the growing use of cloud-native delivery practices, which enable greater business agility, but also introduce new complexity for vulnerability management, attack detection, and blocking. The rapid pace of digital transformation means that already overstretched teams are bombarded by thousands of security alerts that make it impossible to see through the noise and focus on what matters. Teams find it impossible to respond manually to every alert, and organizations are exposed to unnecessary risk by allowing vulnerabilities to escape into production.”

Additional findings include:

*   On average, organizations receive 2,027 alerts of potential application security vulnerabilities each month.
*   Less than a third (32%) of the application security vulnerability alerts organizations receive each day require action, compared to 42% last year.
*   On average, application security teams waste 28% of their time on vulnerability management tasks that could be automated.

“Organizations realize that to manage vulnerabilities in the cloud-native era effectively, security must become a shared responsibility. The convergence of observability and security is critical to providing development, operations, and security teams with the context needed to understand how their applications are connected, where the vulnerabilities lie, and which need to be prioritized. This accelerates risk management and incident response,” continued Greifeneder. “To be truly effective, organizations should look for solutions that have AI and automation capabilities at their core, enabling AISecDevOps. These solutions empower their teams to quickly identify and prioritize vulnerabilities at runtime, block attacks in real time, and remediate software flaws before they can be exploited. This means teams can stop wasting time in war rooms or chasing false positives and potential vulnerabilities that will never make it into production. Instead, they confidently deliver better, more secure software faster.”

The report is based on a global survey of 1,300 CISOs in large-size organizations with more than 1,000 employees, conducted by Coleman Parkes and commissioned by Dynatrace in April 2022. The sample included 200 respondents in the U.S., 100 each in the UK, France, Germany, Spain, Italy, the Nordics, the Middle East, Australia, and India, and 50 each in Singapore, Malaysia, Brazil, and Mexico.

**About Dynatrace**

Dynatrace (NYSE: DT) exists to make the world’s software work perfectly. Our unified software intelligence platform combines broad and deep observability and continuous runtime application security with the most advanced AIOps to provide answers and intelligent automation from data at an enormous scale. This enables innovators to modernize and automate cloud operations, deliver software faster and more securely, and ensure flawless digital experiences. That is why the world’s largest organizations trust the Dynatrace® platform to accelerate digital transformation.

Curious to see how you can simplify your cloud and maximize the impact of your digital teams? Let us show you. Sign up for a free 15-day Dynatrace trial.

Research Reveals 75% of CISOs Are Worried Too Many Application Vulnerabilities Leak Into Production, Despite a Multi-Layered Security Approach

Conti threat actors are betting chipset firmware is updated less frequently than other software — and winning big, analysts say.

Leaked communications from within the Conti threat group reveal the Moscow-backed cybercrime group has honed its firmware attack skills and is actively targeting Intel Management Engine (ME), a microcontroller inside many iterations of the modern Intel chipset, according to a new report.

The analysis, from Eclypsium, notes that Intel chipsets aren't being targeted by Conti because they have vulnerable code, but rather the group assumes firmware patching is spotty at best. In addition, firmware attacks can evade most security tools, the analysts added.

"This can leave some of the most powerful and privileged code on a device susceptible to attack," the report detailing the Conti firmware attacks said. "The recent Conti leaks mark a critical phase in the rapidly evolving role of firmware in modern attacks."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Intel Chipset Firmware Actively Targeted by Conti Group

Gurucul automating threat detection, investigation and response (TDIR) with advanced analytics, comprehensive threat content, and a flexible enterprise risk engine for hybrid and multi-cloud environments.

RSAC 2022, Gartner SRM 2022, and Los Angeles, Calif. – Jun 2, 2022 – Gurucul, the leader in Next-Gen SIEM, XDR, UEBA and Identity Access Analytics, today announced availability of the Gurucul Security Analytics and Operations Platform. A cloud-native, unified and modular platform for consolidating core security operations center (SOC) solutions with the vital addition of Identity Threat Detection and Response (ITDR) provides a unified next-gen SOC platform. The Gurucul platform converges the company’s award winning Next-Gen SIEM, XDR, User and Entity Behavior Analytics (UEBA), Network Traffic Analysis (NTA), Security Operations and Automation Response (SOAR), and Identity Access Analytics (IAA) into a single pane of glass that is aligned with the evolving needs of the modern enterprise threat landscape – where identity has become the new perimeter.

Gurucul’s innovative platform is purpose-built to automate and accelerate data collection, event and alert correlation, detection triage, investigation, and response to targeted attacks. It combines threat intelligence with an enterprise-class risk engine, delivering precise contextual detections, prioritized investigation, and risk-driven response actions that drastically reduce mean-time-to-detection (MTTD) and mean-time-to-response (MTTR). Gurucul’s platform can also support the most complex deployments including on-premise, hybrid, and cloud (SaaS, private, GovCloud, and multi-cloud including multi-tenancy), addressing the needs of today’s modern enterprise and managed detection and response (MDR) providers.

With increased sophistication around phishing, social engineering, credential theft, and supply chain attacks, it is more important than ever to go beyond current solutions that are overly concerned with endpoint security and focus on securing identities attached to multiple entities and devices. Based on remote work risks, accelerated cloud migration, and state-sponsored threat actor groups, there has been an increase not only in targeted and organized attack campaigns, but also insider risks and threats.

“The combination of an expanding attack surface with limited resources and constantly changing tools and techniques drives security operations teams’ need for a comprehensive and consolidated platform approach. While the endpoint is critical, we must understand and work to secure the one constant, identity, which requires a new and innovative approach to threat detection, investigation and response programs,” said Saryu Nayar, CEO of Gurucul. “Early and rapid detection occurs with a full set of endpoint, network, application, identity, cloud, and IoT telemetry context along with advanced analytics, including behavioral-based, and an extensive set of trained machine learning models. Gurucul has spent over 10 years developing specialized analytics and threat content that comprehensively covers all these datasets to eliminate manual tasks and enables automation across every stage of the security operations lifecycle.”

As organizations are transforming their SOC to support multi-cloud deployments and zero trust programs, they are looking for an end-to-end solution to help them improve security analyst effectiveness in rapidly identifying and confirming, not just threats and alerts, but the entire attack campaign. While other SIEM or XDR solutions are just starting to scratch the surface of identity, Gurucul has been a provider of Identity Analytics solutions for over a decade with robust access analytics, broad integrations with various identity systems such as IAM, PAM, HRMS, CMDB, IDaaS etc., and risk-based access remediation and authentication. In conjunction with its UEBA capabilities, Gurucul helps customers get an understanding of current-state identity access and authorization policies, and access usage anomalies and risk exposures, to plan out a robust and secure zero trust strategy. The Gurucul platform is a critical part of any ongoing zero trust program as it will continuously monitor for anomalous user behaviors, access proliferation, and access misuse/violations, ensuring zero trust policies are not being evaded by either insider or external threat actors.

"Gurucul has detection and response capability for the entire cyber kill chain, covering a range of data telemetry across complex and distributed multi-cloud deployments as well as the enterprise," said Nilesh Dherange, CTO of Gurucul. “We’ve invested over a decade in building the most powerful suite of solutions in a single platform enabling real-time threat detection, investigation, and response for our customers with a quick ROI. The addition of identity and access based threat detection to its robust TDIR capabilities powered by advanced ML models, positions Gurucul to provide innovative solutions that address the ever-changing SOC needs.”

The Gurucul platform uniquely provides a set of core capabilities that goes beyond current Next-Gen SIEM and XDR solutions that are critical in improving security operations effectiveness, including:

*   Deployment Options – On-premise, hybrid, cloud (including SaaS, private, GovCloud, and multi-cloud).
*   Multi-Cloud Threat Detection, Investigation, and Response – Real-time data ingestion, correlation, analytics, detection, and risk driven response across multiple clouds.
*   Automated Data Pipeline – An Automated Data Interpretation Engine to ingest structured and unstructured data from any source.
*   Gurucul STUDIOTM – Advanced and fully customizable analytics that include transparent machine learning models to accommodate custom use cases.
*   Enterprise-Class Risk Engine – All-encompassing analytics-driven risk scoring to accelerate investigation with high-fidelity alerts and automated responses.
*   Threat Intel & Content – The largest library of threat models, MITRE ATT&CK coverage, and curated threat intelligence powered by Gurucul Threat Labs™.
*   Gurucul MinerTM – Contextual raw and normalized search across all data silos.
*   Risk Driven Security Control Automation – Out of the box case management, playbooks, workflows, and downstream integrations with the ability to customize.
*   Identity Threat Detection and Response – Identity-centric context across enterprise and multi-cloud environments, reduced identity and access threat plane, and automated threat detection early in the kill chain.

**Availability and Pricing**

The Gurucul platform is modular, delivering customized capabilities to match individual customer requirements. This includes full multi-tenancy, data segregation, flexible policy control and rapid scaling, especially suited for MDR providers. Customers can start with a single module and expand as needed with a simple license change, building towards a unified platform with no data replication or need to start over. Gurucul offers the following packaged software solutions including Next-Gen SIEM, Open XDR, UEBA, Identity Access Analytics that include or can be delivered with Network Traffic Analysis (NTA), Security Orchestration, Automation and Response (SOAR), and Fraud Analytics as stand-alone or add-on options. Gurucul’s Security Analytics and Operations Platform is available immediately from Gurucul and its business partners worldwide.

To learn more visit www.gurucul.com, or see a demo at the RSA Conference 2022 in San Francisco, Calif., June 6-9 at Booth #1443 or at Gartner SRM 2022 in National Harbor, MD, June 7-10 at Booth #1113.

**About Gurucul**

Gurucul is a global cyber security company that is changing the way organizations protect their most valuable assets, data and information from insider and external threats both on-premises and in the cloud. Gurucul’s real-time Cloud-native Next-gen Security Operations Platform provides customers with Open XDR, Next Generation SIEM, UEBA, and Identity Analytics. It combines machine learning behavior profiling with predictive risk-scoring algorithms to predict, prevent, and detect breaches. Gurucul technology is used by Global 1000 companies and government agencies to fight cybercrimes, IP theft, insider threat and account compromise as well as for log aggregation, compliance and risk-based security orchestration and automation for real-time extended detection and response. The company is based in Los Angeles. To learn more, visit https://gurucul.com/ and follow us on LinkedIn and Twitter.

###

Gurucul Launches Cloud-Native SOC Platform Pushing the Boundaries of Next-Gen SIEM and XDR with Identity Threat Detection and Response

Microsoft Philanthropies is expanding its cybersecurity skills for jobs campaign to 23 countries and partnering with Women in CyberSecurity (WiCyS) to build a cybersecurity workforce that is not just larger but also more diverse.

COOKEVILLE, TENN. (PRWEB) JUNE 02, 2022

As cyberthreats continue to expand and progress worldwide, the need for qualified cybersecurity professionals is increasing with experts predicting there will be 3.5 million cybersecurity jobs open by 2025, a 350% increase over eight years. Microsoft Philanthropies is expanding its cybersecurity skills for jobs campaign to 23 countries and partnering with Women in CyberSecurity (WiCyS) to build a cybersecurity workforce that is not just larger but also more diverse.

The expansion will include: Australia, Belgium, Brazil, Canada, Colombia, Denmark, France, Germany, India, Ireland, Israel, Italy, Japan, Korea, Mexico, New Zealand, Norway, Poland, Romania, South Africa, Sweden, Switzerland, and the United Kingdom.

The countries were chosen because of an elevated cyberthreat risk, gap in the workforce and lack of diversity. One of the traditionally excluded populations Microsoft wants to provide opportunities for are women, who are significantly underrepresented. In the countries where Microsoft expanded its cybersecurity skilling campaign, only 17% of the cybersecurity workforce are female. Microsoft is working to understand the skills gap, offering free training, helping train more teachers, and providing more support to diverse and underserved job seekers, which is where WiCyS will help.

WiCyS is working to expand its student chapters in the 23 countries by promoting the retention and advancement of women in cybersecurity. WiCyS has over 5,700 members worldwide, including several in those countries Microsoft is trying to engage. WiCyS also has over 160 student chapters, largely in the U.S.

WiCyS student chapters receive funding, access to resources and conferences as well as networking opportunities for both students and faculty advisors. The group of women, men, allies, and advocates meets monthly to participate in CTFs, hackathons, engage in cyber trivia, and learn new technical skillsets. Other events include hosting resume workshops, mock interviews, career development panels, speed networking events and more.

“Thanks to this collaboration, WiCyS seeks to expand our global cyber sisterhood far and wide,” said Lynn Dohm, WiCyS executive director. “While WiCyS works to ensure equity in the gender imbalanced cybersecurity workforce, the student chapter initiative creates a community on campuses so that women are retained in their field of study, grow their network, and have a reliable gateway for future advancement opportunities.”

For more information on the Microsoft Philanthropies Global Student Chapter Initiative, visit http://www.wicys.org/initiatives/wicys-global-student-chapter-initiative-made-possible-by-microsoft-philanthropies/

**About WiCyS:**  
Women in CyberSecurity (WiCyS) is a nonprofit organization with international reach dedicated to the recruitment, retention and advancement of women in cybersecurity. Founded by Dr. Ambareen Siraj from Tennessee Tech University through a National Science Foundation grant in 2013, WiCyS offers opportunities, trainings, events, and resources for its members. Strategic partners include Tier 1: Amazon Web Services, Bloomberg, Carnegie Mellon University – Software Engineering Institute, Cisco, Fortinet, Google, Intel, Lockheed Martin, Meta, Microsoft, Optum, Sandia National Laboratories, SentinelOne. Tier 2: Abbvie, JPMorgan Chase & Co., Linkedin, McKesson, Navy Federal Credit Union, Nike, Wayfair, Workday. To partner, visit https://www.wicys.org/support/strategic-partnerships/.

Microsoft Philanthropies Collaborates With WiCyS to Help Close the Cybersecurity Skills Gap

The threat actor behind the notorious Dridex campaign has switched from using its exclusive credential-harvesting malware to a ransomware-as-a-service model, to make attribution harder.

Sanctions that the US government imposed on Russia-based crimeware gang Evil Corp in 2019 appear to have forced the threat actor to change tactics to remain in the cybercrime business.

New research into the group's activity by Mandiant shows that after the sanctions were put in place — after the group caused more than $100 million in losses to banks and other financial institutions by stealing sensitive information — Evil Corp switched to using ransomware in an apparent effort to obscure attribution. 

Moving on from using Dridex, its own exclusive (and easily fingerprinted) malware, Evil Corp actors have been observed deploying ransomware families used by multiple threat groups, such as Hades, WastedLocker, PhoenixLocker, and most recently LockBit, a ransomware-as-a-service option.

US regulations prohibit organizations — including ransomware victims and negotiators — from conducting any kind of financial transactions with organizations and entities on the US Treasury Department's Office of Foreign Assets Control (OFAC) sanctions list.

"\[US\] sanctions have had a direct impact on threat actor operations, particularly as at least some companies involved in ransomware remediation activities, such as negotiation, refuse to facilitate payments to known sanctioned entities," Mandiant says in its report. "This can ultimately reduce threat actors' ability to be paid by victims, which is the primary driver of ransomware operations."

That means US ransomware victims need to pay closer attention to whom they are dealing with, says Jeremy Kennelly, senior manager of financial crime analysis at Mandiant Threat Intelligence.

"When dealing with a ransomware intrusion, the particular malware being deployed, or the branding on ransom notes, or shaming websites may be insufficient to determine whether the beneficiary of payments has affiliations with Evil Corp, a sanctioned entity," he says.

**Sanctions Crunch**

OFAC sanctioned Evil Corp and two members associated with the group for stealing more than $100 million from financial institutions in 40 countries using credentials harvested with the Dridex malware tool.

Around the time the sanctions were imposed, Evil Corp had begun renting out Dridex for use by affiliate gangs. It also had begun making its own foray into the ransomware space, initially with BitPaymer ransomware and later with DopplePaymer and WastedLocker in 2019. 

In 2020 Evil Corp. targeted more than two-dozen US organizations with ransomware, including several Fortune 500 companies in a massive WastedLocker campaign. Months after the sanctions went into effect, the threat actor stopped using WastedLocker and soon after switched to a variety of other tools, such as Hades and most recently LockBit — a ransomware-as-a service tool that gives the threat actor an opportunity to blend in with other actors.

**UNC2165: Another Evolution of Evil Corp.**

Mandiant says since 2019 it has investigated multiple LockBit ransomware intrusions carried out by a group that the vendor is currently tracking as UNC2165. According to Mandiant, UNC2165 has a lot of overlap with Evil Corp and is most likely an actor closely affiliated with it. For instance, in all the intrusions that Mandiant investigated, UNC2165 obtained access to the victim network via UNC1543, a financially motivated threat group that distributes FakeUpdates, a multistage JavaScript dropper for distributing malware. FakeUpdates was also the infection chain for deploying Dridex that later resulted in BitPaymer and DopplePaymer ransomware infections.

Similarly, the Hades ransomware family that Mandiant observed UNC2165 deploying had multiple code similarities to other ransomware tools tied to Evil Corp. Several of the command-and-control servers that UNC2165 has been observed using have also been linked to Evil Corp infrastructure, Mandiant says.

"The operational relationship between UNC2165 and the broader Evil Corp group is not fully understood," Kennelly says. "Mandiant has observed UNC2165 deploying Hades ransomware and operating Hades-related infrastructure. Furthermore, multiple public reports related to the deployment of other ransomware families commonly attributed to Evil Corp have involved use of infrastructure Mandiant attributes to UNC2165."

Kennelly says it's unclear what impact Mandiant's report tying an Evil Corp-related actor to LockBit will have in the ransomware space. 

"The impact this disclosure will have on ransomware negotiators is difficult to predict," he says. "LockBit may quickly move to distance themselves from affiliates with ties to Evil Corp, or deny the allegations wholesale," he says.

Furthermore, UNC2165 has shifted their operations multiple times over the past years, and this may ultimately lead to them to again adopt an updated toolkit if ransomware negotiators halt work on LockBit cases, he notes.

US Sanctions Force Evil Corp to Change Tactics

Neosec threat hunters from the 'ShadowHunt' team jumpstart the API Security process quickly and help build the knowledge in today's overstretched security teams.

PALO ALTO, Calif., June 2, 2022 /PRNewswire/ -- Neosec, the pioneer in discovering and identifying API threats using behavioral analytics, today announced the availability of ShadowHunt, an expert-staffed managed threat hunting service to augment its platform with human oversight from active threat hunters to identify the most clandestine and obfuscated API abuse. Borrowing from threat hunting capabilities in EDR and XDR, Neosec brings similar techniques to API security. ShadowHunt gives security teams peace of mind that API security experts are examining abnormal behavior on their API estate.

Combining the ShadowHunt service with the Neosec cloud-based platform enables organizations to manage the increasing risk to core business systems, assets and data from manipulation, theft or misuse. The service is ideal for companies where security teams are short-staffed or lack the expertise needed to identify threats in business API traffic, because APIs are increasingly used to connect important business systems to customers, suppliers, and partners.

"The increasing potential for insiders or attackers to utilize business APIs for criminal or malicious gain requires a new level of scrutiny and sophistication," said Giora Engel, co-founder and chief executive officer, Neosec. "The new ShadowHunt service augments our platform with an expert team to monitor API usage and hunt for fraud, abuse or critical vulnerabilities without any drain on an organization's existing security team."

Rather than focusing only on vulnerabilities within APIs, the Neosec platform addresses the problem by first automatically and continually identifying all APIs a company has in use, evaluating their risk posture and monitoring user behavioral anomalies that could involve data theft or other misuse. Most companies lack a complete API inventory, let alone understand the nature of normal API usage. Few have the ability to monitor their APIs to mitigate loss or detect abuse of business processes, financial assets and data within their APIs. Now, the ShadowHunt service can augment use of the Neosec platform with a team of experts to respond to findings quickly, investigate potential threats and recommend immediate remediation and actions.

Besides the incidents and alerts provided by the dedicated expert team of threat hunters, the ShadowHunt service also includes a monthly report to summarize findings and investigations performed by the team, news of emerging API threats discovered by Neosec across many different companies and notable changes in the use and operation of APIs currently employed by a company. The service also includes full "Ask the Experts" access to the team of threat hunters.

The ShadowHunt service and the Neosec platform together provide an effective way to quickly incorporate full monitoring and investigation of anomalous business API usage without impacting existing security operations and team workload. The combination can add protection against vulnerability exploits and API business abuse quickly and transparently.

**For more information:**

*   Read more: ShadowHunt Managed Threat Hunting
*   Datasheet: ShadowHunt Managed Threat Hunting

**About Neosec**

Neosec is re-inventing application security with a powerful platform that unifies security and development teams to protect modern applications from threats. The foundation of the SaaS platform is built on data and analytics to manage security at scale. Neosec prevents threats from abusing the complex network of APIs that connect today's businesses. The platform helps organizations discover every API and audit risk. Neosec has pioneered the use of behavioral analytics to understand normal versus abnormal API usage and delivers powerful threat hunting capabilities together with a team of expert threat hunters. Neosec prevents threats and stops abuse hiding within APIs and brings new intelligence to application security. Neosec is based in Palo Alto, California with R&D in Tel Aviv, Israel. To learn more, visit Neosec.com.

_SOURCE Neosec_

Neosec Introduces Expert Managed Threat Hunting Service for Detecting and Investigating API Abuse and Vulnerabilities

By Jon Munshaw. 
Welcome to this week’s edition of the Threat Source newsletter. 
Many of you readers may be gearing up for a West Coast swing over the next few weeks through San Francisco and Las Vegas for RSA and Cisco Live, respectively. And we’re right behind you!  
Talos...


[[ This is only the beginning! Please visit the blog for the complete entry ]]

_By Jon Munshaw._ 

Welcome to this week’s edition of the Threat Source newsletter. 

Many of you readers may be gearing up for a West Coast swing over the next few weeks through San Francisco and Las Vegas for RSA and Cisco Live, respectively. And we’re right behind you!  

Talos will have plenty of representation at both conferences, including giving lightning talks at the Cisco Secure booth, several features talks and spots, live podcast recordings, and more. To get you ready for RSA, I wanted to highlight a few special things we’re doing at the conference you should know about before you go.  

As always, you can keep posted on our latest plans and talk schedule by following us on Twitter. 

**Main booth** 

Stop by the main Talos and Cisco Secure booth at Moscone North Hall to say hi, ask questions and get the latest information on what we’re up to. 

At the booth, we’ll be premiering a new video series and giving out some of our newest stickers created in the image of our favorite malware “mascots.” Everyone will be jealous if you have one of these on your laptop. 

**Evolving Your Defense: Making Heads or Tails of Threat Actor Trends** 

Nick Biasini and Pierre Cadieux are hosting our sponsored session on June 7 at 9:40 a.m. PT. In this talk, they’ll be breaking down the latest threat actor tactics, techniques and procedures and telling you which ones you should be worried about and what can be ignored. 

**Beers with Talos/Security Stories** 

We’re hosting two live podcasts back-to-back at the Marriott Marquis: Sierra C ballroom from 2 – 5 p.m. PT on June 7. Security Stories and Beers with Talos are getting together to play a game of “Would I lie to you?”  

Talos’ vice president, Matt Watchinski, will be on hand for both episodes, along with other special guests.  

The Beers with Talos episode will cover Talos’ work in Ukraine, and we’ll hear from the audience about their hottest security takes.  

**The one big thing **

A recently discovered zero-day vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) made headlines over the past few days. CVE-2022-30190, also known under the name "Follina," exists when MSDT is called using the URL protocol from an application, such as Microsoft Office, Microsoft Word or via an RTF file. An attacker could exploit this vulnerability to gain the ability to run arbitrary code on the targeted system. 

  

> **Why do I care? **
> 
> If an attacker were to successfully exploit this vulnerability, they could execute remote code on the targeted machine. Needless to say, that’s bad. This is just the latest in a string of Microsoft vulnerabilities to make headlines over the past 12 months, including PrintNightmare and multiple Exchange Server issues. If those cases have taught us anything, it’s that attackers aren’t afraid to look for vulnerable Microsoft products to try and gain a foothold on a targeted network or machine.  
> 
> **So now what? **Although a patch hasn't been released yet, Microsoft has provided workarounds and Windows Defender protections for the CVE and malware exploiting this vulnerability. Cisco Talos has also released coverage to protect against this vulnerability, including multiple Snort rules and a ClamAV signature.   

**Other news of note**

Costa Rica’s government was hit with another ransomware attack, this time from the Hive group. Hive took down the country’s health department’s online services earlier this week, adding to the problems Costa Rica is facing after Conti launched a ransomware attack in May. Security experts say there is evidence that Conti and Hive may be working together to extort the Costa Rican government. This is all going on as the Conti group claims it’s shutting down and splitting up into smaller groups. The Hive operators have not yet declared a ransom amount. (Bleeping Computer, Krebs on Security, CSO Online) 

The U.S. Department of Justice seized three domains associated with selling and collecting stolen and leaked personal information. Authorities said the sites, WeLeakInfo, IPStress and OVH Booster all assisted attackers in carrying out denial-of-service attacks. In 2020, the DoJ seized very similar domains, including “weleakinfo.com,” which at the time, offered users the ability to “review and obtain the personal information illegally obtained in over 10,000 data breaches.” (Recorded Future, Department of Justice) 

The FBI recently thwarted an attempted cyber attack on a Boston children’s hospital, according to the agency’s director. Chris Wray, speaking at an event in Boston, received intelligence last summer ahead of time that allowed the agency to stop what he called “one of the most despicable cyberattacks I've seen.” Wray added that the attack came from an Iranian state-sponsored actor. The same hospital faced similar attacks in 2014 and 2019, he said. (ABC News, NBC 10 Boston) 

**Can’t get enough Talos? **

*   Researcher Spotlight: Martin Lee, EMEAR lead, Talos Strategic Communications
*   Threat Roundup for May 20 - 27
*   Talos Takes Ep. #98: Maybe don't panic about that F5 BIG-IP vulnerability

  

**Upcoming events where you can find Talos ****REcon (June 3 – 5, 2022)  
Montreal, Canada ****RSA 2022 (June 6 – 9, 2022)  
San Francisco, California ****Cisco Live U.S. (June 12 – 16, 2022)  
Las Vegas, Nevada ****Most prevalent malware files from Talos telemetry over the past week  **

**SHA 256:** e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934  **MD5:** 93fefc3e88ffb78abb36365fa5cf857c  **Typical Filename:** Wextract    
**Claimed Product:** Internet Explorer    
**Detection Name:** PUA.Win.Trojan.Generic::85.lp.ret.sbx.tg  

**SHA 256:** 125e12c8045689bb2a5dcad6fa2644847156dec8b533ee8a3653b432f8fd5645    **MD5:** 2c8ea737a232fd03ab80db672d50a17a    **Typical Filename:** LwssPlayer.scr      
**Claimed Product:** 梦想之巅幻灯播放器      
**Detection Name:** Auto.125E12.241442.in02    

**SHA 256:** 4b34e3637fa7af93ab628ae5adad2c7f3464053316963297844324a4f649a206   
**MD5:** 3632f27604f5a82cf73b9ade710a1656  **Typical Filename:** mediaget\_installer\_467.exe    
**Claimed Product:** N/A    
**Detection Name:** FileRepPup:MediaGet-tpd  

**SHA 256:** a9f7d7525aad1c7007ae9d1d3fc531a1065b28225c5b7efb7347aaf77d9aba92    
**MD5:** 8f90e544a48d75f42f9d44811320689c   **Typical Filename:** tata communications wholesale retai lpak ncl ethopia napal spice srilanka bd cli bangladesh.wsf    
**Claimed Product:** N/A     
**Detection Name:** Xml.Dropper.Valyria::100.sbx.vioc  

**SHA 256:** 85B936960FBE5100C170B777E1647CE9F0F01E3AB9742DFC23F37CB0825B30B5   **MD5:** 8c80dd97c37525927c1e549cb59bcbf3   **Typical Filename:** Eternalblue-2.2.0.exe     
**Claimed Product:** N/A     
**Detection Name:** Win.Exploit.Shadowbrokers::5A5226262.auto.talos

Threat Source newsletter (June 2, 2022) — An RSA Conference primer

The malware targets Windows users via Trojanized downloads of cracked or pirated software and then starts in on cryptocurrency mining and clipboard hijacking.

The malware known as Clipminer has earned cyberattackers $1.7 million in cryptocurrency mining and theft via clipboard hijacking so far – and it shows no signs of abating.

The Clipminer Trojan, which sports numerous similarities to the KryptoCibule cryptomining Trojan, was discovered by Symantec’s Threat Hunter Team. Its whole raison d'etre is to enable fraudulent cryptocurrency transactions.

The team determined that Clipminer is likely spread through Trojanized downloads of cracked or pirated software. The infection chain begins with a self-extracting WinRAR archive and then executes a downloader file, which connects to the Tor network to download Clipminer’s components.

The malware can redirect cryptocurrency transactions made on the infected computer by replacing cryptocurrency wallet addresses copied to a clipboard with new addresses under the control of the hacker. Clipminer uses addresses matching the prefix of the targeted original address to disguise the manipulation.

The team noted that the malware contains 4,375 unique addresses of wallets controlled by the attacker, of which the vast majority were used for just three different formats of Bitcoin addresses.

The malware also uses cryptocurrency-mixing services, known as tumblers, which can help hide the fund’s original source.

Dick O’Brien, principal editor for the Symantec Threat Intelligence Team, tells Dark Reading that one of the very first questions the team asked when it started looking at Clipminer was whether the person or people behind it are making any money. The answer was yes.

“That can really help you gauge how much of a threat this is,” he explains. “If it’s profitable, they’re not going to quit, and the odds are they’ll want to expand."

What’s interesting about Clipminer, he adds, is that it seems to tread the line between making good money while maintaining a relatively low profile.

“I don’t know whether that’s by accident or design,” O’Brien says. “It’s a relatively sophisticated botnet. It’s not just your average coinminer. It’s a dual-pronged threat since it’s also capable of stealing via clipboard hijacking. And the latter is done pretty stealthily.”

He points out that Clipminer goes to some lengths to disguise the fraudulent transactions and noted the group has thousands of payment addresses. It picks the one that most resembles a legitimate payment address for each victim.

“The obvious threat for enterprises is that any kind of coinminer is a drain on computing resources,” O’Brien says. “But beyond that, you don’t want any kind of botnet getting a foothold on your network. We’ve seen in the past how botnets can evolve and be repurposed to deliver other, more potent threats.”

All of the usual best practices apply to protect against these kinds of threats, he adds, but in this case avoiding nonlegitimate software resources is the best protection.

“You need to audit what software is running on your network, and any unauthorized software, whether it’s pirated or not, needs to be addressed,” he says.

The really interesting question at the moment is how cryptocurrency-mining threats are going to evolve in the near future, O’Brien says.

“We’ve seen a lot of instability in the cryptocurrency space and even speculation that we’ll see a major crash," he says. "Obviously if the coins are worthless or near worthless, there’s going to be less interest in mining them. But that's just the start of it. Any major upheaval will have a much wider impact. Crypto underpins the entire cybercrime ecosystem.”

'Clipminer' Malware Actors Steal $1.7 Million Using Clipboard Hijacking

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.

**BIAS: Bluetooth Impersonation AttackS**

**About the BIAS attack**

TL;DR: The Bluetooth standard provides authentication mechanisms based on a long term pairing key, which are designed to protect against impersonation attacks. The BIAS attacks from our new paper demonstrate that those mechanisms are broken, and that an attacker can exploit them to impersonate any Bluetooth master or slave device. Our attacks are standard-compliant, and can be combined with other attacks, including the KNOB attack. In the paper, we also describe a low cost implementation of the attacks and our evaluation results on 30 unique Bluetooth devices using 28 unique Bluetooth chips.

**Details**

Bluetooth Classic (also called Bluetooth BR/EDR) is a wireless communication protocol commonly used between low power devices to transfer data, e.g., between a wireless headset and a phone, or between two laptops. Bluetooth communications might contain private and/or sensitive data, and the Bluetooth standard provides security features to protect against someone who wants to eavesdrop and/or manipulate your information. We found and exploited a severe vulnerability in the Bluetooth BR/EDR specification that allows an attacker to break the security mechanisms of Bluetooth for any standard-compliant device. As a result, an attacker can impersonate a device towards the host after both have previously been successfully paired in absence of the attacker.

We call our attack Bluetooth Impersonation AttackS (BIAS). Because this attack affects basically all devices that “speak Bluetooth”, we performed a responsible disclosure with the Bluetooth Special Interest Group (Bluetooth SIG) - the standards organisation that oversees the development of Bluetooth standards - in December 2019 to ensure that workarounds could be put in place.

**Are My Devices Vulnerable?**

The BIAS attack is possible due to flaws in the Bluetooth specification. As such, any standard-compliant Bluetooth device can be expected to be vulnerable. We conducted BIAS attacks on more than 28 unique Bluetooth chips (by attacking 30 different devices). At the time of writing, we were able to test chips from Cypress, Qualcomm, Apple, Intel, Samsung and CSR. All devices that we tested were vulnerable to the BIAS attack.

After we disclosed our attack to industry in December 2019, some vendors might have implemented workarounds for the vulnerability on their devices. So the short answer is: if your device was not updated after December 2019, it is likely vulnerable. Devices updated afterwards might be fixed.

**Team**

**Daniele Antonioli****Postdoc at the EPFL**

Cyber-Physical Systems Security, Network Security, Wireless Security, Embedded Systems Security, Applied Cryptography, SoCurity

**Kasper Rasmussen****Faculty**

Security of Wireless Networks, Protocol design, Applied Cryptography, Security of embedded systems, Cyber-physical systems

**Nils Ole Tippenhauer****Faculty**

Security of Cyber-Physical Systems, Security of Physical-Layer Wireless, IoT Security

**Related Publications**

**Recent & Upcoming Talks**

**Media Coverage**

*   social
    
    *   Reddit Thread
*   CERT
    
    *   CVE-2020-10135
    *   https://www.kb.cert.org/vuls/id/647177/
*   Bluetooth SIG
    
    *   2020/05/18 “Bluetooth SIG Statement Regarding the Bluetooth Impersonation Attacks (BIAS) Security Vulnerability” by the Blueooth SIG
*   Selected EN press
    
    *   2020/05/19: MSN, “Smartphones, laptops, IoT devices vulnerable to new BIAS Bluetooth attack” by Catalin Cimpanu
    *   2020/05/21: TimesNowNews, “Smartphones, laptops, IoT devices from Apple, Intel, Samsung vulnerable to new BIAS Bluetooth attack” by Krishna SinhaChaudhury
    *   2020/05/19: SecurityAffairs, “Boffins disclosed a security flaw in Bluetooth, dubbed BIAS, that could potentially be exploited by an attacker to spoof a remotely paired device” by Pierluigi Paganini
    *   2020/05/19: WeLiveSecurity, “Bluetooth flaw exposes countless devices to BIAS attacks” by Amer Owaida
    *   2020/05/19: forklog, “Hackers Can Impersonate Bluetooth Devices to Steal Users’ Personal Data: Is This a Threat to You?" by Ana Alexandre
    *   2020/05/19: The Hacker News, “New Bluetooth Vulnerability Exposes Billions of Devices to Hackers” by Ravie Lakshmanan
    *   2020/05/18: ZDNet, “Smartphones, laptops, IoT devices vulnerable to new BIAS Bluetooth attack” by Catalin Cimpanu
    *   2020/05/19: CISO Mag, “New BIAS Vulnerability Affects All Modern Bluetooth Devices” by CISOMAG
    *   2020/05/18: ThreatsHub, “Smartphones, laptops, IoT devices vulnerable to new BIAS Bluetooth attack” by TH Author
    *   2020/05/18: ROOTDAEMON.com, “Smartphones, laptops, IoT devices vulnerable to new BIAS Bluetooth attack” by ROOTDAEMON
    *   2020/05/19: ITPro, “Bluetooth pairing flaw exposes devices to BIAS attacks” by Keumars Afifi-Sabet
    *   2020/05/19: MyBroadband, “New security flaw affects almost all Bluetooth devices” by Bradley Prior
*   Selected ES press
    
    *   2020/05/19: El Español, “Bluetooth es un peligro: descubren que es posible engañar a tu móvil” by Adrián Raya
*   Selected IT press
    
    *   2020/05/19: PuntoInformatico, “BIAS: nuova vulnerabilità nel Bluetooth” by Giacomo Dotta
*   Selected DE press
    
    *   2020/05/21: Heise.de, “Bluetooth-Sicherheitslücke ermöglicht unerkannte Angriffe”

Tag

#intel