BlueBorne | Breaking Cybersecurity News | The Hacker News

Remember BlueBorne? A series of recently disclosed critical Bluetooth flaws that affect billions of Android, iOS, Windows and Linux devices have now been discovered in millions of AI-based voice-activated personal assistants, including Google Home and Amazon Echo . As estimated during the discovery of this devastating threat, several IoT and smart devices whose operating systems are often updated less frequently than smartphones and desktops are also vulnerable to BlueBorne. BlueBorne is the name given to the sophisticated attack exploiting a total of eight Bluetooth implementation vulnerabilities that allow attackers within the range of the targeted devices to run malicious code, steal sensitive information, take complete control, and launch man-in-the-middle attacks. What's worse? Triggering the BlueBorne exploit doesn't require victims to click any link or open any file—all without requiring user interaction. Also, most security products would likely not be abl

If you are using a Bluetooth enabled device, be it a smartphone, laptop, smart TV or any other IoT device, you are at risk of malware attacks that can carry out remotely to take over your device even without requiring any interaction from your side. Security researchers have just discovered total 8 zero-day vulnerabilities in Bluetooth protocol that impact more than 5.3 Billion devices—from Android, iOS, Windows and Linux to the Internet of things (IoT) devices—using the short-range wireless communication technology. Using these vulnerabilities, security researchers at IoT security firm Armis have devised an attack, dubbed BlueBorne , which could allow attackers to completely take over Bluetooth-enabled devices, spread malware, or even establish a "man-in-the-middle" connection to gain access to devices' critical data and networks without requiring any victim interaction. All an attacker need is for the victim's device to have Bluetooth turned on and obvious

Compromising the browser is a high-return target for adversaries. Browser extensions, which are small software modules that are added to the browser and can enhance browsing experiences, have become a popular browser attack vector. This is because they are widely adopted among users and can easily turn malicious through developer actions or attacks on legitimate extensions. Recent incidents like  DataSpii  and the  Nigelthorn  malware attack have exposed the extent of damage that malicious extensions can inflict. In both cases, users innocently installed extensions that compromised their privacy and security. The underlying issue lies in the permissions granted to extensions. These permissions, often excessive and lacking granularity, allow attackers to exploit them. What can organizations do to protect themselves from the risks of browser extensions without barring them from use altogether (an act that would be nearly impossible to enforce)?  A new report by LayerX, "Unveiling the