Google security researcher discovered Bluetooth vulnerabilities (BleedingTooth) in the Linux kernel that could allow zero-click attacks. Andy Nguyen, a Google security researcher, has found Bluetooth vulnerabilities, referred to as BleedingTooth, in the Linux kernel that could be exploited by attackers to run arbitrary code or access sensitive information

The popular fitness tracking app Strava can assist stalkers; Facebook is irked about European regulators; a new Bluetooth vulnerability takes a new tack on attacks; and we look at some disturbing drive-by downloads that are coming from rogue Google ads.Strava and stalkersFacebook Says it Will Stop Operating in Europe If Regulators Don’t Back DownShortly afte

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to JP Taggart, senior security researcher at Malwarebytes, about the Internet of Things. For years, Internet capabilities have crept into modern consumer products, providing sometimes convenient, sometimes extra

For years, the statistics have told us that human error is the greatest contributor to cyberattacks. We’ve stressed the importance of training, training and more training to prevent the almost inevitable from happening. We’ve been convinced that the key to defending against cyberthreats is to keep the unsuspecting from clicking on phishing emails

Last week on Malwarebytes Labs, we looked at how secure the cloud is, understood why unexpected demand can influence an organization to consider their “just in time” (JIT) system, speculated on why the threat actors behind the Troldesh ransomware suddenly released thousands of decryption keys, preached the good news about VPN being mainstream, touched on the

Nowadays, Bluetooth is an integral part of mobile devices. Smartphones interconnect with smartwatches and wireless headphones. By default, most devices are configured to accept Bluetooth connections from any nearby unauthenticated device. Bluetooth packets are processed by the Bluetooth chip (also called a controller), and then passed to the host (Android, L

As the pattern-shattering truth of our new lives drains heavy—as coronavirus rends routines, raids our wellbeing, and whiplashes us between anxiety and fear—we should not look to mass digital surveillance to bring us back to normal. Already, governments have cast vast digital nets. South Koreans are tracked through GPS location history, credit card trans

Google and Apple recently announced a joint project for the development of a Coronavirus ‘contact tracing’ tool for mobile devices. A contact tracing app is a tool that could be used to contain new diseases, like Coronavirus, by tracking down and quarantining everyone that gets infected and localize any person that has been in contact with hi

The level and speed of innovations taking place in the biotech industry are baffling. On the one hand, it makes us hopeful we can quickly reduce the number of illnesses and their consequences through technological advancement—saving thousands of lives. On the other, concerns about the application of Internet-connected technology leave us wondering: at what c

Security experts have discovered multiple flaws, dubbed SweynTooth, in the Bluetooth Low Energy (BLE) implementations of major system-on-a-chip (SoC) vendors. A group of researchers has discovered multiple vulnerabilities, tracked as SweynTooth, in the Bluetooth Low Energy (BLE) implementations of major system-on-a-chip (SoC) vendors. The group was co

byPaul DucklinA trio of researchers from Singapore just published a paper detailing a number of security holes they discovered in Bluetooth chips from several different vendors.The good news is that they disclosed the holes responsibly back in 2019 and waited 90 days – a sort-of industry standard period popularised by Google’s Project Zero team &

Google addressed a critical vulnerability in its Android OS that affects the Bluetooth subsystem and could be exploited without user interaction. Google has addressed a critical flaw in Android OS that affects the Bluetooth subsystem and could be exploited without user interaction. The vulnerability tracked as CVE-2020-0022 is a remote code execution

Security researchers with Pen Test Partners have discovered a vulnerability in the Lovense Hush sex toys, an IoT-enabled butt plug. The recent discovery that internet connected sex toys have major security and privacy flaws should come as no shock but this does raise the issue of how to both satisfy the consumer’s needs while providing maximum protection.  T

by Vít Šembera (Cyber Threat Researcher) BlueBorne is a set of vulnerabilities affecting the implementation of Bluetooth in iOS, Android, Linux, Windows and Mac OS* devices. According to the researchers who uncovered them, BlueBorne affects around 5.3 billion Bluetooth-enabled devices. The immediate mitigation for BlueBorne is to patch the device, if there’s

This blog has featured several stories about “overlay” card and PIN skimmers made to be placed atop Ingenico-brand card readers at store self-checkout lanes. I’m revisiting the topic again because a security technician at a U.S.-based retailer recently shared a few photos of several of these devices pulled from compromised card terminals, a