Cancel
CreatorsPublishersAdvertisers
View more in
Computers

Wide range of gadgets at risk of damaging Bluetooth security flaw

By Mayank Sharma
Posted by 
TechRadar
TechRadar
 10 days ago
Cover picture for the article

Cybersecurity researchers have shared details about eight vulnerabilities in the Bluetooth Low Energy (BLE) software stack of the open source real-time Zephyr OS. Developed under the aegis of the Linux Foundation, Zephyr started at Wind River before it was acquired by Intel and eventually open sourced. The OS supports over 200 boards and counts the likes of Intel, Linaro, Texas Instruments, Nordic Semiconductor, Bose, Facebook, Google, and others as members, many of whom have devices that run Zephyr.

www.techradar.com
Community Policy
TechRadar

TechRadar

10K+
Followers
26K+
Post
1M+
Views
ABOUT

A 🌏 team of gadget obsessives here to help you make informed decisions on tech. What to skip, what to buy, and where to buy it.

 http://www.techradar.com
IN THIS ARTICLE
#Software Security#Endpoint Security#Information Security#Cybersecurity#The Bluetooth Low Energy#The Linux Foundation#Os#Texas Instruments#Nordic Semiconductor#Bluetooth Le
YOU MAY ALSO LIKE
News Break
Intel
News Break
Technology
News Break
Computers
News Break
Bluetooth
News Break
Facebook
News Break
Google
Related
Softwaresecurityboulevard.com

What is Application Security Risk?

If you have ever considered how hackers and other cyber attackers on the internet use different paths to harm systems and software, you already know a bit about what application risk means. While understanding the essence of risk—and what it can do to the business—is critical, it’s also important to visualize how the notion of security risk is impacted and affected by other areas of threat and vulnerability. Much like a mathematical equation, the relationship between threat, vulnerability and risk sits at the core of application development and security.
TechnologyPosted by
HackerNoon

Strategies for Combating Cloud Security Risks

You see it in the news; you read about it online: Another company using the cloud had a security incident that resulted in the loss of revenue/data. Why does this keep happening? What can you do to avoid being one of the victims?. Solving the cloud security problem isn’t easy....
TechnologyBBC

Apple claims 'sideloading' apps is 'serious' security risk

Apple claims that allowing developers to distribute apps outside its official App Store would "expose users to serious security risks". A new report from the company argues strongly against allowing so-called sideloading of apps. The report suggests a range of hypothetical problems including ransomware and financial scams. It comes as...
SoftwareGizmodo

30 Million Dell Devices Have Preinstalled Software With ‘Severe’ Security Flaws

A major security flaw in Dell’s firmware updating and operating recovery software, BIOSConnect, potentially exposes tens of millions of devices that Dell preinstalled it on. BleepingComputer reported on Thursday that researchers with security firm Eclypsium discovered a flaw in BIOSConnect, which is part of Dell’s standard SupportAssist software and updates the firmware on a computer’s system board, that could allow attackers to remotely execute malicious code. In a report, the researchers wrote that the vulnerability was so severe it could “enable adversaries to control the device’s boot process and subvert the operating system and higher-layer security controls,” which would give them control “over the most privileged code on the device.”
Softwaresecurityboulevard.com

Dell BIOSConnect Flaws Show Over-the-Air Risks

Because tech vendors have turned to over-the-air updates – the idea is to not give their customers any excuses for not keeping firmware current – Eclypsium’s discovery of a chain of four vulnerabilities in the BIOSConnect feature within Dell Client BIOS all the more alarming. The flaws, which affect 129...
Technologyinforisktoday.com

IBM Security Risk Quantification Smart Paper

Security risk quantification empowers business decisions. CEOs and board executives need the critical ability to connect security risk management with their overall business strategy. By quantifying security risk into dollar amounts, executive board members get a better understanding of what potential financial impacts their organizations face without taking corrective actions. Security risk quantification makes security strategy consumable to upper management including board executives for buy-in.
BusinessNetwork World

Cisco completes purchase of security risk-management firm

Cisco continues to bulk-up its security portfolio, this week closing the deal on risk-based management company Kenna Security for an undisclosed amount. Kenna’s Risk-Based Vulnerability Management system collects and analyzes security data to provide security teams with information about threats so they can prioritize remediation and better understand risks. The...
Technologymakeuseof.com

Is AirDrop Secure or Is It a Security Risk?

File sharing is common practice for anyone using smartphones. You either send or receive photos, videos, documents, or other files from someone. Sharing files with people is no big deal under normal circumstances. But with a spike in cyber-related attacks, it has become a cause for concern. Apple’s AirDrop, believed to be highly secure before now, is under scrutiny over a security flaw that puts you in harm's way. So is AirDrop secure for you to use?
BusinessTechCrunch

Noname Security closes $60M Series B to eliminate API flaws

The round was led by Insight Partners with Next47, Forgepoint and The Syndicate Group (TSG) also participating, and brings Noname’s total funding to $85 million since emerging from stealth in December 2020. The startup, which currently has a 70-strong workforce and offices in Palo Alto and Tel Aviv, says it...
ElectronicsElectronicsWeekly.com

WiSE: STM’s Bluetooth LE sensor IDE

WiSE Studio is STMicroelectronics’ free integrated development environment (IDE) for its BlueNRG range of Bluetooth SoCs. “Featuring a user-friendly and customisable development environment with ready-to-build examples, the new IDE helps both expert and inexperienced users jump-start their projects,” according to the company. “Using WiSE Studio to learn, explore, and build applications and prototypes, developers can take advantage of the Bluetooth LE 5.2 features available in devices such BlueNRG-LP.”
Softwareeteknix.com

Microsoft Confirms HUGE Windows 10 Printer Security Flaw

Given that Windows 10 is roughly 6 years old now, you’d have been forgiven for thinking that most of the major security flaws within it had either been discovered or already resolved. It should be noted that these ‘backdoor’ issues can often reside for many, many, years undiscovered. And that’s something that’s not the fault of Microsoft either. Put simply, it often requires someone with a bit of exceptionally creative thinking to see if something seemingly totally irrelevant and/or unimportant could potentially represent a security problem. It almost borders on Mensa levels of lateral thinking.
Computersarxiv.org

Scalable Node-Disjoint and Edge-Disjoint Multi-wavelength Routing

Probabilistic message-passing algorithms are developed for routing transmissions in multi-wavelength optical communication networks, under node and edge-disjoint routing constraints and for various objective functions. Global routing optimization is a hard computational task on its own but is made much more difficult under the node/edge-disjoint constraints and in the presence of multiple wavelengths, a problem which dominates routing efficiency in real optical communication networks that carry most of the world's Internet traffic. The scalable principled method we have developed is exact on trees but provides good approximate solutions on locally tree-like graphs. It accommodates a variety of objective functions that correspond to low latency, load balancing and consolidation of routes, and can be easily extended to include heterogeneous signal-to-noise values on edges and a restriction on the available wavelengths per edge. It can be used for routing and managing transmissions on existing topologies as well as for designing and modifying optical communication networks. Additionally, it provides the tool for settling an open and much debated question on the merit of wavelength-switching nodes and the added capabilities they provide. The methods have been tested on generated networks such as random-regular, Erdős Rényi and power-law graphs, as well as on the UK and US optical communication networks. They show excellent performance with respect to existing methodology on small networks and have been scaled up to network sizes that are beyond the reach of most existing algorithms.
Technologybusiness.com

What Is Rule-Based Access Control (RBAC)?

Access control is a set of techniques, strategies and policies that allow people access to a company's computer, network and data resources. Rule-based access control, or RBAC (sometimes also called RuBAC), allows or restricts access based on rules, ensuring that the people who can get into a company's computing infrastructure have access to exactly the resources they need, no more and no less.
Technologyhelpnetsecurity.com

Bitwarden’s password management enhancements ensure password security at scale

Bitwarden announced a broader set of password management features for enterprises seeking to ensure password security at scale. Admin Password Reset, a new policy feature available to Bitwarden enterprise plan customers, provides designated administrators the ability to reset passwords on end-user accounts if an employee loses or forgets their Bitwarden password.
Softwarethefastmode.com

HPE Expands 5G Portfolio with Automated 5G Management Solution

HPE this week announced a new 5G software solution that adds fully integrated automated management to HPE’s existing 5G portfolio. The solution includes HPE 5G Automated Assurance and a new 5G capability for HPE Service Director, which together simplify the management of 5G networks and reduce deployment risks through a zero-touch, closed-loop system. The new automation software monitors and orchestrates the network functions, infrastructure, slices and services, automatically acting on issues detected to secure service continuity. The software is pre-integrated with HPE’s open 5G solutions, including the HPE 5G Core Stack, as well as leveraging open-source technologies and offering open APIs to integrate with multi-vendor deployments.