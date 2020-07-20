Security: Updates, Funding, Routers and Bluetooth Low Energy (BLE) Security updates for Monday Security updates have been issued by Debian (libopenmpt, nginx, nss, qemu, rails, redis, ruby-sanitize, and tomcat9), Fedora (glibc, libldb, nspr, nss, samba, and webkit2gtk3), openSUSE (cairo, firefox, google-compute-engine, LibVNCServer, mumble, ntp, openconnect, openexr, openldap2, pdns-recursor, python-ipaddress, rubygem-puma, samba, singularity, slirp4netns, thunderbird, xen, and xrdp), and Oracle (.NET Core, .NET Core 3.1, java-1.8.0-openjdk, java-11-openjdk, kernel, and thunderbird).

Security Companies Taking PPP Funding total $40 million

Could Your Router Be The Biggest Security Flaw in Your Linux System? Is your home router leaving your network vulnerable to attack? New research suggests that this worrisome scenario is more likely than you may have thought. A Fraunhofer Institute for Communication (FKIE) report reveals that the firmware used in a large number of popular home routers is susceptible to malware and other serious exploits. We explored the importance of prioritizing network security in a recent LinuxSecurity.com feature article: Top Tips for Securing Your Linux System in 2020, and thought it was important to dive deeper into the topic given these critical new findings. After examining 127 home routers from seven leading brands (Netgear, Linksys, D-Link, ASUS, AVM, TP-Link and Zyxel), FKIE security researchers discovered that, on average, these routers contained 53 critical security vulnerabilities - and none of the routers were fully protected. The study revealed that an alarming number of routers have not received a single firmware update in their lifetime, and are susceptible to hundreds of notorious security issues as a result. To make matters worse, certain vendors have been shipping firmware updates without fixing known security bugs. Fifty of the routers examined in the study used hard-coded credentials, where a known username and password was encoded into the router by default, and many published at least five private keys per firmware image. FKIE concluded: “The update policy of router vendors is far behind the standards as we know it from desktop or server operating systems. However, routers are exposed to the Internet 24 hours a day, leading to an even higher risk of malware infection.” The organization emphasizes the need for industry-wide improvements in router security.

Bluetooth Reconnection Flaw Could Lead to Spoofing Attacks A group of researchers at Purdue University’s Center for Education and Research in Information Assurance and Security (CERIAS) recently discovered a vulnerability that affects the many IoT devices running Bluetooth. Bluetooth Low Energy (BLE) is the most widely utilized low-energy communication protocol for mobile and IoT devices. Sales of Bluetooth Low Energy (BLE) devices are forecasted to triple by 2023 to 1.6 billion annual shipments, according to market advisory firm ABI. [...] After discovering the design weaknesses in the BLE specification, the researchers analyzed mainstream BLE stack implementations, including BLE protocol stacks on Linux, Android, iOS and Windows to see if “real-world devices” were vulnerable to the security flaws. Three of the devices tested were determined to be vulnerable because they failed to ensure the connecting IoT device authenticated its data and accepted unauthenticated data. “This vulnerability has a broad impact on mainstream platforms that support BLE communications, including Linux, Android and iOS,” said Wu. “According to a recent study, more than 1 billion BLE devices do not use application-layer security, which could have provided a second line of defense. At least 8,000 Android BLE apps with 2.38 billion installations read data from BLE devices in plaintext. Similar numbers may apply to iOS apps.”