Alerts | Guyana National CIRT

Bluetooth devices supporting BR/EDR are vulnerable to impersonation attacks (27th May 2020)

Description

Researchers at the École Polytechnique Fédérale de Lausanne (EPFL) have identified a security vulnerability related to pairing in Bluetooth BR/EDR connections.

Summary

Bluetooth Basic Rate / Enhanced Data Rate (BR/EDR) Core Configurations are used for low-power short-range communications. To establish an encrypted connection, two Bluetooth devices must pair with each other using a link key.

Read more about Bluetooth devices supporting BR/EDR are vulnerable to impersonation attacks (27th May 2020)

WordPress plugin hole could have allowed attackers to wipe websites (19th, February, 2020)

Description

A WordPress plugin with over 100,000 active installations had a hole which could have allowed unauthorized attackers to wipe its users’ blogs clean. The vulnerability emerged this week.

Summary

Read more about WordPress plugin hole could have allowed attackers to wipe websites (19th, February, 2020)

WhatsApp Flaw Opens Android Devices to Remote Code Execution (October 3rd, 2019)

Description

Read more about WhatsApp Flaw Opens Android Devices to Remote Code Execution (October 3rd, 2019)

Microsoft Operating Systems BlueKeep Vulnerability (June 17, 2019)

Description

Microsoft has released security updates to address the Operating System BlueKeep Vulnerability. It is recommended that you take the necessary precautions by ensuring your products are always updated.

Read more about Microsoft Operating Systems BlueKeep Vulnerability (June 17, 2019)

PHP Code Execution Attack Puts WordPress Sites at Risk

Vulnerability

File Operation Induced Unserialization via the “phar://” Stream Wrapper

Systems Affected

CMSs (WordPress and Typo 3 confirmed)
Other PHP applications that uses the “phar://” Stream Wrapper

Overview

Read more about PHP Code Execution Attack Puts WordPress Sites at Risk