Bluetooth critical vulnerability
A critical Bluetooth vulnerability, CVE-2023-45866, has been identified, impacting macOS, iOS, Android, and Linux systems. Unauthenticated attackers can exploit this flaw for keystroke injection and authentication bypass, posing a severe threat to confidentiality, integrity, and availability. Notably, Apple’s Magic keyboard is vulnerable when connected via Bluetooth, even with Lockdown mode enabled. Android devices with Bluetooth enabled (versions 11-14) and Linux devices using the BlueZ Bluetooth stack are also at risk.
Analysis from our SOC team
On Android operating system, Bluetooth only needs to be activated to be exploited; it is advisable to deactivate it when not in use.
The Linux BlueZ Bluetooth stack must be discoverable and connectable via Bluetooth.
For IOS, iPadOS and macOS, the vulnerability can only be exploited if an Apple Magic keyboard is paired via Bluetooth, even with Lockdown mode enabled.
We strongly recommend that you update your Apple and Linux devices with the available patches.
For Android devices: it is advisable to disable Bluetooth when not in use, until vendor patches are available
Microsoft released its final set of Patch Tuesday updates for 2023, closing out 33 flaws in its software, making it one of the lightest releases in recent years.
Of the 33 shortcomings, four are rated Critical and 29 are rated Important in severity.
Analysis from our SOC team
This month, security updates for Windows contain high criticality vulnerabilities with some of them already exploited in the wild.
Enforce OS patches on your company assets to keep them secure.
A critical unauthenticated Remote Code Execution (RCE) vulnerability, identified as CVE-2023-6553, has been found in the Backup Migration WordPress plug-in, downloaded over 90,000 times. The flaw allows attackers to inject arbitrary PHP code, leading to a complete compromise of the affected website.
Analysis from our SOC team
Update your wordpress plugins to avoid your website being used by malicious actors.
Russian state-sponsored APT29, linked to the SVR, is actively exploiting a critical vulnerability (CVE-2023-42793) in JetBrains TeamCity servers since September 2023. This flaw allows unauthenticated attackers to execute remote code on affected systems, compromising source code, signing certificates, and software deployment processes.
Analysis from our SOC team
This 4 months old vulnerability is now actively exploited by Russian treath actors. If you haven’t patched yet, you need to do it as soon as possible, and hunt for potential exploitation of the vulnerability.
Contact our SOC if you need assistance.
