{"id":3278,"date":"2020-10-19T08:23:11","date_gmt":"2020-10-19T06:23:11","guid":{"rendered":"https:\/\/xopero.com\/blog\/?p=3278"},"modified":"2023-12-07T11:21:09","modified_gmt":"2023-12-07T10:21:09","slug":"bleedingtooth-the-new-critical-kernel-bluetooth-vulnerabilities","status":"publish","type":"post","link":"https:\/\/xopero.com\/blog\/en\/bleedingtooth-the-new-critical-kernel-bluetooth-vulnerabilities\/","title":{"rendered":"BleedingTooth: the new critical kernel Bluetooth vulnerabilities"},"content":{"rendered":"\n<p>Researchers discovered several critical flaws &#8211; collectively called &#8222;BleedingTooth&#8221; &#8211; in the BlueZ kernel Bluetooth stack. There is already a YouTube video demonstrating remote code execution using these vulnerabilities. More details can be found below.<\/p>\n\n\n\n<!--more-->\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<a name=\"paragraph-1\"><\/a>\n\n\n<h2 class=\"wp-block-heading\" id=\"bleedingtooth-vulnerabilities-linux-bluetooth-allows-zeroclick-attacks\"><strong>BleedingTooth vulnerabilities: Linux Bluetooth allows Zero-Click Attacks<\/strong><\/h2>\n\n\n<p>Bluetooth vulnerabilities that have been identified in the Linux kernel could be exploited to run arbitrary code or access sensitive information.<\/p>\n\n\n\n<p>Referred to as BleedingTooth, the issues were identified by Andy Nguyen, a security engineer from Google, and are tracked as CVE-2020-12351 CVSS score of 8.3), CVE-2020-12352 (CVSS score of 5.3), and CVE-2020-24490 (CVSS score of 5.3).<\/p>\n\n\n\n<p>CVE-2020-12351: the most severe of discovered flaws affects Linux kernel 4.8 and higher. The bug can be exploited by a remote attacker within Bluetooth range of the victim and which knows the bd address of the target device. To trigger the flaw, the attacker would have to send a malicious l2cap packet, which can lead to denial of service or even execution of arbitrary code, with kernel privileges. The vulnerability can be also triggered by a malicious Bluetooth chip.<\/p>\n\n\n\n<p>This bug could be responsible for a Zero-Click Attack &#8211; which means it does not require user interaction to be exploited (it is a zero-click vulnerability).<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution\" width=\"1200\" height=\"675\" src=\"https:\/\/www.youtube.com\/embed\/qPYrLRausSw?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<p>The second issue is considered medium severity. CVE-2020-12352, is a stack-based information leak that impacts Linux kernel 3.6 and higher. A remote attacker in short distance knowing the victim&#8217;s bd address can retrieve kernel stack information containing various pointers that can be used to predict the memory layout and to defeat KASLR. The leak may contain other valuable information such as the encryption keys.<\/p>\n\n\n\n<p>The last bug tracked as CVE-2020-24490 and also considered medium risk is a heap-based buffer overflow that affects Linux kernel 4.19 and higher. A remote attacker within a short range of a vulnerable device can trigger the flaw through broadcasting extended advertising data. This could lead to denial of service or even arbitrary code execution with kernel privileges.<\/p>\n\n\n\n<p>The vulnerabilities affect all Linux kernel versions before 5.9. BlueZ, the official Linux Bluetooth protocol stack, has announced Linux kernel fixes that patch all three of these security issues.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/www.securityweek.com\/bleedingtooth-vulnerabilities-linux-bluetooth-allow-zero-click-attacks\" target=\"_blank\" rel=\"noreferrer noopener\">Source<\/a><\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<a name=\"paragraph-2\"><\/a>\n\n\n<h2 class=\"wp-block-heading\" id=\"vpn-vulnerabilities-a-neverending-story-800k-sonicwall-vpns-vulnerable-to-attack\"><strong>VPN vulnerabilities, a never-ending story\u2026 800k SonicWall VPNs vulnerable to attack<\/strong><\/h2>\n\n\n<p>SonicWall NSAs are used as firewalls and SSL VPN portals to filter, control, and allow employees to access internal and private networks. Almost 800,000 internet-accessible VPN appliances will need to be updated and patched for a major new vulnerability.&nbsp;<\/p>\n\n\n\n<p>CVE-2020-5135 is a bug in a component that handles custom protocols. It impacts SonicOS, the operating system running on SonicWall Network Security Appliance (NSA) devices.<\/p>\n\n\n\n<p><strong>A trivial bug but still dangerous<\/strong><\/p>\n\n\n\n<p>The vulnerable component is exposed on the WAN (public internet) interface, meaning any attacker can exploit it, as long as they&#8217;re aware of the device&#8217;s IP address. The bug, in its simplest form, can cause a denial of service and crash devices.<\/p>\n\n\n\n<p>CVE-2020-5135 is considered a critical bug, with a rating of 9.4 out of 10, and is expected to come under active exploitation once proof-of-concept code is made publicly available. Exploiting the vulnerability doesn&#8217;t require the attacker to have valid credentials as the bug manifests before any authentication operations.<\/p>\n\n\n\n<p>Tripwire, which security team discovered a new vulnerability, reported the bug to SonicWall. Patches were released on last Monday, Oct. 12th.<\/p>\n\n\n\n<p><a href=\"https:\/\/www.zdnet.com\/article\/800000-sonicwall-vpns-vulnerable-to-new-remote-code-execution-bug\" target=\"_blank\" rel=\"noreferrer noopener\">Source<\/a><\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<a name=\"paragraph-3\"><\/a>\n\n\n<h2 class=\"wp-block-heading\" id=\"lemon-duck-cryptocurrency-miners-are-back-into-the-spotlight\"><strong>Lemon Duck &#8211; cryptocurrency miners are back into the spotlight<\/strong><\/h2>\n\n\n<p>Researchers from Cisco Talos are warning of a recent dramatic uptick in the activity of the Lemon Duck cryptocurrency-mining botnet, which targets victims\u2019 computer resources to mine the Monero virtual currency. Although this threat has been active since at least the end of December 2018, they have noticed an increase in its activity at the end of August 2020. It is one of the more complex mining botnets with several interesting tricks up its sleeve.<\/p>\n\n\n\n<p><strong>How did it work?&nbsp; <\/strong>The infection starts with a PowerShell loading script, which is copied from other infected systems with SMB, email or external USB drives. The actor also employs several exploits for vulnerabilities such as SMBGhost and Eternal Blue. The code exploiting the Bluekeep vulnerability is also present but it is disabled in the version they analysed.&nbsp;<\/p>\n\n\n\n<p>The botnet has executable modules that get downloaded and driven by the main module, which communicates with the command and control (C2) server over HTTP.<\/p>\n\n\n\n<p>The email-spreading module uses COVID-19-related subject lines and text, with an infected attachment sent using Outlook automation to every contact in the affected user&#8217;s address book.<\/p>\n\n\n\n<p><strong>Looking into a sleeve.<\/strong> Lemon Duck has at least 12 independent infection vectors \u2013 more than most malware. These capabilities range from&nbsp; Server Message Block (SMB) and Remote Desktop Protocol (RDP) password brute-forcing, sending emails with exploit attachments or targeting the RDP BlueKeep flaw (CVE-2019-0708) in Windows machines. The attackers could also successfully compromise a Linux host via Redis, YARN or SSH.<\/p>\n\n\n\n<p>The modules include a main loader, which checks the level of user privileges and components relevant for mining, such as the type of the available graphic card (including GTX, Nvidia, GeForce, AMD and Radeon). If these GPUs are not detected, the loader downloads and runs the commodity XMRig CPU-based mining script.<\/p>\n\n\n\n<p>Lemon Duck was previously spotted in 2020 in a campaign targeting printers, smart TVs and automated guided vehicles that depend on Windows 7. Researchers in February warned that the processor-intensive mining efforts are taking their toll on gear and triggering equipment malfunctions along with exposing devices to safety issues, disruption of supply chains and data loss.<\/p>\n\n\n\n<p>Defenders need to be constantly vigilant and monitor the behavior of systems within their network to spot new resource-stealing threats such as cryptominers. Cryptocurrency-mining botnets can be costly in terms of the stolen computing cycles and power consumption costs. While organizations need to be focused on protecting their most valuable assets, they should not ignore threats that are not particularly targeted toward their infrastructure.<\/p>\n\n\n\n<p>Sources: <a href=\"https:\/\/threatpost.com\/lemon-duck-cryptocurrency-botnet\/160046\/\" target=\"_blank\" rel=\"noreferrer noopener\">1<\/a> |&nbsp;<a href=\"https:\/\/blog.talosintelligence.com\/2020\/10\/lemon-duck-brings-cryptocurrency-miners.html?utm_source=feedburner&amp;utm_medium=feed&amp;utm_campaign=Feed%3A+feedburner%2FTalos+%28Talos%E2%84%A2+Blog%29\" target=\"_blank\" rel=\"noreferrer noopener\">2<\/a><\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<a name=\"paragraph-4\"><\/a>\n\n\n<h2 class=\"wp-block-heading\" id=\"pull-the-red-card-on-fifa-21-scams\"><strong>Pull the red card on FIFA 21 scams<\/strong><\/h2>\n\n\n<p>In-game features of the just-released FIFA 21 title give scammers easy access to its vast audience.<\/p>\n\n\n\n<p>The hotly anticipated release of blockbuster video game FIFA 21 on Oct. 6, along with the return of professional play, are giving soccer fans reason to celebrate. And, unsurprisingly, cybercriminals are already figuring out how to capitalize.<\/p>\n\n\n\n<p>A report from researcher Christopher Boyd at Malwarebytes Labs outlined the various ways scammers are tapping into the oversized audience of FIFA 21 to turn a quick buck, including leveraging in-game goods and rewards.&nbsp;<\/p>\n\n\n\n<p>He explained that fraudsters are finding an easy hunting ground through a game mode called FIFA Ultimate Team (FUT). Within this mode, players can earn \u201ccoins\u201d which are used within the game to buy \u201ccards,\u201d which Boyd described as \u201cthe lifeblood of the game.\u201d<\/p>\n\n\n\n<p>He pointed out there\u2019s something called \u201cFIFA points\u201d which can be bought with real-life money within the game and from legit third parties. This is exactly the type of scenario that tends to grab the attention of fraudsters, he pointed out.<\/p>\n\n\n\n<p>Crooks stand up fake coin \u201cgift generators\u201d and scam \u201crewards\u201d delivered through banner ads, social-media posts, customer-service interventions and direct messages (DMs) \u2014 all designed to get players to unwittingly enter in their personal data in order to claim their prizes. Information harvested can include name, address, login credentials and more. Regardless of how players are contacted with the fraudulent offers, all roads lead to phishing pages or some other malicious gambit.<\/p>\n\n\n\n<p>Of course, this isn\u2019t new; criminals have been launching attacks using FIFA for cover for years. In 2018, the FIFA World Cup inspired massive spikes in both phishing attempts and spam, often using lures like Ronaldo and his counterpart at FC Barcelona, Lionel Messi. The mega, worldwide event and its enthusiastic fans even kicked off phishing attempts on travel organizations like Booking.com and Alaska Airlines, which saw a jump in traffic in the runup to the tournament.<\/p>\n\n\n\n<p><a href=\"https:\/\/threatpost.com\/fifa-21-release-fraudsters-theft\/160185\/\" target=\"_blank\" rel=\"noreferrer noopener\">Source<\/a><\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<a name=\"paragraph-5\"><\/a>\n\n\n<h2 class=\"wp-block-heading\" id=\"do-you-have-thirst-for-knowledge-there-is-ten-more-cybersecurity-stories-below\">Do you have thirst for knowledge? There is ten more cybersecurity stories below<\/h2>\n\n\n<p>1. Microsoft and others orchestrate takedown of TrickBot botnet (<a href=\"https:\/\/www.zdnet.com\/article\/microsoft-and-other-tech-companies-orchestrate-takedown-of-trickbot-botnet\/\" target=\"_blank\" rel=\"noreferrer noopener\">ZDNet<\/a>)\u00a0<br>2. After blows from Cyber Command and Microsoft, TrickBot lives on (<a href=\"https:\/\/www.cyberscoop.com\/microsoft-trickbot-cyber-command-botnet\/\" target=\"_blank\" rel=\"noreferrer noopener\">CyberScoop<\/a>)<br>3. QBot uses Windows Defender Antivirus phishing bait to infect PCs (<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/qbot-uses-windows-defender-antivirus-phishing-bait-to-infect-pcs\/\" target=\"_blank\" rel=\"noreferrer noopener\">Bleeping Computer<\/a>)<br>4. Microsoft is forcibly installing Office PWAs in Windows 10 (<a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-is-forcibly-installing-office-pwas-in-windows-10\/\" target=\"_blank\" rel=\"noreferrer noopener\">Bleeping Computer<\/a>)<br>5. Windows \u201cPing of Death\u201d bug revealed \u2013 patch now! (<a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/10\/14\/windows-ping-of-death-bug-revealed-patch-now\/\" target=\"_blank\" rel=\"noreferrer noopener\">Naked Security<\/a>)<br>6. Barnes &amp; Noble hit by cyberattack that exposed customer data (<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/barnes-and-noble-hit-by-cyberattack-that-exposed-customer-data\/\" target=\"_blank\" rel=\"noreferrer noopener\">Bleeping Computer<\/a>)<br>7. Cybercriminals are using legitimate <a href=\"https:\/\/xopero.com\/blog\/en\/microsoft-office-365-applications-overview\/\">Office 365<\/a> services to launch attacks (<a href=\"https:\/\/www.helpnetsecurity.com\/2020\/10\/14\/office-365-services-attacks\" target=\"_blank\" rel=\"noreferrer noopener\">Help Net Security<\/a>)<br>8. BazarLoader used to deploy Ryuk ransomware on high-value targets (<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/bazarloader-used-to-deploy-ryuk-ransomware-on-high-value-targets\/\" target=\"_blank\" rel=\"noreferrer noopener\">Bleeping Computer<\/a>)<br>9. For Foxit&#8217;s sake: Windows and Mac users alike urged to patch PhantomPDF over use-after-free vulns (<a href=\"https:\/\/www.theregister.com\/2020\/10\/13\/foxit_phantompdf_vulns_update\/\" target=\"_blank\" rel=\"noreferrer noopener\">The Register<\/a>)<br>10. Zoom Rolls Out End-to-End Encryption After Setbacks (<a href=\"https:\/\/threatpost.com\/zoom-end-to-end-encryption\/160150\/\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Post<\/a>)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers discovered several critical flaws &#8211; collectively called &#8222;BleedingTooth&#8221; &#8211; in the BlueZ kernel Bluetooth stack. There is already a YouTube video demonstrating remote code execution using these vulnerabilities. More details can be found below.<\/p>\n","protected":false},"author":1,"featured_media":2447,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[470],"tags":[],"class_list":["post-3278","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersec-news","post--single"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>BleedingTooth: the new critical kernel Bluetooth vulnerabilities - Xopero Blog<\/title>\n<meta name=\"description\" content=\"Researchers discovered several critical flaws - collectively called &quot;BleedingTooth&quot; - in the BlueZ kernel Bluetooth stack. There is already a YouTube...\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xopero.com\/blog\/en\/bleedingtooth-the-new-critical-kernel-bluetooth-vulnerabilities\/\" \/>\n<meta property=\"og:locale\" content=\"pl_PL\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"BleedingTooth: the new critical kernel Bluetooth vulnerabilities - Xopero Blog\" \/>\n<meta property=\"og:description\" content=\"Researchers discovered several critical flaws - collectively called &quot;BleedingTooth&quot; - in the BlueZ kernel Bluetooth stack. There is already a YouTube...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xopero.com\/blog\/en\/bleedingtooth-the-new-critical-kernel-bluetooth-vulnerabilities\/\" \/>\n<meta property=\"og:site_name\" content=\"Xopero Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/XoperoSoftware\/\" \/>\n<meta property=\"article:published_time\" content=\"2020-10-19T06:23:11+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-12-07T10:21:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2020\/04\/security-center-en.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1843\" \/>\n\t<meta property=\"og:image:height\" content=\"481\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"xopero_blogger\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xoperobackup\" \/>\n<meta name=\"twitter:site\" content=\"@xoperobackup\" \/>\n<meta name=\"twitter:label1\" content=\"Napisane przez\" \/>\n\t<meta name=\"twitter:data1\" content=\"xopero_blogger\" \/>\n\t<meta name=\"twitter:label2\" content=\"Szacowany czas czytania\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minut\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/bleedingtooth-the-new-critical-kernel-bluetooth-vulnerabilities\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/bleedingtooth-the-new-critical-kernel-bluetooth-vulnerabilities\\\/\"},\"author\":{\"name\":\"xopero_blogger\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#\\\/schema\\\/person\\\/cab3d3cda6e8a1aecfa8abea8827b17c\"},\"headline\":\"BleedingTooth: the new critical kernel Bluetooth vulnerabilities\",\"datePublished\":\"2020-10-19T06:23:11+00:00\",\"dateModified\":\"2023-12-07T10:21:09+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/bleedingtooth-the-new-critical-kernel-bluetooth-vulnerabilities\\\/\"},\"wordCount\":1442,\"publisher\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/bleedingtooth-the-new-critical-kernel-bluetooth-vulnerabilities\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/xopero.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/security-center-en.png\",\"articleSection\":[\"Cybersec news\"],\"inLanguage\":\"pl-PL\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/bleedingtooth-the-new-critical-kernel-bluetooth-vulnerabilities\\\/\",\"url\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/bleedingtooth-the-new-critical-kernel-bluetooth-vulnerabilities\\\/\",\"name\":\"BleedingTooth: the new critical kernel Bluetooth vulnerabilities - Xopero Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/bleedingtooth-the-new-critical-kernel-bluetooth-vulnerabilities\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/bleedingtooth-the-new-critical-kernel-bluetooth-vulnerabilities\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/xopero.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/security-center-en.png\",\"datePublished\":\"2020-10-19T06:23:11+00:00\",\"dateModified\":\"2023-12-07T10:21:09+00:00\",\"description\":\"Researchers discovered several critical flaws - collectively called \\\"BleedingTooth\\\" - in the BlueZ kernel Bluetooth stack. There is already a YouTube...\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/bleedingtooth-the-new-critical-kernel-bluetooth-vulnerabilities\\\/#breadcrumb\"},\"inLanguage\":\"pl-PL\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/bleedingtooth-the-new-critical-kernel-bluetooth-vulnerabilities\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pl-PL\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/bleedingtooth-the-new-critical-kernel-bluetooth-vulnerabilities\\\/#primaryimage\",\"url\":\"https:\\\/\\\/xopero.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/security-center-en.png\",\"contentUrl\":\"https:\\\/\\\/xopero.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/security-center-en.png\",\"width\":1843,\"height\":481},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/bleedingtooth-the-new-critical-kernel-bluetooth-vulnerabilities\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Strona g\u0142\u00f3wna\",\"item\":\"https:\\\/\\\/xopero.com\\\/blog\\\/pl\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"BleedingTooth: the new critical kernel Bluetooth vulnerabilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/xopero.com\\\/blog\\\/\",\"name\":\"Xopero Blog\",\"description\":\"Backup &amp; Recovery\",\"publisher\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/xopero.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pl-PL\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#organization\",\"name\":\"Xopero Software\",\"url\":\"https:\\\/\\\/xopero.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pl-PL\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/xopero.com\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/03\\\/xopero-niebieskie.png\",\"contentUrl\":\"https:\\\/\\\/xopero.com\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/03\\\/xopero-niebieskie.png\",\"width\":500,\"height\":132,\"caption\":\"Xopero Software\"},\"image\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/XoperoSoftware\\\/\",\"https:\\\/\\\/x.com\\\/xoperobackup\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/opero-sp-z-o-o-\\\/?viewAsMember=true\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCRPWyeo1apjSgkDW3hZpB9g?reload=9\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#\\\/schema\\\/person\\\/cab3d3cda6e8a1aecfa8abea8827b17c\",\"name\":\"xopero_blogger\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pl-PL\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/49b4a2bbd1b6df951fc556f7478f5fb20bb41aeebf08473e459b28c5da9947f7?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/49b4a2bbd1b6df951fc556f7478f5fb20bb41aeebf08473e459b28c5da9947f7?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/49b4a2bbd1b6df951fc556f7478f5fb20bb41aeebf08473e459b28c5da9947f7?s=96&d=mm&r=g\",\"caption\":\"xopero_blogger\"},\"sameAs\":[\"https:\\\/\\\/xopero.com\"],\"url\":\"https:\\\/\\\/xopero.com\\\/blog\\\/author\\\/xopero_blogger\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"BleedingTooth: the new critical kernel Bluetooth vulnerabilities - Xopero Blog","description":"Researchers discovered several critical flaws - collectively called \"BleedingTooth\" - in the BlueZ kernel Bluetooth stack. There is already a YouTube...","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xopero.com\/blog\/en\/bleedingtooth-the-new-critical-kernel-bluetooth-vulnerabilities\/","og_locale":"pl_PL","og_type":"article","og_title":"BleedingTooth: the new critical kernel Bluetooth vulnerabilities - Xopero Blog","og_description":"Researchers discovered several critical flaws - collectively called \"BleedingTooth\" - in the BlueZ kernel Bluetooth stack. There is already a YouTube...","og_url":"https:\/\/xopero.com\/blog\/en\/bleedingtooth-the-new-critical-kernel-bluetooth-vulnerabilities\/","og_site_name":"Xopero Blog","article_publisher":"https:\/\/www.facebook.com\/XoperoSoftware\/","article_published_time":"2020-10-19T06:23:11+00:00","article_modified_time":"2023-12-07T10:21:09+00:00","og_image":[{"width":1843,"height":481,"url":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2020\/04\/security-center-en.png","type":"image\/png"}],"author":"xopero_blogger","twitter_card":"summary_large_image","twitter_creator":"@xoperobackup","twitter_site":"@xoperobackup","twitter_misc":{"Napisane przez":"xopero_blogger","Szacowany czas czytania":"7 minut"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xopero.com\/blog\/en\/bleedingtooth-the-new-critical-kernel-bluetooth-vulnerabilities\/#article","isPartOf":{"@id":"https:\/\/xopero.com\/blog\/en\/bleedingtooth-the-new-critical-kernel-bluetooth-vulnerabilities\/"},"author":{"name":"xopero_blogger","@id":"https:\/\/xopero.com\/blog\/#\/schema\/person\/cab3d3cda6e8a1aecfa8abea8827b17c"},"headline":"BleedingTooth: the new critical kernel Bluetooth vulnerabilities","datePublished":"2020-10-19T06:23:11+00:00","dateModified":"2023-12-07T10:21:09+00:00","mainEntityOfPage":{"@id":"https:\/\/xopero.com\/blog\/en\/bleedingtooth-the-new-critical-kernel-bluetooth-vulnerabilities\/"},"wordCount":1442,"publisher":{"@id":"https:\/\/xopero.com\/blog\/#organization"},"image":{"@id":"https:\/\/xopero.com\/blog\/en\/bleedingtooth-the-new-critical-kernel-bluetooth-vulnerabilities\/#primaryimage"},"thumbnailUrl":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2020\/04\/security-center-en.png","articleSection":["Cybersec news"],"inLanguage":"pl-PL"},{"@type":"WebPage","@id":"https:\/\/xopero.com\/blog\/en\/bleedingtooth-the-new-critical-kernel-bluetooth-vulnerabilities\/","url":"https:\/\/xopero.com\/blog\/en\/bleedingtooth-the-new-critical-kernel-bluetooth-vulnerabilities\/","name":"BleedingTooth: the new critical kernel Bluetooth vulnerabilities - Xopero Blog","isPartOf":{"@id":"https:\/\/xopero.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/xopero.com\/blog\/en\/bleedingtooth-the-new-critical-kernel-bluetooth-vulnerabilities\/#primaryimage"},"image":{"@id":"https:\/\/xopero.com\/blog\/en\/bleedingtooth-the-new-critical-kernel-bluetooth-vulnerabilities\/#primaryimage"},"thumbnailUrl":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2020\/04\/security-center-en.png","datePublished":"2020-10-19T06:23:11+00:00","dateModified":"2023-12-07T10:21:09+00:00","description":"Researchers discovered several critical flaws - collectively called \"BleedingTooth\" - in the BlueZ kernel Bluetooth stack. There is already a YouTube...","breadcrumb":{"@id":"https:\/\/xopero.com\/blog\/en\/bleedingtooth-the-new-critical-kernel-bluetooth-vulnerabilities\/#breadcrumb"},"inLanguage":"pl-PL","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xopero.com\/blog\/en\/bleedingtooth-the-new-critical-kernel-bluetooth-vulnerabilities\/"]}]},{"@type":"ImageObject","inLanguage":"pl-PL","@id":"https:\/\/xopero.com\/blog\/en\/bleedingtooth-the-new-critical-kernel-bluetooth-vulnerabilities\/#primaryimage","url":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2020\/04\/security-center-en.png","contentUrl":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2020\/04\/security-center-en.png","width":1843,"height":481},{"@type":"BreadcrumbList","@id":"https:\/\/xopero.com\/blog\/en\/bleedingtooth-the-new-critical-kernel-bluetooth-vulnerabilities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Strona g\u0142\u00f3wna","item":"https:\/\/xopero.com\/blog\/pl\/"},{"@type":"ListItem","position":2,"name":"BleedingTooth: the new critical kernel Bluetooth vulnerabilities"}]},{"@type":"WebSite","@id":"https:\/\/xopero.com\/blog\/#website","url":"https:\/\/xopero.com\/blog\/","name":"Xopero Blog","description":"Backup &amp; Recovery","publisher":{"@id":"https:\/\/xopero.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xopero.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pl-PL"},{"@type":"Organization","@id":"https:\/\/xopero.com\/blog\/#organization","name":"Xopero Software","url":"https:\/\/xopero.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"pl-PL","@id":"https:\/\/xopero.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2019\/03\/xopero-niebieskie.png","contentUrl":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2019\/03\/xopero-niebieskie.png","width":500,"height":132,"caption":"Xopero Software"},"image":{"@id":"https:\/\/xopero.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/XoperoSoftware\/","https:\/\/x.com\/xoperobackup","https:\/\/www.linkedin.com\/company\/opero-sp-z-o-o-\/?viewAsMember=true","https:\/\/www.youtube.com\/channel\/UCRPWyeo1apjSgkDW3hZpB9g?reload=9"]},{"@type":"Person","@id":"https:\/\/xopero.com\/blog\/#\/schema\/person\/cab3d3cda6e8a1aecfa8abea8827b17c","name":"xopero_blogger","image":{"@type":"ImageObject","inLanguage":"pl-PL","@id":"https:\/\/secure.gravatar.com\/avatar\/49b4a2bbd1b6df951fc556f7478f5fb20bb41aeebf08473e459b28c5da9947f7?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/49b4a2bbd1b6df951fc556f7478f5fb20bb41aeebf08473e459b28c5da9947f7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/49b4a2bbd1b6df951fc556f7478f5fb20bb41aeebf08473e459b28c5da9947f7?s=96&d=mm&r=g","caption":"xopero_blogger"},"sameAs":["https:\/\/xopero.com"],"url":"https:\/\/xopero.com\/blog\/author\/xopero_blogger\/"}]}},"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/posts\/3278","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/comments?post=3278"}],"version-history":[{"count":11,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/posts\/3278\/revisions"}],"predecessor-version":[{"id":5353,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/posts\/3278\/revisions\/5353"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/media\/2447"}],"wp:attachment":[{"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/media?parent=3278"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/categories?post=3278"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/tags?post=3278"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}