This Week In Nerd News - September 21, 2020

Billions of devices vulnerable to new ‘BLESA’ Bluetooth security flaw.

New BLESA attack goes after the often ignored Bluetooth reconnection process, unlike previous vulnerabilities, most found in the pairing operation.

Billions of smartphones, tablets, laptops, and IoT devices are using Bluetooth software stacks that are vulnerable to a new security flaw disclosed over the summer.

Ransomware attack at German hospital leads to death of patient.

A person in a life-threatening condition passed away after being forced to go to a more distant hospital due to a ransomware attack.

On September 10th, the University Hospital Düsseldorf (UKD) in Germany suffered a ransomware attack after threat actors compromised their network a software vulnerability in “a commercial add-on software that is common in the market and used worldwide.”

New Windows exploit lets you instantly become admin. Have you patched?

This is a repeat from last week, but… Zerologon lets anyone with a network toehold obtain domain-controller password.

Researchers have developed and published a proof-of-concept exploit for a recently patched Windows vulnerability that can allow access to an organization’s crown jewels—the Active Directory domain controllers that act as an all-powerful gatekeeper for all machines connected to a network.

Five Chinese nationals, two Malaysians charged in connection with global hacking campaign.

The accused Chinese hackers allegedly compromised technology providers and installed software backdoors in their networks, giving themselves a portal to collect information. The operation is linked to an advanced persistent threat group known as APT41.

Five Chinese nationals working as part of a well-resourced hacking group and two Malaysian nationals have been charged in connection with a global hacking campaign that hit hundreds of targets in the U.S. and around the world in multiple industries, the Department of Justice announced Wednesday.