The bait is a shipping receipt, attached as an .xlsm file. This, if opened, contacts a random link from an internal list and downloads a DLL, which starts malware infection.
Purdue University cyber security researchers discovered BLESA (Bluetooth Low Energy Spoofing Attack) attacks. These are related to IoT devices, which use the BLE (Bluetooth Low Energy) protocol
Cybercrime actors could use a new type of attack against IoT devices that use the Bluetooth Low Energy (BLE) protocol: the BLESA (Bluetooth Low Energy Spoofing Attack). Purdue University cyber security researchers discovered this. The study, related to the reconnection process between two previously paired Bluetooth devices, showed that according to the BLE protocol, authentication during the reconnection of devices is optional and not mandatory. Furthermore, authentication can potentially be circumvented if the user’s device fails to force the IoT device to authenticate the data communicated. A BLESA attack would therefore allow evading the reconnection checks between devices, as well as sending appropriately falsified data to a BLE device. However, as happens with other Bluetooth vulnerabilities, the attacker has to operate within the rang of the IoT mobile device.