July 3, 2024 at 04:24PM Nick Cerne from Bishop Fox discovered vulnerabilities in Traeger grills with the D2 Wi-Fi Controller, enabling remote attackers to issue commands, such as altering the temperature. Despite the potential risks, Traeger automatically updates affected grills. The need for secure IoT devices is underscored, while recommendations include physical control of devices … Read more
July 2, 2024 at 11:18AM Google has released patches for 25 security vulnerabilities in the Android operating system, including a critical flaw in the Framework component. The CVE-2024-31320 bug affects Android versions 12 and 12L, allowing an attacker to escalate privileges. The updates address various high-severity issues and advise users to promptly update their devices. … Read more
June 24, 2024 at 02:44PM The ‘Rafel RAT’ malware targets outdated Android devices to conduct ransomware attacks, with over 120 campaigns detected by researchers. It primarily affects devices running Android versions 11 and older, and it can target various brands and models. Threat actors use fake apps to spread Rafel RAT, which can execute commands … Read more
June 14, 2024 at 04:19AM A security analysis of ZKTeco’s hybrid biometric access system revealed 24 critical flaws, including SQL injections, buffer overflows, and file manipulations. These vulnerabilities enable attackers to bypass authentication, steal biometric data, execute arbitrary commands, and implant backdoors. Mitigation measures include network segmentation, strong passwords, and minimizing QR code use. Source: … Read more
June 13, 2024 at 01:39PM Google’s latest Pixel update includes patches for 50 security vulnerabilities, with one already being exploited as a zero-day attack. GrapheneOS confirms the exploit and mentions forensics companies targeting users with certain apps. The update aims to address this and other issues, but requires manual installation. Additionally, Arm has flagged a … Read more
May 15, 2024 at 01:58PM Google recently announced new privacy and security features for Android, including advanced protection to secure users’ devices and data in the event of theft. The features include a private space for sensitive apps, an extra layer of protection for device settings, and an upgrade to factory reset that renders stolen … Read more
May 14, 2024 at 06:54AM MITRE publicly released its EMB3D threat model for embedded devices in critical infrastructure and other sectors. Developed in collaboration with industry partners, the framework aims to improve the security of these devices by mapping threats to their features and properties. It aligns with existing models and will be continuously updated … Read more
May 3, 2024 at 11:19AM Microsoft has introduced support for passkey authentication in its Windows consumer accounts. Users can now log in using password-less methods such as biometrics, security keys, or PINs. This change aims to enhance security, eliminate passwords, and reduce the risk of phishing attacks. Passkeys provide a secure, convenient, and cross-platform authentication … Read more
April 8, 2024 at 02:55PM Google is rolling out an upgraded Find My Device network for Android devices in the US and Canada. Users with Android 9 or later can locate phones and tablets, even when offline or with dead batteries. The network uses Bluetooth proximity and will soon support tracking other items. It prioritizes … Read more
April 4, 2024 at 08:30AM Google’s April 2024 security update for Pixel phones addresses two zero-day vulnerabilities, CVE-2024-29745 and CVE-2024-29748, which forensic firms are exploiting to access device data. GrapheneOS, a privacy and security-focused mobile platform, urges additional mitigations. These include a partial fix from Google, but GrapheneOS proposes further measures such as auto-reboots and … Read more