July 10, 2024 at 08:09AM The “2024 Attack Intelligence Report” from Rapid7 reveals that zero-day vulnerabilities were widely exploited in 2023 and 2024, leading to mass compromise events. As IoT firmware is predominantly comprised of vulnerable open-source components, patching alone is insufficient. Isolated partitioning at the task level is proposed as a more effective solution … Read more
July 9, 2024 at 12:05PM Wi-Fi hubs can unintentionally expose data due to quirks in Apple’s geolocation system, beyond just the devices connected to them. Certainly! It appears that the meeting discussed the potential data leakage from Wi-Fi hubs themselves, due to specific quirks in Apple’s geolocation system. This issue goes beyond the devices that … Read more
July 3, 2024 at 04:24PM Nick Cerne from Bishop Fox discovered vulnerabilities in Traeger grills with the D2 Wi-Fi Controller, enabling remote attackers to issue commands, such as altering the temperature. Despite the potential risks, Traeger automatically updates affected grills. The need for secure IoT devices is underscored, while recommendations include physical control of devices … Read more
July 2, 2024 at 11:18AM Google has released patches for 25 security vulnerabilities in the Android operating system, including a critical flaw in the Framework component. The CVE-2024-31320 bug affects Android versions 12 and 12L, allowing an attacker to escalate privileges. The updates address various high-severity issues and advise users to promptly update their devices. … Read more
June 24, 2024 at 02:44PM The ‘Rafel RAT’ malware targets outdated Android devices to conduct ransomware attacks, with over 120 campaigns detected by researchers. It primarily affects devices running Android versions 11 and older, and it can target various brands and models. Threat actors use fake apps to spread Rafel RAT, which can execute commands … Read more
June 14, 2024 at 04:19AM A security analysis of ZKTeco’s hybrid biometric access system revealed 24 critical flaws, including SQL injections, buffer overflows, and file manipulations. These vulnerabilities enable attackers to bypass authentication, steal biometric data, execute arbitrary commands, and implant backdoors. Mitigation measures include network segmentation, strong passwords, and minimizing QR code use. Source: … Read more
June 13, 2024 at 01:39PM Google’s latest Pixel update includes patches for 50 security vulnerabilities, with one already being exploited as a zero-day attack. GrapheneOS confirms the exploit and mentions forensics companies targeting users with certain apps. The update aims to address this and other issues, but requires manual installation. Additionally, Arm has flagged a … Read more
May 15, 2024 at 01:58PM Google recently announced new privacy and security features for Android, including advanced protection to secure users’ devices and data in the event of theft. The features include a private space for sensitive apps, an extra layer of protection for device settings, and an upgrade to factory reset that renders stolen … Read more
May 14, 2024 at 06:54AM MITRE publicly released its EMB3D threat model for embedded devices in critical infrastructure and other sectors. Developed in collaboration with industry partners, the framework aims to improve the security of these devices by mapping threats to their features and properties. It aligns with existing models and will be continuously updated … Read more
May 3, 2024 at 11:19AM Microsoft has introduced support for passkey authentication in its Windows consumer accounts. Users can now log in using password-less methods such as biometrics, security keys, or PINs. This change aims to enhance security, eliminate passwords, and reduce the risk of phishing attacks. Passkeys provide a secure, convenient, and cross-platform authentication … Read more