April 8, 2024 at 02:55PM Google is rolling out an upgraded Find My Device network for Android devices in the US and Canada. Users with Android 9 or later can locate phones and tablets, even when offline or with dead batteries. The network uses Bluetooth proximity and will soon support tracking other items. It prioritizes … Read more
April 4, 2024 at 08:30AM Google’s April 2024 security update for Pixel phones addresses two zero-day vulnerabilities, CVE-2024-29745 and CVE-2024-29748, which forensic firms are exploiting to access device data. GrapheneOS, a privacy and security-focused mobile platform, urges additional mitigations. These include a partial fix from Google, but GrapheneOS proposes further measures such as auto-reboots and … Read more
March 26, 2024 at 04:53PM CVE-2024-1580 enables remote attackers to execute arbitrary code on impacted devices. Based on the meeting notes, it appears that the CVE-2024-1580 vulnerability allows remote attackers to execute arbitrary code on affected devices. This is a critical issue that warrants immediate attention and action to mitigate potential security risks. Full Article
March 23, 2024 at 12:06AM Finite State, a software risk management firm, has secured $20 million in growth funding led by Energy Impact Partners. The Columbus-based company specializes in cybersecurity controls at the firmware layer to secure the device supply chain and mitigate risks in OT and IT environments. The funding will support product development … Read more
March 20, 2024 at 09:02AM The IoT Device Security Specification 1.0, along with certification, aims to establish a universal industry standard and raise consumer awareness regarding security. Based on the meeting notes, the key takeaway is that the new IoT Device Security Specification 1.0, along with its certification, aims to establish a unified industry standard … Read more
February 23, 2024 at 03:59PM Beyond Identity has unveiled Device360, a new solution for continuous device security posture management that combines device security with authentication. The tool enables organizations to identify and prevent device security risks across managed and unmanaged devices, offering centralized visibility, real-time device query, and compliance enforcement at authentication. For more information, … Read more
February 7, 2024 at 12:25PM The widely reported story about 3 million electric toothbrushes being hacked with malware for DDoS attacks appears to be a hypothetical scenario rather than an actual attack. The dramatic story lacked verification and was likely misunderstood or taken out of context. It serves as a reminder to keep internet-exposed devices … Read more
January 22, 2024 at 02:25PM Apple released security updates to address the first zero-day vulnerability of the year, tracked as CVE-2024-23222, impacting iPhones, Macs, and Apple TVs. The WebKit confusion issue could be exploited by attackers, leading to arbitrary code execution. Devices running vulnerable iOS, macOS, and tvOS versions are affected. Security updates are available … Read more
January 16, 2024 at 11:12AM The Internet of Things (IoT) devices offer great power and convenience, but also pose security and privacy risks. When purchasing IoT devices, it’s important to consider the company’s reputation, country of origin, security measures, and data privacy policies. Additionally, for healthcare-related IoT devices, it’s crucial to scrutinize data handling and … Read more
December 12, 2023 at 12:30PM Apple has introduced a new iMessage Contact Key Verification feature aimed at preventing impersonators and sophisticated attackers from abusing its iMessage service. The feature allows users to verify their contacts and receive alerts for verification errors. This update also includes patches for multiple serious vulnerabilities in iOS and macOS platforms. … Read more