Latest News


Android OTA Bug May Have Hit One Billion Users

Security researchers are warning of a new Android vulnerability in the way certain handsets receive over-the-air (OTA) updates, allowing hackers to potentially craft convincing SMS phishing attacks.

Check Point revealed the flaw, which has now been patched by some handset manufacturers, earlier this week.

It claimed that the industry standard for OTA provisioning, the Open Mobile Alliance Client Provisioning (OMA CP), only features limited authentication. As a result, remote agents could exploit this to impersonate network operators in spoof OMA CP messages to users, it claimed

IoT Security Challenges in a 5G Era: Expert Advice

Experts from Nokia, iboss and Sectigo talk 5G mobile security for internet of things (IoT) devices in this webinar replay.

When it comes to what we can expect with 5G mobile networks, they promise a more IoT friendly ecosystem, with vast improvements over the current capabilities of the 4G. Providing ultra low-latency and exponentially faster throughput (along with sensors that will boast a 10-year battery life) 5G paves the way for new enterprise use cases and applications, including remote telesurgery, self-driving cars, electricity on-demand and more.

Vulnerabilities in WhatsApp can allow attackers to intercept and manipulate user messages

Researchers from Israeli security company Check Point have identified three attack modes in WhatsApp which can be exploited to intercept and manipulate users’ messages.

Apparently, these security issues were revealed to WhatsApp last year. However, they remain exploitable even after one year.

Stuart Peck, director of the cybersecurity strategy at ZeroDayLab, claims that WhatsApp flaws pose a serious security issue given that it still hasn’t been addressed. He further added that "the integrity of messages received from trusted sources is vital if users are going to trust encrypted messaging services like WhatsApp."

Vulnerabilities in Device Drivers From 20 Vendors Expose PCs to Persistent Malware

Researchers at firmware security company Eclypsium have analyzed device drivers from major vendors and identified over 40 drivers from 20 firms containing serious vulnerabilities that can be exploited to deploy persistent malware.

Device drivers provide access to the BIOS/UEFI or other system components with the purpose of allowing users to update firmware, perform diagnostics, and change settings. However, vulnerabilities in these drivers can pose a serious threat as they can allow an attacker to escalate privileges to the highest level and become highly persistent.

Google Researchers Disclose PoCs for 4 Remotely Exploitable iOS Flaws

Google's cybersecurity researchers have finally disclosed details and proof-of-concept exploits for 4 out of 5 security vulnerabilities that could allow remote attackers to target Apple iOS devices just by sending a maliciously-crafted message over iMessage.
All the vulnerabilities, which required no user interaction, were responsibly reported to Apple by Samuel Groß and Natalie Silvanovich of Google Project Zero, which the company patched just last week with the release of the latest iOS 12.4 update.