Nation-states were noted by Sen. Ron Wyden, D-Ore., to have been leveraging push notifications to enable surveillance on Apple and Google smartphones, according to TechCrunch.
BleepingComputer reports that more than 12 million Android devices have collectively downloaded 18 malicious loan apps dubbed "SpyLoan," which could exfiltrate not only call logs, local Wi-Fi network information, and image metadata but also text messages, location information, and contact lists.
Details regarding 10 security vulnerabilities impacting Loytec building automation products that remained unaddressed more than two years after their discovery were uncovered by TXOne Networks researchers, according to SecurityWeek.
While AeroBlade’s techniques are more sophisticated in many ways, security pros say the initial attack vector was a common spearphishing attack – something U.S. companies must do a better job protecting against.
Several new attacks leveraging Bluetooth vulnerabilities, collectively tracked as CVE-2023-24023 and dubbed BLUFFS, have been identified by EURECOM to enable adversary-in-the-middle intrusions between connected devices by compromising the forward and future secrecy mechanisms of Bluetooth, reports The Hacker News.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.