Security News

After Faïd's helicopter breakout, 3,000 police officers took part in the manhunt. According to the 2019 documentary La Traque de Rédoine Faïd, detective units scoured records of cell phones used during his escape, isolating a handful of numbers active at the time that went silent shortly thereafter.

Maybe it's sending personal texts or emails from your work phone, editing personal documents or photos on your work laptop, or joining a virtual happy hour with friends from your work tablet. At least the potentially more hazardous activities, such as storing personal data on your work machine or storying sensitive company data on your personal devices.

It is possible to hijack and manipulate Cellebrite's phone-probing software tools by placing a specially crafted file on your handset, it is claimed. Signal app supremo Moxie Marlinspike said in an advisory on Wednesday that he managed to get his hands on some of Cellebrite's gear, which is typically used by cops, government agents, big biz, and authoritarian regimes to forcibly access the contents of physically seized smartphones.

"The two aforementioned WhatsApp vulnerabilities would have made it possible for attackers to remotely collect TLS cryptographic material for TLS 1.3 and TLS 1.2 sessions," researchers from Census Labs said today. "With the TLS secrets at hand, we will demonstrate how a man-in-the-middle attack can lead to the compromise of WhatsApp communications, to remote code execution on the victim device and to the extraction of Noise protocol keys used for end-to-end encryption in user communications."

In what appears to be a fresh twist in Android malware, users of Gigaset mobile devices are encountering unwanted apps that are being downloaded and installed through a pre-installed system update app. "The culprit installing these malware apps is the Update app, package name com.redstone.ota.ui, which is a pre-installed system app," Malwarebytes researcher Nathan Collier said.

Roid smartphones from Gigaset have been infected by malware direct from the manufacturer in what appears to be a supply-chain attack. The Trojan, once downloaded and installed on a victim's device via a poisoned software update from the vendor, is capable of opening browser windows, fetching more malicious apps, and sending people text messages to further spread the malware, say researchers and users.

Owners of Gigaset Android phones have been repeatedly infected with malware since the end of March after threat actors compromised the vendor's update server in a supply-chain attack. Gigaset is a German manufacturer of telecommunications devices, including a series of smartphones running the Android operating system.

Facebook users can now use the Have I Been Pwned data breach notification site to check if their phone number was exposed in the social site's recent data leak. This leak's main component is a Facebook user's phone number, rather than an email address, and thus Have I Been Pwned could not accurately alert a user if they were exposed in the breach.

A newspaper in Malaysia is reporting on a cell phone cloning scam. The scammer convinces the victim to lend them their cell phone, and the scammer quickly clones it.

In what's likely to be a goldmine for bad actors, personal information associated with approximately 533 million Facebook users worldwide has been leaked on a popular cybercrime forum for free-which was harvested by hackers in 2019 using a Facebook vulnerability. The leaked data includes full names, Facebook IDs, mobile numbers, locations, email addresses, gender, occupation, city, country, marital status broken, account creation date, and other profile details broken down by country, with over 32 million records belonging to users in the U.S., 11 million users the U.K., and six million users in India, among others.