Security News
A joint law enforcement operation has dismantled an international criminal network that used the iServer automated phishing-as-a-service platform to unlock the stolen or lost mobile phones of...
A boffin from British defence contractor BAE has found three critical flaws in Cisco's Small Business SPA300 and SPA500 IP phones - and another couple of nasties - none of which will be fixed or mitigated. In an advisory published on Wednesday, Cisco explained the three most serious flaws - all rated CVSS 9.8 - affect the web-based management interface of the devices and could allow an unauthenticated remote attacker to gain root privileges.
Cisco is warning of multiple critical remote code execution zero-days in the web-based management interface of the end-of-life Small Business SPA 300 and SPA 500 series IP phones. [...]
US border agents must obtain a warrant, in New York at least, to search anyone's phone and other electronic device when traveling in or out of the country, another federal judge has ruled. Judge Nina Morrison of the Eastern District of New York issued a decision [PDF] last week that Customs and Border Patrol officials need a warrant to search citizens and non-citizens' electronics in all but the most exceptional of circumstances.
A threat actor has leaked a database containing the personal information of 442,519 Life360 customers collected by abusing a flaw in the login API. Known only by their 'emo' handle, they said the unsecured API endpoint used to steal the data provided an easy way to verify each impacted user's email address, name, and phone number. According to the threat actor, Life360 has since fixed the API flaw, and additional requests now return a placeholder phone number.
The FBI on Monday revealed it has gained access to a phone it says was used by Thomas Matthew Crooks - the man who shot at and wounded former US president Donald Trump on July 13 in an apparent failed assassination attempt. The bureau hasn't explained how it got into the cellphone, though it is known to have previously acquired capabilities that allow it to access locked devices - and even view encrypted content - despite the use of passwords and/or biometric authentication.
According to AT&T, the threat actor accessed phone call and text message records, including which phone numbers customers interacted with and, in some cases, cell site ID numbers. AT&T first became aware of the attack on April 19 after "a threat actor claimed" to have accessed the data, according to AT&T's SEC filing about the incident.
After first announcing onboard AI in January, Samsung expanded what it's calling the Galaxy AI ecosystem on July 10 at the Galaxy Unpacked event in Paris. Samsung's two newest phones are the Galaxy Z Fold6 and Galaxy Z Flip6, both of which use Google's Gemini AI for translation, creative features and cosmetic changes.
Cloud communications provider Twilio has revealed that unidentified threat actors took advantage of an unauthenticated endpoint in Authy to identify data associated with Authy accounts, including users' cell phone numbers. The development comes days after an online persona named ShinyHunters published on BreachForums a database comprising 33 million phone numbers allegedly pulled from Authy accounts.
Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks. In late June, a threat actor named ShinyHunters leaked a CSV text file containing what they claim are 33 million phone numbers registered with the Authy service.