Security News

A vulnerability in the popular TikTok short-form video-sharing platform could have allowed attackers to easily compile users' phone numbers, unique user IDs and other data ripe for phishing attacks. In order to help users find friends through their contacts, TikTok contained a sync feature for contacts who had TikTok accounts.

The Federal Bureau of Investigation has issued a Private Industry Notification to warn of attacks targeting enterprises, in which threat actors attempt to obtain employee credentials through vishing or chat rooms. An observed shift in tactics, the FBI says, is the targeting of all employee credentials, not exclusively of those individuals who might have higher access and privileges based on their corporate position.

We all know that our cell phones constantly give our location away to our mobile network operators; that's how they work. "Pretty Good Phone Privacy" protects both user identity and user location using the existing cellular networks.

T-Mobile has announced a data breach exposing customers' proprietary network information, including phone numbers and call records. After bringing in a cybersecurity firm to perform an investigation, T-Mobile found that threat actors gained access to the telecommunications information generated by customers, known as CPNI. The information exposed in this breach includes phone numbers, call records, and the number of lines on an account.

In Hey Alexa what did I just type? we show that when sitting up to half a meter away, a voice assistant can still hear the taps you make on your phone, even in presence of noise. Modern voice assistants have two to seven microphones, so they can do directional localisation, just as human ears do, but with greater sensitivity.

A recently observed Pegasus spyware infection campaign targeting tens of Al Jazeera journalists leveraged an iMessage zero-click, zero-day exploit for infection. Cybersecurity firms and human rights organizations have detailed multiple malicious attacks involving Pegasus, many of them targeting journalists and human rights activities.

Gizmodo is reporting that schools in the US are buying equipment to unlock cell phones from companies like Cellebrite: Gizmodo has reviewed similar accounting documents from eight school...

The COVID-19 crisis enabled scammers to take advantage of the guileless, as bad actors were able to extract personal information from targets, according to a new report from First Orion. First Orion's Annual Phone Scam Call Report exposed how scammers were able to get 270% more personal information in 2020 than they did in 2019.

According to findings published by Check Point Research, the threat actors - believed to be located in the Palestinian Gaza Strip - have targeted Sangoma PBX, an open-sourced user interface that's used to manage and control Asterisk VoIP phone systems, particularly the Session Initiation Protocol servers. "One of the more complex and interesting ways is abusing the servers to make outgoing phone calls, which are also used to generate profits. Making calls is a legitimate feature, therefore it's hard to detect when a server has been exploited."

We last wrote about vishing back in September 2020, when we and other Naked Security readers in the UK began receiving a burst of automated, unwanted voice calls that were clearly designed to get our attention whether we answered them live or listened to them later via voicemail. The call centre crooks criminals only ever deal with people who are already frightened enough to call back, making their scamming process more efficient.