Security News

The authors of the technical paper published on Arxiv.org also found that biometric data on the fingerprint sensors' Serial Peripheral Interface were inadequately protected, allowing for a man-in-the-middle attack to hijack fingerprint images. The idea of BrutePrint is to perform an unlimited number of fingerprint image submissions to the target device until the user-defined fingerprint is matched.

A cybercrime enterprise known as Lemon Group is leveraging millions of pre-infected Android smartphones worldwide to carry out their malicious operations, posing significant supply chain risks. The activity encompasses no fewer than 8.9 million compromised Android devices, particularly budget phones, with a majority of the infections discovered in the U.S., Mexico, Indonesia, Thailand, Russia, South Africa, India, Angola, the Philippines, and Argentina.

A Microsoft app that helps people use their Windows PC and iPhone or Android phone in tandem could also be abused by cyberstalkers to snoop on personal information. In a report released Thursday, software maker Certo explains how Microsoft's Phone Link app could be used against iPhone owners and how they can protect themselves against this type of threat.

Black Hat Asia Threat groups have infected millions of Androids worldwide with malicious firmware before the devices have even been shipped from their manufacturers, according to Trend Micro researchers at Black Hat Asia. The mainly mobile devices, but also smartwatches, TVs and more, have their manufacturing outsourced to an original equipment manufacturer, a process the researchers say makes them easily infiltrated.

There is a critical security flaw in a Cisco phone adapter, and the business technology giant says the only step to take is dumping the hardware and migrating to new kit. Adding to the problem is the fact that the adapter reached its end of life in June 2020, and while the last date to extend or renew a service contract for the product isn't until August 2024, Cisco said in the advisory it will not release firmware updates to address the flaw and there are no workarounds.

Cisco has revealed the existence of a critical vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters. "This vulnerability is due to a missing authentication process within the firmware upgrade function. An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware," Cisco's security advisory explains.

Cisco has warned of a critical security flaw in SPA112 2-Port Phone Adapters that it said could be exploited by a remote attacker to execute arbitrary code on affected devices.The company credited Catalpa of DBappSecurity for reporting the shortcoming.

Cisco has disclosed a vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters, allowing an unauthenticated, remote attacker to execute arbitrary code on the devices. These phone adapters are a popular choice in the industry for incorporating analog phones into VoIP networks without upgrading.

Microsoft is rolling out Phone Link for iOS to all Windows 11 and iPhone users, with the rollout expected to complete by mid-May. The Phone Link app is designed to enable users to connect from their PC to Android and iOS devices via a Wi-Fi connection. "Today, we are excited to announce that Microsoft Phone Link for iOS on Windows 11 is beginning to rollout to our global audience in 39 languages across 85 markets," said Ali Akgun, Corporate Vice President of Software Engineering for Microsoft Devices.

Several police forces in Britain are being put on the naughty step by the UK's data watchdog for using a calling app that recorded hundreds of thousands of phone conversations and illegally retained that data. The Information Commissioner's Office said today it was made aware in June 2020 that Surrey Police and Sussex Police were given access to the Another Call Recorder app that recorded all incoming and outgoing conversations.