Security News

Cisco has addressed a critical security vulnerability found in the Web UI of multiple IP Phone models that unauthenticated and remote attackers can exploit in remote code execution attacks. The security vulnerabilities were discovered by Zack Sanchez of the Cisco Advanced Security Initiatives Group during internal security testing.

The White House has ordered all federal government employees to delete TikTok from work devices, over fears the video-sharing app could be used to spy on Americans. TikTok has been downloaded by billions of people around the world, and is particularly popular among young people - but the US government believes that data could be shared with the Chinese government.

Microsoft announced today an early preview of Phone Link for iPhone users available to Windows Insiders running the latest Windows 11 builds. "The preview will begin rolling out to Insiders who have opted in their device into one of the 3 Insider Channels via Settings > Windows Update > Windows Insider Program," Microsoft Senior Program Manager Brandon LeBlanc said.

The APT37 threat group uses a new evasive 'M2RAT' malware and steganography to target individuals for intelligence collection. The threat actors targeted EU-based organizations with a new version of their mobile backdoor named 'Dolphin,' deployed a custom RAT called 'Konni,' and targeted U.S. journalists with a highly-customizable malware named 'Goldbackdoor.

A new Android malware named 'Hook' is being sold by cybercriminals, boasting it can remotely take over mobile devices in real-time using VNC. The new malware is promoted by the creator of Ermac, an Android banking trojan selling for $5,000/month that helps threat actors steal credentials from over 467 banking and crypto apps via overlaid login pages. While the author of Hook claims the new malware was written from scratch, and despite having several additional features compared to Ermac, researchers at ThreatFabric dispute these claims and report seeing extensive code overlaps between the two families.

So Don was rather surprised one day to hear a phone ringing as he stalked the racks, because the kit there was dedicated to modems. "The caller only said 'BOMB. BOMB. BOMB.' with a strong Irish accent," don recalled.

Boffins based in China and the UK have devised a telecom network attack that can expose call metadata during VoLTE/VoNR conversations. Researchers Zishuai Cheng and Baojiang Cui, with the Beijing University of Posts and Telecommunications, and Mihai Ordean, Flavio Garcia, and Dominik Rys, with the University of Birmingham, have found a way to access encrypted call metadata - VoLTE activity logs that describe call times, duration, and direction for mobile network conversations.

" I don't even think turning your cell phone off would help in this instance. Oh and do not think that "Turning the phone off" actually works, it does not, the phone remains powered up but supposadly in some quiescent mode.

The US government's New Year's resolution for 2023: no more TikTok at work. In an email to members and staff Tuesday, the Committee on House Administration banned the use of TikTok from House-managed mobile devices.

"You still have a lot of soldiers bringing cellphones to the frontline who want to talk to their families and they are either being intercepted as they go through a Ukrainian telecommunications provider or intercepted over the air," said Alperovitch. "That doesn't pose too much difficulty for the Ukrainian security services."