Security News

The Lorenz ransomware gang now uses a critical vulnerability in Mitel MiVoice VOIP appliances to breach enterprises, using their phone systems for initial access to their corporate networks. While these incidents weren't linked to a specific ransomware gang, Arctic Wold Labs was able to attribute similar malicious activity to the Lorenz gang with high confidence.

iPhone 14 cheat sheet: Everything to know about Apple's 2022 flagship phones We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. The iPhone 14 and iPhone 14 Plus feature an A15 Bionic chip comprising of a 5-core CPU that's 18% faster for gaming performance than the iPhone 13; a 6-core CPU with 2 high-performance cores and 4 high efficiency cores that produce more performance and increase battery life; and a new image signal processor that works with the new camera system to produce a better image handling pipeline.

The U.S. Federal Trade Commission on Monday said it filed a lawsuit against Kochava, a location data broker, for collecting and selling precise geolocation data gathered from consumers' mobile devices. The complaint alleges that the U.S. company amasses a "Wealth of information" about users by purchasing data from other data brokers to sell to its own clients.

At around the same time that the Rhythm Nation story broke, a researcher at Ben-Gurion university of the Negev in Israel published a research paper about resonance problems in mobile phone gyroscopes, as used by popular but apparently innocent programs such as your Compass app. At the same time, a typical mobile phone microphone can pick up ultrasonic sounds at the other side of the airgap.

All users can rest assured that their message history, contact lists, profile information, whom they'd blocked, and other personal data remain private and secure and were not affected. For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal.

Budget Android device models that are counterfeit versions associated with popular smartphone brands are harboring multiple trojans designed to target WhatsApp and WhatsApp Business messaging apps. So system library is used by any app, it triggers the execution of a trojan incorporated in libmtd.

Security flaws have been identified in Xiaomi Redmi Note 9T and Redmi Note 11 models, which could be exploited to disable the mobile payment mechanism and even forge transactions via a rogue Android app installed on the devices. Specifically, the Israeli cybersecurity firm discovered that a trusted app on a Xiaomi device can be downgraded due to a lack of version control, enabling an attacker to replace a newer, secure version of an app with an older, vulnerable variant.

Smartphone maker Xiaomi, the world's number three phone maker behind Apple and Samsung, reported it has patched a high-severity flaw in its "Trusted environment" used to store payment data that opened some of its handsets to attack. Researchers at Check Point Research revealed last week in a report released at DEF CON that the Xiaomi smartphone flaw could have allowed hackers to hijack the mobile payment system and disable it or create and sign their own forged transactions.

Phone numbers of close to 1,900 Signal users were exposed in the data breach Twilio cloud communications company suffered at the beginning of the month. Twilio provides phone number verification services for Signal and last week disclosed that an attacker hacked its network on August 4.

Security analysts have found security issues in the payment system present on Xiaomi smartphones that rely on MediaTek chips providing the trusted execution environment that is responsible for signing transactions. Considering how common mobile payments and Xiaomi phones are, especially in Asian markets, the money pool hackers could tap into is estimated to be in the billions of U.S. dollars.