Security News
Cybersecurity researchers on Thursday revealed security issues in the Android app developed by Chinese drone-maker Da Jiang Innovations that comes with an auto-update mechanism that bypasses Google Play Store and could be used to install malicious applications and transmit sensitive personal information to DJI's servers. "Given the wide permissions required by DJI GO 4 - contacts, microphone, camera, location, storage, change network connectivity - the DJI or Weibo Chinese servers have almost full control over the user's phone."
The privacy issues were discovered in the DJI GO 4 application, which is the complementary app used to control DJI drones. Researchers with Synacktiv found several concerning privacy issues,, which were then independently confirmed by researchers with GRIMM. "The DJI GO 4 application contains several suspicious features as well as a number of anti-analysis techniques, not found in other applications using the same SDKs," according to researchers with GRIMM, in a Thursday post.
Apple this week kicked off another initiative meant to improve the security of iPhones, by offering hackable phones to security researchers. Specifically designed for security researchers, these devices feature unique code execution and containment policies and are offered as part of the company's Security Research Device program, which was initially announced in December last year.
A team of researchers from the Ruhr University Bochum in Germany has disclosed a series of new attack methods against signed PDF files. Dubbed Shadow Attacks, the new techniques allow a hacker to hide and replace content in a signed PDF document without invalidating its signature.
A working group led by two computer scientists Wolfgang Maass and Robert Legenstein of TU Graz has adopted this principle in the development of the new machine learning algorithm e-prop. Learning is a particular challenge for such less active networks, since it takes longer observations to determine which neuron connections improve network performance.
DDoS attacks have become a global risk, and as attacks continue to increase in complexity, further spurred by the pandemic, ISPs will have to strengthen their security measures. While DDoS attacks disrupt service for large companies and individuals alike, ISPs face increasing challenges to curb undetectable and abnormal traffic patterns before they evolve into uncontrollable reflection attacks.
Trustwave's security researchers have discovered another malware family delivered through tax software that Chinese banks require companies doing business in the country to use. The discovery comes only weeks after the security firm published information on GoldenSpy, a backdoor delivered via the Intelligent Tax application produced by the Golden Tax Department of Aisino Corporation.
Video conference users should not post screen images of Zoom and other video conference sessions on social media, according to Ben-Gurion University of the Negev researchers, who easily identified people from public screenshots of video meetings on Zoom, Microsoft Teams and Google Meet. While there have been many privacy issues associated with video conferencing, the BGU researchers looked at what types of information they could extract from video collage images that were posted online or via social media.
Following a January report on malware found pre-installed on smartphones sold in the United States to budget-conscious users, Malwarebytes has discovered another mobile device riddled with malware from the get-go. Now, Malwarebytes's Nathan Collier says that another phone model provided through the Lifeline Assistance program was found to include pre-installed malware: the ANS UL40 running Android 7.1.1.
Researchers at Ben-Gurion University of the Negev have determined how to pinpoint the location of a drone operator who may be operating maliciously or harmfully near airports or protected airspace by analyzing the flight path of the drone. "Currently, drone operators are located using RF techniques and require sensors around the flight area which can then be triangulated," says lead researcher Eliyahu Mashhadi, a BGU computer science student.