Security News
Phone numbers of close to 1,900 Signal users were exposed in the data breach Twilio cloud communications company suffered at the beginning of the month. Twilio provides phone number verification services for Signal and last week disclosed that an attacker hacked its network on August 4.
Meta first reported the new Android malware in its Q2 2022 adversarial threat report, where they briefly mentioned its data-stealing, geo-locating, and microphone-activation capabilities. While Meta mentions laced versions of Telegram, WhatsApp, and YouTube, Cyble's investigation only uncovered a trojanized version of the Signal messaging app.
A new method devised to leak information and jump over air-gaps takes advantage of Serial Advanced Technology Attachment or Serial ATA cables as a communication medium, adding to a long list of electromagnetic, magnetic, electric, optical, and acoustic methods already demonstrated to plunder data. "Although air-gap computers have no wireless connectivity, we show that attackers can use the SATA cable as a wireless antenna to transfer radio signals at the 6GHz frequency band," Dr. Mordechai Guri, the head of R&D in the Cyber Security Research Center in the Ben Gurion University of the Negev in Israel, wrote in a paper published last week.
Researchers warn Bluetooth signals can be used to track device owners via a unique fingerprinting of the radio signal. The paper suggests that minor manufacturing imperfections in hardware are unique with each device, and cause measurable distortions which can be used as a "Fingerprint to track a specific device".
For the first time in over two years the streets of San Francisco have been filled by attendees at the RSA Conference and it seems that the days of physical cons are back on. The security conference trade has been more cautious than most when it comes to getting conferences back up to speed in the COVID years.
A new research undertaken by a group of academics from the University of California San Diego has revealed for the first time that Bluetooth signals can be fingerprinted to track smartphones. "To perform a physical-layer fingerprinting attack, the attacker must be equipped with a Software Defined Radio sniffer: a radio receiver capable of recording raw IQ radio signals," the researchers said in a new paper titled "Evaluating Physical-Layer BLE Location Tracking Attacks on Mobile Devices."
GhostTouch, as it's called, "Uses electromagnetic interference to inject fake touch points into a touchscreen without the need to physically touch it," a group of academics from Zhejiang University and Technical University of Darmstadt said in a new research paper. The core idea is to take advantage of the electromagnetic signals to inject fake touch events such as taps and swipes into targeted locations of the touchscreen with the goal of taking over remote control and manipulating the underlying device.
Elon Musk, CEO of SpaceX and Tesla and Twitter's new owner, on Thursday called on adding support for end-to-end encryption to the platform's direct messages feature. "Twitter DMs should have end to end encryption like Signal, so no one can spy on or hack your messages," Musk said in a tweet.
A rendering technique affecting the world's leading messaging and email platforms, including Instagram, iMessage, WhatsApp, Signal, and Facebook Messenger, allowed threat actors to create legitimate-looking phishing messages for the past three years. The vulnerabilities are rendering bugs resulting in the apps' interface incorrectly displaying URLs with injected RTLO Unicode control characters, making the user vulnerable to URI spoofing attacks.
Signal vs. Wire: Compare messaging app privacy and security We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. Both Signal and Wire offer stronger security measures than system default messaging solutions, such as Google Messages, Apple's iMessage or Microsoft's Skype.