Security News

It is possible to hijack and manipulate Cellebrite's phone-probing software tools by placing a specially crafted file on your handset, it is claimed. Signal app supremo Moxie Marlinspike said in an advisory on Wednesday that he managed to get his hands on some of Cellebrite's gear, which is typically used by cops, government agents, big biz, and authoritarian regimes to forcibly access the contents of physically seized smartphones.

WhatsApp malware dubbed WhatsApp Pink has now been updated with advanced capabilities that let this counterfeit Android app automatically respond to your Signal, Telegram, Viber, and Skype messages. WhatsApp Pink refers to a counterfeit app that appeared this week, primarily targeting WhatsApp users in the Indian subcontinent.

"Your mobile phone still fully functions with no SIM in it." 2, The network sees the equivalent of your phones unique network identifier that is the equivalent of an Ethernet MAC address.

Due to conflicting information BleepingComputer has received, we have removed our original article. [...]

Microsoft has suspended free trials of their newly launched Windows 365 Cloud PC service after running out of available servers. Windows 11's October 2021 release date hinted in support docs.

Microsoft has suspended free trials of their newly launched Windows 365 Cloud PC service after running out of available servers. Windows 11's October 2021 release date hinted in support docs.

Microsoft's security services grew by $10 billion in 2020, as more companies began utilizing their cloud-based security services. Microsoft released the second quarter of the fiscal year 2021 earnings this week and beat consensus estimates by 7.36%. While most of this growth is attributed to Azure and Xbox, Microsoft's new blog post shows that security services are becoming a larger part of their revenue stream.

Bugs in several messaging/video chat mobile apps allowed attackers to spy on targeted users's surroundings. The vulnerabilities - in Signal, Google Duo, Facebook Messenger, JioChat, and Mocha - could be triggered by simply placing a call to the target's device - no other action was needed.

Although a majority of the messaging apps today rely on WebRTC for communication, the connections themselves are created by exchanging call set-up information using Session Description Protocol between peers in what's called signaling, which typically works by sending an SDP offer from the caller's end, to which the callee responds with an SDP answer. Not only did the flaws in the apps allow calls to be connected without interaction from the callee, but they also potentially permitted the caller to force a callee device to transmit audio or video data.

Vulnerabilities found in multiple video conferencing mobile applications allowed attackers to listen to users' surroundings without permission before the person on the other end picked up the calls. The logic bugs were found by Google Project Zero security researcher Natalie Silvanovich in the Signal, Google Duo, Facebook Messenger, JioChat, and Mocha messaging apps and are now all fixed.