Security News

Microsoft's security services grew by $10 billion in 2020, as more companies began utilizing their cloud-based security services. Microsoft released the second quarter of the fiscal year 2021 earnings this week and beat consensus estimates by 7.36%. While most of this growth is attributed to Azure and Xbox, Microsoft's new blog post shows that security services are becoming a larger part of their revenue stream.

Bugs in several messaging/video chat mobile apps allowed attackers to spy on targeted users's surroundings. The vulnerabilities - in Signal, Google Duo, Facebook Messenger, JioChat, and Mocha - could be triggered by simply placing a call to the target's device - no other action was needed.

Although a majority of the messaging apps today rely on WebRTC for communication, the connections themselves are created by exchanging call set-up information using Session Description Protocol between peers in what's called signaling, which typically works by sending an SDP offer from the caller's end, to which the callee responds with an SDP answer. Not only did the flaws in the apps allow calls to be connected without interaction from the callee, but they also potentially permitted the caller to force a callee device to transmit audio or video data.

Vulnerabilities found in multiple video conferencing mobile applications allowed attackers to listen to users' surroundings without permission before the person on the other end picked up the calls. The logic bugs were found by Google Project Zero security researcher Natalie Silvanovich in the Signal, Google Duo, Facebook Messenger, JioChat, and Mocha messaging apps and are now all fixed.

Signal is experiencing a partial outage as tens of millions of netizens flood the free secure messaging service. Those technical difficulties come as at least 30 million people joined the non-profit end-to-end encrypted communications platform in a matter of days this week.

Signal users are currently experiencing issues around the world, with users unable to send and receive messages. When attempting to send messages via Signal, users are seeing loading screen and error message "502".

Signal's encrypted messaging service has recovered from delays affecting its new user verification process after a mass exodus of WhatsApp users to their platform. When setting up Signal for the first time, users must verify their mobile number using verification codes sent by the encrypted messaging provider.

Cellebrite's details will make it easier for the Signal developers to patch the vulnerability. So either Cellebrite believes it is so good that it can break whatever Signal does, or the original blog post was a mistake.

Covert Wi-Fi signals generated by DDR SDRAM hardware can be leveraged to exfiltrate data from air-gapped computers, a researcher claims. In a newly published paper, Mordechai Guri from the Ben-Gurion University of the Negev in Israel details AIR-FI, a new data exfiltration technique in which malware installed on a compromised air-gapped system can generate Wi-Fi signals that a nearby device intercepts and sends to the attacker, over the Internet.

A security researcher has demonstrated that sensitive data could be exfiltrated from air-gapped computers via a novel technique that leverages Wi-Fi signals as a covert channel-surprisingly, without requiring the presence of Wi-Fi hardware on the targeted systems. Dubbed "AIR-FI," the attack hinges on deploying a specially designed malware in a compromised system that exploits "DDR SDRAM buses to generate electromagnetic emissions in the 2.4 GHz Wi-Fi bands" and transmitting information atop these frequencies that can then be intercepted and decoded by nearby Wi-Fi capable devices such as smartphones, laptops, and IoT devices before sending the data to remote servers controlled by an attacker.