How to Avoid Smishing Attacks Targeting Subscription Service Users
If you’re anything like me, you used delivery more during the pandemic than before. Both getting food brought to my door and meal kit boxes mean people don’t have to mask up and go out to the grocery store. But threat actors know that, too. Recent scams take advantage of people signing up for more…
Google Patches High-Risk Android Security Flaws
The latest Android update provides documentation on 33 security bugs, some serious enough to cause privilege escalation or information disclosure compromises. The most important of these is a bug in the Media framework that could lead to elevation of privilege on Android 8.1 and 9 devices, or information disclosure, on Android 10 and 11. The…
Firefox 90 Adds Cross-Origin Protections, Advanced Tracker Blocker
The open-source browser refresh is currently rolling out with support for Fetch Metadata Request Headers, which means that web applications can better protect users against cross-site request forgery (CSRF), cross-site leaks (XS-Leaks), and speculative cross-site execution side channel attacks (such as Spectre). With the newly introduced feature, web application servers can distinguish between same-origin and…
Vulnerabilities in Zephyr’s Bluetooth LE Stack May Lead to DoS Attacks
Six of the flaws, the researcher explains, could be abused by an attacker by sending malformed input that would cause the device to freeze. This could result in the device rebooting itself or may even allow for remote code execution in some instances. Other vulnerabilities could be exploited either to cause the device to misbehave…
Mitre Adds D3FEND Countermeasures to ATT&CK Framework
The project, called D3FEND, is available through the non-profit Mitre Corporation as a catalog of defensive cybersecurity techniques and their relationships to offensive/adversary techniques. The primary goal of the initial D3FEND release is to help standardize the vocabulary used to describe defensive cybersecurity technology functionality. Mitre described D3FEND as an “early stage experimental research project”…
Google Intros SLSA Framework to Enforce Supply Chain Integrity
The U.S. tech giant this week unveiled SLSA (Supply chain Levels for Software Artifacts), a new end-to-end framework the company hopes will drive the enforcement of standards and guidelines to ensuring the integrity of software artifacts throughout the software supply chain. The framework, released as part of the OpenSSF Foundation, is essentially a set of…
Google Rolls out E2EE For Android Messages App
Google announced end-to-end encryption is now available in Android, but only for one-on-one conversations between users of the Messages app. “No matter who you’re messaging with, the information you share is personal. End-to-end encryption in Messages helps keep your conversations more secure while sending. It ensures that no one can read the content of your…
Apple Warns EU Law ‘Risks Destroying iPhone Security’
The European Union last year unveiled tough draft rules targeting tech giants like Apple, Google, Amazon and Facebook that could shake up the way Big Tech does business. Cook, speaking at the VivaTech convention for startups in Paris, took aim at some of the rules that target online “gatekeepers” such as Apple which controls which…
Google: Four Recently Patched Android Vulnerabilities Exploited in Attacks
Rolling out to users since early May, the latest Android security update patches over 40 flaws, including four with a severity rating of critical. This week, Google Project Zero researcher Maddie Stone pointed out on Twitter that the security bulletin has been updated with a note on some bugs being exploited in the wild. A…
XcodeGhost Malware Discovered in 2015 Impacted 128 Million iOS Users
The information was uncovered in emails provided recently as part of the antitrust trial between Epic Games and Apple. The game maker filed a lawsuit against the tech giant last year in a California court over its App Store practices, specifically related to Apple removing Epic’s hit game, Fortnite, from the App Store for allegedly…
