Meant to provide significantly reduced power consumption and costs at communication ranges similar to those provided by Bluetooth, BLE is used for a broad range of applications in sectors such as automotive, healthcare, security, home entertainment, and more. BLE proximity authentication is typically to unlock or keep unlocked products such as cars, smart locks, access…

CISA and the FBI have made a series of recommendations to help SATCOM network providers and customers strengthen cybersecurity. Network providers have been advised to implement additional monitoring capabilities for anomalous traffic related to SATCOM equipment. They have also been advised to read a recent threat assessment report from the Office of the Director of…

The iOS 15.2.1 patch, available for all supported iPhones and iPads, is described simply as a “resource exhaustion issue” that causes the device to hang when processing maliciously crafted HomeKit accessory names. The sudden appearance of the patch comes almost two weeks after researcher Trevor Spiniolas publicly documented the HomeKit bug and warned that it…

Citizen Lab teamed up with the threat-intel team at Facebook parent company Meta to expose Cytrox alongside a handful of PSOAs (private sector offensive actors) in the murky surveillance-for-hire industry. In a detailed technical report published late Thursday, Citizen Lab said Cytrox is responsible for a piece of iPhone eavesdropping malware that was planted on…

This is the 16th documented in-the-wild zero-day exploitation of security defects in Apple’s iOS and macOS platforms so far this year. “Apple is aware of reports that an exploit for this issue exists in the wild,” the company said without elaborating. No other details of IOCs (indicators of compromise) were provided. The Cupertino, Calif. software…

As part of its scheduled Patch Tuesday release, Adobe released fixes for 29 documented security vulnerabilities, some serious enough to expose users to code execution, security feature bypass, and privilege escalation attacks. The Adobe Magento patch lists 26 CVEs with severity ratings ranging from critical to important, according to an advisory from San Jose, Calif….

The evolution of wireless security could at best be described as trial and error. The initial standard that debuted in the late 1990s — Wired Equivalent Privacy (WEP) — had significant security problems, and the first two version of Wireless Protected Access, WPA and WPA2, both have been found to be vulnerable to a variety…

The latest Android update provides documentation on 33 security bugs, some serious enough to cause privilege escalation or information disclosure compromises. The most important of these is a bug in the Media framework that could lead to elevation of privilege on Android 8.1 and 9 devices, or information disclosure, on Android 10 and 11. The…

Tracked as CVE-2021-28476 with a CVSS score of 9.9, the security vulnerability impacts Hyper-V’s virtual network switch driver (vmswitch.sys) and could be exploited to achieve remote code execution or cause a denial of service condition. Hyper-V is a native hypervisor that provides virtualization capabilities for both desktop and cloud systems, and which Microsoft uses as…

The world’s largest software company said Wednesday it would acquire CloudKnox, a Silicon Valley startup that sells tools to help companies manage and secure access to cloud accounts and data. Financial terms of the deal were not disclosed. CloudKnox, based in Sunnyvale, Calif., raised a total of $22.8 million in venture capital investments since its…