MediaProjection vulnerability leaves 77 percent of Android phones open to screen and audio recording attacks
More than three quarters of Android phones are vulnerable to screen and audio recording by attackers. By exploiting the MediaProjection service, an attacker can easily trick a user into granting the relevant rights to a malicious app.
Although the vulnerability has been fixed in Android 8 Oreo, users running Lollipop, Marshmallow or Nougat remain at risk. MediaProjection is -- by design -- able to capture screen activity and audio, and it does have legitimate uses, but by using a technique known as tap-jacking permission can be given for it to be used for more nefarious things.
Following the shooting in a Texas church a couple of weeks ago, it quickly emerged that the FBI was having trouble accessing data stored on the shooter's encrypted phone. While authorities refused to disclose the make and model of the device, when Apple said that it had contacted the FBI to offer help, it all but confirmed early reports that an iPhone was at the center of the case.
Now Apple has been served with a warrant to help local law enforcement officers to access messages, photos and other data stored on gunman Devin Patrick Kelley's iPhone SE.
Regulators in Germany have introduced a ban on children's smartwatches citing privacy concerns. Telecoms regulator the Federal Network Agency (FNA) describes the wearables as "spying devices" and advises parents to destroy them.
The FNA said that parents had been using such smartwatches to listen in on their children at school, and warned teachers to be on the lookout for them. But a lack of regulation of the devices means that many have poor security, meaning they could be used by others to spy on wearers.
Since Vista, Windows has included a security feature known as ASLR. Address Space Layout Randomization uses a random memory address to execute code, but in Windows 8, Windows 8.1 and Windows 10 the feature is not always applied properly.
A security analyst discovered that in the last three versions of Windows, ASLR was in fact not using random memory addresses, essentially rendering it useless. The good news is that there is a fix -- but you will have to apply it manually.
The CoinHive malware, designed to mine the Monero cryptocurrency when a user visits a web page -- without the user's approval -- was the sixth most common malware during October.
The latest Global Threat Impact Index by Check Point released this week shows the RoughTed ad-blocker malware and Rocky ransomware are still the top two threats. However, there's a new trend toward sneakier programs with Seamless -- which redirects the victim to a malicious web page -- at number three.
A new study of over 850 organizations around the world shows that all of them have experienced a mobile malware attack.
The research by cyber security company Check Point shows an average of 54 mobile malware attacks per business with Android and iOS platforms both proving vulnerable.
Over the past several years we have seen a multitude of security problems plague major retail stores around the world. Breaches have come in many forms and have frequently targeted credit card information, though in some cases personal data has been part of the haul.
Now we find ourselves looking at yet another incident. Retail chain Forever 21, which is wildly popular among young people in the United States -- you can barely find a mall that doesn't have one -- has officially announced that its systems were compromised.
According to a new study, 25 percent of employees have tried to look at data at work that they weren't supposed to, and 60 percent were successful at accessing that data.
The survey by adaptive threat prevention company Preempt also reveals widespread bad habits, with 41 percent of employees using the same password for both personal and work accounts.
Malware is a worldwide problem affecting every nation state on the planet according to the latest Comodo Threat Research Labs report.
Comodo detected almost 400 million malware incidents around the globe in the third quarter of this year, with even the tiny island nation of Kiribati in the central Pacific being affected. The top five malware hit countries are, Russia, the US, Poland, the UK and Germany.
Most enterprises and government organizations fell vulnerable to insider threats and around half have experienced an insider attack in the last year, according to a new report.
Commissioned by Cybersecurity Insiders, the study is based on a comprehensive online survey of 472 cyber security professionals.
Healthcare providers are spending a lot of money on connected devices. But this comes at a time when cyber attacks on healthcare targets are increasing with medical devices a prime target.
Israeli start up Medigate has secured backing for a technology platform, that lets security teams defend networked medical devices from cyber attacks. It combines knowledge and understanding of medical workflow and device identity and protocols with the reality of today's cyber security threats.
According to a new report, one in four UK healthcare IT professionals aren't confident in their organization's ability to respond to cyber attacks.
Research from network intelligence company Infoblox finds that disruption caused to the NHS by WannaCry in May 2017 means many healthcare organizations are preparing themselves for further ransomware attacks.
Teledildonics (remote sex) company Lovense has apologized for what it describes as a "minor bug" that resulted in audio recordings being made by an app used to control a sex toy.
The Lovense Remote app allows for remote control of a paired vibrator via a smartphone, but users discovered that lengthy audio recordings of their sessions were also being made. The Hong Kong-based company insists that the audio recordings never leave the device and are automatically deleted, but users are concerned nevertheless.
A new survey of IT decision makers shows that 89 percent are confident their organizations are in a good position to protect themselves from attacks, but four out of 10 are not taking steps to lock down information, putting themselves at risk of data loss.
The study from security software company Varonis polled 500 IT decision makers in the UK, Germany, France and the US. Fifty-four percent of respondents believe their company will face a major attack in the next year.
Containerization is increasingly a part of enterprise IT strategy, and like any other systems it needs to be properly secured.
Container security specialist NeuVector is releasing a new version of its container firewall security solution with key security, integration, and UI additions, along with a version aimed specifically at enterprises.