Security

A security researcher discovered the first worm to take advantage of the BlueKeep in older versions of Windows exploit disclosed earlier this year. Machine running Windows 7 and below have a critical security flaw that can allow attackers full access. This attack installed a Monero cryptocurrency miner without tripping any flags other than high CPU usage. Considering the number of organizations and government agencies that still rely on legacy Windows machines, BlueKeep could turn out to be a much larger threat than many realize.

Nokia is working on Android 10 for the 9 PureView. This is evidenced by the leaked build of the ROM for this phone posted to its XDA forum. This version of the OS is believed to be part of official development from the brand, and also exists for other devices such as the 7.1 and 6.1 Plus.

Popular video app TikTok was purchased by Chinese company ByteDance Technology Co. in 2017 and has since accumulated over 500 million active users. However, ByteDance has recently been placed under investigation by the Committee on Foreign Investment in the United States (CFIUS) over concerns over its handling of the personal data of its 25 million American users as well as its apparent censorship over content incongruent with the Chinese state's version of reality, including strife in Hong Kong and pro-LGBT content.

The November 2019 security updates for Android are now available for the Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, and the Essential Phone. Noticeably absent from this list are the original Pixel and Pixel XL, which are no longer supported by Google. This security update includes several feature improvements, including at least part of the promised fix for the Pixel 4's 90 Hz display woes.

WhatsApp has been working on fingerprint-based authentication for its Android app. Now, an update has added this ability to its stable version. However, a user will still be able to answer calls through the service even if the new locking mechanism is active.

Orbita, a company that makes a personal assistant-like AI platform focused on healthcare, has published the results of a study that shows this is what the US adults recruited to it want from their voice-controlled searches. It apparently concludes that 7.5% of this group has used services such as Alexa for this purpose, whereas over 50% would like to.

A recent publication has reported that 52% of all US households with high-speed internet would rather not buy into the smart-home concept. 25% of this group nominated worries about data security and privacy as their reasons to remain out of this market. This research also found that 71% of households who did the opposite worry about cybersecurity.

The Android Debug Bridge (ADB) is an almost mandatory tool for developers, as well as those who simply like to modify their non-Apple phones in any kind of advanced way. It is traditionally dependent on wired connections, however. A new commit on the OS' Google Source website hints at the development of a wireless alternative.

Qualcomm has announced the 9205 LTE modem, a new component destined for internet-of-things (IoT) devices that will connect using this kind of mobile data. However, it will not require a conventional SIM to do so. The OEM has integrated Deutsche Telekom's novel nuSIM platform instead, which goes directly on a chipset to save on device footprint and circuitry.

The consumer-grade security development group Nok Nok Labs has unveiled its new SDK. It asserts that it is the first such app software capable of conferring FIDO-based authentication on smartwatches. This, then, may help users depend more on their wearable for more functions typically carried out on a phone.

A recent study by the analyst group Asurion has concluded that being brought along to celebrate Halloween is one of the biggest potential nightmares a smartphone can go through. The risks of damage and other adversity these devices may face go up by as much as 42% on the date in question. The study indicates this is linked to phone use at night during these festivities.

Wandera, a security research firm, has found malware in 17 apps on the Apple App Store. The apps use a clicker trojan module to generate fraudulent web traffic in the background, likely to pump up ad revenue for specific websites. The apps passed through Apple's stringent review process because they connected to a remote server to execute the fraudulent activity rather than having malware embedded directly in their code.

Intel has released its new low-power solution in full today (October 24, 2019). It is an x86 microarchitecture associated with "significant" IPC enhancements compared to its predecessor. Tremont can also support an L2 cache of up to 4.5MB, as well as crypto acceleration that includes dual 128-bit AES units. It is pitched at IoT, server, client and connectivity applications.

A Linux user has discovered that Disney+, Disney's new streaming service, doesn't work on his Fedora machine. The problem lies with the DRM used by Disney, which implements the highest possible security level. However, Disney has stated that the streaming service will work with Android devices and Chromebooks, both of which are built upon Linux.

Two UK Banks, National Westminster and Royal Bank of Scotland, have removed their respective mobile banking apps from the Google Play Store for Samsung Galaxy S10 users. Citing security concerns, it's likely the banks' decisions were driven by the recent news that the ultrasonic fingerprint scanner used in the S10 could be fooled with a cheap silicone screen protector.

Samsung has released a software patch to fix a security flaw in the ultrasonic fingerprint readers used in the Galaxy S10 and Galaxy Note 10 device families. The patch should come as a notification to users who have registered their biometric data.

The Hygon C86 is essentially an AMD EPYC Zen 1 chip with an additional cryptographic layer added by the Chinese joint venture company collaborating with AMD. The chip was manufactured by GlobalFoundries as a proof-of-concept, and future Hygon CPUs will most likely be manufactured through other foundries like TSMC.

"Joker" is a relatively new form of malware that reportedly acts to steal contacts and sign those with infected devices up for premium SMS services. Most recently, it has been detected in a heretofore-overlooked host on Android by the Pradeo security team. This lab has had the app removed from the Google Play Store, but potentially affected users are advised to uninstall it immediately.

A British Galaxy S10 user has claimed that this phone's ultrasound sensor could be fooled into unlocking for non-registered fingerprints. This issue was allegedly caused by a cheap gel case with a clear flap to cover the screen. Samsung has admitted that this is the case, and has stated that it will push a software fix for it shortly.

Netgear has rolled out its latest mesh Wi-Fi system consisting of a base and one or more satellite units. The new Orbi Dual Band Mesh Wi-Fi System also features the latest Wi-Fi 6 (802.11 ax) standard for speeds up to 1.2 Gbps.

Google also announced its new Nest Wi-Fi home product at the 2019 Pixel launch event. It consists of scalable router and point units in various muted colors. A single 802.11s router covers up to 2200 square feet of space each, whereas each point doubles as a smart speaker.

The latest Insider's version of Windows 10 updates the Your Phone app so that it is compatible with the Samsung Galaxy S10 series, as well as the Galaxy Fold. This allows a user to monitor battery levels, screen-mirror and sync data. However, Microsoft has stated that these new features will be available to certain regions only to start off with.

Many models that launched with Android 8.0 are still affected by a 0-day vulnerability that was not properly patched in 2017. The list of models includes: Google's Pixel 1 and 2, Samsung's Galaxy S7/8/9, Huawei P20, Xiaomi Redmi 5A / Note 5, Xiaomi A1, Oppo A3, Moto Z3, and all LG's smartphones launched in 2H 2017.

DNS over HTTPS is a new way of connecting to websites proposed by the Internet Engineering Task Force (IETF) in 2018. Google is reportedly working on implementing it in an upcoming version of its Chrome browser. However, an anti-trust task force associated with the US Congress has taken issue with this new measure.

A new vulnerability found in the bootrom of iPhones ranging from the iPhone 4S to the iPhone 8, 8 Plus, and X may pave a new path for a permanent jailbreak method. While no jailbreak method that exploits the vulnerability yet exists, the iPhone hacking community has hailed the discovery as a rebirth of the jailbreak.

Realme has announced a new software update for the 3 Pro. It upgrades the phone's security patch level to September 2019. This OTA also adds Digital Wellbeing and a screen-on time meter to this build of Color OS.

Google has announced that future updates will make it more difficult to activate the Assistant by mistake. The company has also taken pains to reassure users that their audio data will not be collected by default in the same release. A specific opt-in determines whether the same will be analysed by humans or not.

Lilu (also known as Lilocked) is a relatively new ransomware that is specifically targeting Linux servers. The ransomware has been infecting systems since mid-July and has so far attacked at least 6700 systems. Lilu targets specific file types (like HTML, PHP, and image files) and alters their file extension to ".lilocked." The ransomware also leaves a note instructing affected users to access an Onion site and pay either 0.03 BTC or US $325 to decrypt file affected files.

The online security company Kaspersky has reported the presence of dangerous programs in the digital versions of educational content for university students. These essays and texts were found to contain malware of varying severity and virulence. Some were described as capable of infecting whole networks from a single student's PC.

Although it is not cheap at all, the Galaxy A90 5G is Samsung's first non-flagship handset with support for the fastest mobile connectivity standard available for the masses (depending on region, of course). Sadly, although it is more expensive than most 4G flagships currently on the market, the Galaxy A90 5G will only get a new security patch every four months.

Ever wanted a Chromebook with 1 TB of internal PCIe storage and 32 GB of RAM? Dell has re-purposed its existing Latitude 5300 2-in-1 and 5400 laptops into Chromebooks designed for developers and businesses to accelerate Chrome OS adoption in the commercial space.

Password Leak Detection is an experimental feature in Chrome 78. It checks a given password against public databases of data breaches, in case of its use in a known security incident. Should this test prove positive, Chrome then offers a pop-up advising the user to change the password for the site or service in question.

An oversight by Apple caused an old security bug to be reintroduced with iOS 12.4. While the bug had been patched in iOS 12.3, the exploit is present in the latest operating system from Apple and can be used for jailbreaking on compatible devices. On the flip side, the security hole presents new risks; the bug can be used by malicious parties to hack into an iPhone or iPad running 12.4.

For the first time in its history, the Xiaomi custom MIUI Android skin has implemented 2-factor authentication (or 2FA) for this OEM's software ecosystem. So far, it works to send notifications to all devices connected to a single applicable account in the event of unfamiliar logins. However, there is no SMS-based verification as yet.

According to employees familiar with the practice, Facebook has been hiring outside contractors to listen to and transcribe user audio. While Facebook claims the transcriptions were done to improve the voice-to-text transcription features of its Messenger app, the company's data use policy makes no mention of humans listening to or transcribing audio.

The US Federal Aviation Authority (FAA) has told airlines that there are MacBook Pros out there that cannot be brought onto commercial flights. The notebooks in question are those that were recalled by Apple earlier this year for official battery replacements. The FAA believes that these components are a fire hazard.

A new report by security experts at Check Point Research demonstrates a glaring vulnerability in modern DSLR cameras: Photo Transfer Protocol. Worse yet, the researchers were able to exploit vulnerabilities in PTP/IP, which transfers photos from a DSLR to a computer wirelessly. This allowed the researchers to infect a nearby DSLR wirelessly and encrypt all of the camera's photos.

The YI Home Camera 3 is an AI-powered security camera. It notifies the user about possible intrusions - however, it solves the problem of potentially indiscriminate, unnecessary messages by using its new software to judge which ones will be important. The new YI camera also has a magnetic stand, so it can be installed anywhere.

iOS 13 will bring a few new features to iPhones upon its release later this year, several of which are focused on protecting user privacy. One such update will block background processes from collecting user data, something that several messaging apps like WhatsApp Facebook Messenger apparently rely on for receiving VoIP calls.

A new publication by Microsoft's Threat Intelligence Center points out an increasingly popular avenue used for cyber attacks: the Internet of Things (IoT). The publication states that researchers discovered a new attack that exploited vulnerabilities in simple IoT devices like a printer and a VOIP phone to access an enterprise network.

According to reports from China, Apple will start mass-producing displays with an in-screen Touch ID sensor that will complement Face ID in anticipation of their inclusion in the 2021 iPhone series. The upcoming displays will likely have a custom Qualcomm ultrasonic fingerprint sensor, which will have a larger recognition area than comparable sensors found in current flagships like the Mate 20 Pro, P30 Pro and Galaxy S10 series.

Apple has suspended a controversial Siri grading program that allowed contractors to listen to recordings of customers using the voice recognition software. The purportedly privacy focused company was caught out by a whistleblower who revealed details of the program that raised serious user privacy concerns.

A study conducted by Consumers International, in conjunction with the Internet Society has reportedly found that most individuals surveyed find connected devices (mostly IoT or "smart home" products) "creepy". In addition, 53% of this group said that they do not trust these devices with their privacy. Concerns such as these put 28% of a sub-group without these devices off buying one.

The Librem 5's specifications have been finalized, but the hardware looks outdated. Considering the phone's $700 price tag, it's unlikely that the Librem 5 will garner any significant market share. However, the Librem 5 is focused on user privacy and "free and open" software instead of bleeding-edge specifications. In that regard, the Librem 5 is sure to be an interesting niche device.

Apple has been caught in a fresh privacy scandal as first reported by The Guardian. According to an Apple contractor, Apple just like Google and Amazon have been busted doing, uses contractors to analyze and assess the accuracy of its Siri voice assistant by listening into people who are unaware this is happening.

According to a new report, Google has released a new feature for the Assistant to a select group of users. This function allows them to compose and send texts directly from their phone's lockscreens. This sounds convenient, but also problematic from certain standpoints.

Internet-protocol (or IP) cameras shipments are thought to grow to over 100 million by 2025, or 20% more than there are now. These projections are part of newly-published research on the IP surveillance market. It is thought to be mainly driven by commercial buyers, although domestic products may also play a role in their growth.

WhatsApp and Telegram are popular secure messaging apps that feature end-to-end encryption to keep messages safe. Even still, the apps have a glaring backdoor that could allow attackers to alter media files sent through the apps. Both apps can store media to publicly accessible file directories, which leaves them vulnerable to manipulation.

If you thought you were crazy covering your laptop webcam with paper, you're not alone. A continent-wide survey conducted earlier this year has revealed that nearly 80 percent of respondents would rather just turn off their webcams to avoid fears of hacking. Women in particular are more worried about their laptops being compromised and are more likely to tape over or disable their webcams.

The Belgian news outlet VRT NWS claims to have gained access to audio recordings made as a result of Google Assistant 'listening' to user speech or activity. The recordings were leaked to VRT by a Google subcontractor. This apparent evidence suggests that the search giant allows these workers access to information that would have remained private were it not for the presence of the Assistant.