Researchers have discovered two potentially serious vulnerabilities in wireless LAN devices that they say are often used in airplanes.
iOS 16 Rolls Out With Passwordless Authentication, Spyware Protection
Apple this week has started rolling out iOS 16 with several security and privacy improvements meant to keep users protected from malware, state-sponsored attackers, and an abusive spouse.
Google Patches Critical Vulnerabilities in Pixel Phones
Google’s September 2022 security update for Pixel devices addresses two critical vulnerabilities. A total of 46 other security flaws were resolved in the Android platform this month.
Hardcoded AWS Credentials in 1,800 Mobile Apps Highlight Supply Chain Issues
Symantec has discovered hardcoded AWS credentials in more than 1,800 mobile applications and warned of the potential risks associated with poor security practices.
While Symantec’s threat hunting team has looked at both Android and iOS apps, nearly all of the applications containing hardcoded credentials were developed for iOS.
iOS 12 Update for Older iPhones Patches Exploited Vulnerability
Apple on Wednesday started shipping patches for older iPhone and iPad devices to address a recent, actively exploited vulnerability.
Tracked as CVE-2022-32893, the vulnerability impacts WebKit and it can be exploited to achieve arbitrary code execution when the user visits a malicious website.
Pwn2Own Offers $100,000 for Home Office Hacking Scenario
Trend Micro’s Zero Day Initiative (ZDI) has announced the targets and prizes for its next Pwn2Own hacking competition, as well as the introduction of a new category that aims to simulate a real world home office environment.
Leaked Docs Show Spyware Firm Offering iOS, Android Hacking Services for $8 Million
Leaked documents appear to show a little-known spyware company offering services that include Android and iOS device exploits for €8 million (roughly $8 million).
Backdoors Found on Counterfeit Android Phones
Russian cybersecurity firm Doctor Web has identified multiple backdoors on the system partitions of several Android devices that are counterfeit versions of popular phones.
New Open Source Tool Shows Code Injected Into Websites by In-App Browsers
A researcher has conducted an analysis to see how major companies could track user activity through their mobile in-app browsers, and released a free and open source tool that allows anyone to check what code is being injected by such browsers.
Signal Discloses Impact From Twilio Hack
Secure communications services provider Signal on Monday disclosed impact from the recent Twilio hack, after threat actors attempted to re-register the phone numbers of some of its users to new devices.
