Cybersecurity researchers have proposed a novel approach that leverages electromagnetic field emanations from the Internet of Things (IoT) devices as a side-channel to glean precise knowledge about the different kinds of malware targeting the embedded systems, even in scenarios where obfuscation techniques have been applied to hinder analysis. With the rapid adoption of IoT … [Read more...] about Detecting Evasive Malware on IoT Devices Using Electromagnetic Emanations
Devices
New EwDoor Botnet Targeting Unpatched AT&T Network Edge Devices
A newly discovered botnet capable of staging distributed denial-of-service (DDoS) attacks targeted unpatched Ribbon Communications (formerly Edgewater Networks) EdgeMarc appliances belonging to telecom service provider AT&T by exploiting a four-year-old flaw in the network appliances. Chinese tech giant Qihoo 360's Netlab network security division, which detected the botnet … [Read more...] about New EwDoor Botnet Targeting Unpatched AT&T Network Edge Devices
SonicWall Issues Patches for a New Critical Flaw in SMA 100 Series Devices
Network security company SonicWall has addressed a critical security vulnerability affecting its Secure Mobile Access (SMA) 100 series appliances that can permit remote, unauthenticated attackers to gain administrator access on targeted devices remotely. Tracked as CVE-2021-20034, the arbitrary file deletion flaw is rated 9.1 out of a maximum of 10 on the CVSS scoring system, … [Read more...] about SonicWall Issues Patches for a New Critical Flaw in SMA 100 Series Devices
Apple Delays Plans to Scan Devices for Child Abuse Images After Privacy Backlash
Apple is temporarily hitting the pause button on its controversial plans to screen users' devices for child sexual abuse material (CSAM) after receiving sustained blowback over worries that the tool could be weaponized for mass surveillance and erode the privacy of users. "Based on feedback from customers, advocacy groups, researchers, and others, we have decided to take … [Read more...] about Apple Delays Plans to Scan Devices for Child Abuse Images After Privacy Backlash
Critical ThroughTek SDK Bug Could Let Attackers Spy On Millions of IoT Devices
A security vulnerability has been found affecting several versions of ThroughTek Kalay P2P Software Development Kit (SDK), which could be abused by a remote attacker to take control of an affected device and potentially lead to remote code execution. Tracked as CVE-2021-28372 (CVSS score: 9.6) and discovered by FireEye Mandiant in late 2020, the weakness concerns an improper … [Read more...] about Critical ThroughTek SDK Bug Could Let Attackers Spy On Millions of IoT Devices
New Glowworm Attack Recovers Device’s Sound from Its LED Power Indicator
A novel technique leverages optical emanations from a device's power indicator LED to recover sounds from connected peripherals and spy on electronic conversations from a distance of as much as 35 meters. Dubbed the "Glowworm attack," the findings were published by a group of academics from the Ben-Gurion University of the Negev earlier this week, describing the method as "an … [Read more...] about New Glowworm Attack Recovers Device’s Sound from Its LED Power Indicator
A Critical Random Number Generator Flaw Affects Billions of IoT Devices
A critical vulnerability has been disclosed in hardware random number generators used in billions of Internet of Things (IoT) devices whereby it fails to properly generate random numbers, thus undermining their security and putting them at risk of attacks. "It turns out that these 'randomly' chosen numbers aren't always as random as you'd like when it comes to IoT devices," … [Read more...] about A Critical Random Number Generator Flaw Affects Billions of IoT Devices
Your Amazon Devices to Automatically Share Your Wi-Fi With Neighbors
Starting June 8, Amazon will automatically enable a feature on your Alexa, Echo, or other Amazon device that will share some of your Internet bandwidth with your neighbors—unless you choose to opt out. Amazon intends to register its family of hardware devices that are operational in the U.S.—including Echo speakers, Ring Video Doorbells, Ring Floodlight … [Read more...] about Your Amazon Devices to Automatically Share Your Wi-Fi With Neighbors
Chinese Cyber Espionage Hackers Continue to Target Pulse Secure VPN Devices
Cybersecurity researchers from FireEye unmasked additional tactics, techniques, and procedures (TTPs) adopted by Chinese threat actors who were recently found abusing Pulse Secure VPN devices to drop malicious web shells and exfiltrate sensitive information from enterprise networks. FireEye's Mandiant threat intelligence team, which is tracking the cyberespionage activity under … [Read more...] about Chinese Cyber Espionage Hackers Continue to Target Pulse Secure VPN Devices
Apple’s Find My Network Can be Abused to Exfiltrate Data From Nearby Devices
Latest research has demonstrated a new exploit that enables arbitrary data to be uploaded from devices that are not connected to the Internet by simply sending "Find My Bluetooth" broadcasts to nearby Apple devices. "It's possible to upload arbitrary data from non-internet-connected devices by sending Find My [Bluetooth Low Energy] broadcasts to nearby Apple devices that then … [Read more...] about Apple’s Find My Network Can be Abused to Exfiltrate Data From Nearby Devices