German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists

Germany's Federal Office for the Protection of the Constitution aka Bundesamt für Verfassungsschutz or BfV and Federal Office for Information Security BSI have issued a joint advisory warning of a malicious cyber campaign undertaken by a likely state-sponsored threat actor that involves carrying...

A Private Smart Wallet with Probabilistic Compliance

We propose a privacy-preserving smart wallet with a novel invitation-based private onboarding mechanism. The solution integrates two levels of compliance in concert with an authority party: a proof of innocence mechanism and an ancestral commitment tracking system using bloom filters for...

Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure

Summary Actions Critical Infrastructure Organizations Should Implement to Immediately Strengthen Their Cyber Posture. • Patch all systems. Prioritize patching known exploited vulnerabilities. • Implement multi-factor authentication. • Use antivirus software. • Develop internal contact lists and...

Over 500,000 Android Users Downloaded a New Joker Malware App from Play Store

A malicious Android app with more than 500,000 downloads from the Google Play app store has been found hosting malware that stealthily exfiltrates users' contact lists to an attacker-controlled server and signs up users to unwanted paid premium subscriptions without their knowledge. The latest...

CSV Injection vulnerability with exported contact lists in Mautic

Impact Mautic versions before 2.13.0 had a vulnerability that allowed a CSV injection with exported contact lists - https://www.owasp.org/index.php/CSVInjection. Patches Update to 2.13.0 or later. Workarounds None. For more information If you have any questions or comments about this advisory:...

CVE-2020-0394

In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege and untrusted devices accessing contact lists with no additional execution privileges needed. User interaction is needed for...

Design/Logic Flaw

In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege and untrusted devices accessing contact lists with no additional execution privileges needed. User interaction is needed for...

CVE-2020-0394

In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege and untrusted devices accessing contact lists with no additional execution privileges needed. User interaction is needed for...

ASB-A-155648639

In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege and untrusted devices accessing contact lists with no additional execution privileges needed. User interaction is needed for...

Joker Spyware Found in 24 Google Play Apps

A new spyware has been making the rounds in Android apps on Google Play, infecting victims post-download to steal their SMS messages, contact lists and device information. In addition to stealing victims’ information, the malware also stealthily signs them up for premium service subscriptions tha...

Android Ransomware Spreads Via 'Sex Simulation Game' Links on Reddit, SMS

Researchers are warning of a new Android ransomware being spread via links in online forums and SMS messages. The malicious links purport to connect back to a sex simulation game, but in reality lead to ransomware that encrypts victims’ files. The Android ransomware, dubbed Android/Filecoder.C, h...

The vulnerability of the iOS operating system allows a perpetrator to gain access to protected information such as contact lists and photos.

The vulnerability of the Siri component of the iOS operating system relates to the absence of data detector blocking during screen lock states. Exploiting this vulnerability could allow a local attacker to gain access to protected information such as contact lists and photos...

The vulnerability of the Mac OS X operating system, which allows a hacker to alter contact lists

The vulnerability of the Messages component in the Mac OS X operating system exists due to improper handling of contact list updates. Exploiting this vulnerability allows a remote attacker to modify contact lists...

Apple OS X El Capitan Messages Contact List Modification Vulnerability

Apple OS X El Capitan is an operating system on Apple devices. Apple OS X El Capitan Messages has a security vulnerability that allows an attacker to modify other users' contact lists...

CVE-2016-1844

The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors...

Espionage Campaign targets iOS devices with Malware apps

A malware campaign has been found targeting iOS devices linked to a wide range of entities, including European defense organizations, governments, and media sectors with dangerous espionage spyware capable of breaching non-jailbroken devices, a recent report claims. The spyware campaign, dubbed...

Simple, but Critical vulnerability in Verizon Portal revealed users' SMS History

A Security researcher discovered a critical privacy vulnerability on Verizon Wireless's Web-based customer portal that allows anyone to download user's SMS History and Numbers of other users he communicated with. Back in August, researcher 'Cody Collier' found that a simple URL exploit could allo...

BlackBerry, Other Smartphone Users Easy Spy Targets

iPhone lovers and other smartphone users should take heed: A security researcher showed ways to spy on a BlackBerry user during a presentation Wednesday, including listening to phone conversations, stealing contact lists, reading text messages, taking and viewing photos and figuring out the...