Air fryer app caught asking for voice data (re-air) (Lock and Code S06E24)

This week on the Lock and Code podcast … It's often said online that if a product is free, you're the product, but what if that bargain was no longer true? What if, depending on the device you paid hard-earned money for, you still became a product yourself, to be measured, anonymized, collated,...

BADBOX 2.0 Botnet Infects 1 Million Android Devices for Ad Fraud and Proxy Abuse

At least four different threat actors have been identified as involved in an updated version of a massive ad fraud and residential proxy scheme called BADBOX, painting a picture of an interconnected cybercrime ecosystem. This includes SalesTracker Group, MoYu Group, Lemon Group, and LongTV,...

Microsoft Warns of Malvertising Campaign Infecting Over 1 Million Devices Worldwide

Microsoft has disclosed details of a large-scale malvertising campaign that's estimated to have impacted over one million devices globally as part of what it said is an opportunistic attack designed to steal sensitive information. The tech giant, which detected the activity in early December 2024...

Your Phone Won’t Be the Next Exploding Pager

Thousands of beepers and two-way radios exploded in attacks against Hezbollah, but mainstream consumer devices like smartphones aren’t likely to be weaponized the same way...

We Don’t Just Patch – We Hack

We Don’t Just Patch – We Hack By Trellix · February 1, 2023 This blog was written by Douglas McKee If you have read any security advisories, technology news articles or even our very own Bug Report, you have continually been bombarded with the message to patch, patch, patch! Patching is critical ...

PT-2022-15219 · Qualcomm · Qualcomm Snapdragon

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon affected versions not specified Description: The issue is related to memory corruption in audio due to the lack of a check for an invalid routing address into the APR Routing table. This affects various Qualcomm Snapdragon...

Universal Plug and Play (UPnP): What You Need to Know

Universal Plug and Play UPnP is a widely used protocol with a decade-long history of flawed implementations across a wide range of consumer devices. In this paper, we will cover how these aws are still present on devices, how these vulnerabilities are actively being abused, and how a...

The Myth of Consumer-Grade Security

The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Yet that's not possible, because there is no longer any difference between those categories of devices. Consumer devices are critical...

Multicast DNS Vulnerability Could Lead to DDOS Amplification

The Department of Homeland Security sponsored CERT at Carnegie Mellon University on Tuesday released an advisory warning infrastructure providers of a vulnerability in Multicast DNS, or mDNS, that could leak device information that could be leveraged in high volume DDoS amplification attacks. “I...

Enterprises Riding A Tiger With Consumer Devices

Like the old adage that ‘he who rides a tiger is afraid to dismount,’ enterprises today are bounding along on the back of a particularly large and fearsome tiger. It’s called “consumer technology” and its shape is outlined by the myriad of devices and services that modern information workers are...