A week in security (February 27 - March 5)

Last week on Malwarebytes Labs: Fighting online censorship, or, encryption's latest surprise use-case, with Mallory Knodel: Lock and Code S04E05 How to work from home securely, the NSA way TikTok probed over child privacy practices iPhone users targeted in phone AND data theft campaign US Marshal...

CVE-2022-30723

Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device...

CVE-2022-30723

Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device...

The Race to Hide Your Voice

Voice recognition—and data collection—have boomed in recent years. Researchers are figuring out how to protect your privacy...

Researchers Developed Artificial Intelligence-Powered Stealthy Malware

Artificial Intelligence AI has been seen as a potential solution for automatically detecting and combating malware, and stop cyber attacks before they affect any organization. However, the same technology can also be weaponized by threat actors to power a new generation of malware that can evade...

Researchers Developed Artificial Intelligence-Powered Stealthy Malware

Artificial Intelligence AI has been seen as a potential solution for automatically detecting and combating malware, and stop cyber attacks before they affect any organization. However, the same technology can also be weaponized by threat actors to power a new generation of malware that can evade...

‘Voice-Squatting’ Turns Alexa, Google Home into Silent Spies

A team of academic researchers has tested the phonetic wherewithal of smart-home assistants Amazon Alexa and Google Home, finding it possible to closely mimic legitimate voice commands in order to carry out nefarious actions. The researchers, a composite team from Indiana University in Bloomingto...

Stealing Voice Prints

This article feels like hyperbole: The scam has arrived in Australia after being used in the United States and Britain. The scammer may ask several times "can you hear me?", to which people would usually reply "yes." The scammer is then believed to record the "yes" response and end the call. That...

Android 'Trusted Voice': My Voice Is My Password

Today device unlocking has become far more secure over the years, from PIN number unlock to Pattern unlock and biometric unlocks including fingerprinting and facial recognition. But... ...What If Your Android Device Can Identify Your Voice before authenticating any access? This exactly what Googl...

Samsung Admits Its Smart TV Is Spying On You

Is Your Smart TV Spying On You? You just need to make sure you don't hold any private conversations in front of the internet-connected TV. IS SMART TV GETTING TOO SMART? Smart TVs are connected to the Internet, and they are capable of collecting and transmitting our data. Samsung's Smart TV uses...

When, Not Whether, Is the Question for Mobile Authentication, Research Finds

The findings from a recent study carried out by Microsoft Research and the University of South Carolina suggest that we should be asking ourselves when to require authentication rather than whether to require authentication. The research puts forth the idea of tailoring authentication requirement...

Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability (950760)

This host is missing a critical security update according to Microsoft Bulletin MS08-032. OpenVAS Vulnerability Test $Id: gbms08-032.nasl 5362 2017-02-20 12:46:39Z cfi $ Description: Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability 950760 Authors: Madhuri D...

Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability (950760)

This host is missing a critical security update according to Microsoft Bulletin MS08-032. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...