#devicesecurity — Public Fediverse posts

Device Security Must Complement Identity to Thwart Modern Threats

Authentication is no longer enough to guarantee security - even with multi-factor authentication in place, phishing kits can capture session tokens, allowing attackers to bypass security checks undetected. As a result, device security must step up to complement identity and prevent modern threats.

https://osintsights.com/device-security-must-complement-identity-to-thwart-modern-threats?utm_source=mastodon&utm_medium=social

#PostauthenticationThreats #MfaBypass #DeviceSecurity #IdentitySecurity #EmergingThreats

https://www.europesays.com/uk/958955/ Alliance urges EU to rethink cyber rules for SIM tech #CyberResilience #CyberResilienceAct(CRA) #Cybersecurity #DataProtection #DeviceSecurity #DigitalResilience #eSIM #EU #Europe #Europe(European) #European #EuropeanCommission #EuropeanUnion(EU) #infosec #InternetOfThings(IoT) #IoTSecurity #NetworkSecurity #sim #SoftwareUpdates #SupplyChainSecurity #SupplyChain #TrustedConnectivityAlliance

Alliance urges EU to rethink cyber rules for SIM tech

Trusted Connectivity Alliance has urged European standards…
#Europe #EU #Cyberresilience #CyberResilienceAct(CRA) #cybersecurity #Dataprotection #Devicesecurity #DigitalResilience #eSIM #Europe(European) #EuropeanCommission #EuropeanUnion #EuropeanUnion(EU) #Infosec #InternetofThings(IoT) #IoTSecurity #Networksecurity #SIM #SoftwareUpdates #SupplyChain #SupplyChainSecurity #TrustedConnectivityAlliance
https://www.europesays.com/europe/41684/

So I’ve got this interesting situation with my tv. I don’t live in an apartment complex. My neighbors’ houses are the typical distance from my own in the cul-de-sac. Still, I think that one of my closet neighbors must be accessing my tv. Three times now audio has played from it while the tv is off. It sounds like a kid’s show usually. When we turn the tv on it immediately goes away and we get full access as usual. My parents are going to casually ask our neighbors if they have Roku ones too.

So I’ve got this interesting situation with my tv. I don’t live in an apartment complex. My neighbors’ houses are the typical distance from my own in the cul-de-sac. Still, I think that one of my closet neighbors must be accessing my tv. Three times now audio has played from it while the tv is off. It sounds like a kid’s show usually. When we turn the tv on it immediately goes away and we get full access as usual. My parents are going to casually ask our neighbors if they have Roku ones too.

So I’ve got this interesting situation with my tv. I don’t live in an apartment complex. My neighbors’ houses are the typical distance from my own in the cul-de-sac. Still, I think that one of my closet neighbors must be accessing my tv. Three times now audio has played from it while the tv is off. It sounds like a kid’s show usually. When we turn the tv on it immediately goes away and we get full access as usual. My parents are going to casually ask our neighbors if they have Roku ones too.

So I’ve got this interesting situation with my tv. I don’t live in an apartment complex. My neighbors’ houses are the typical distance from my own in the cul-de-sac. Still, I think that one of my closet neighbors must be accessing my tv. Three times now audio has played from it while the tv is off. It sounds like a kid’s show usually. When we turn the tv on it immediately goes away and we get full access as usual. My parents are going to casually ask our neighbors if they have Roku ones too.

So I’ve got this interesting situation with my tv. I don’t live in an apartment complex. My neighbors’ houses are the typical distance from my own in the cul-de-sac. Still, I think that one of my closet neighbors must be accessing my tv. Three times now audio has played from it while the tv is off. It sounds like a kid’s show usually. When we turn the tv on it immediately goes away and we get full access as usual. My parents are going to casually ask our neighbors if they have Roku ones too.

Fraud Prevention Evolves to Balance Security and User Experience

The age-old trade-off between security and user experience is no longer a given - in fact, it's possible to boost security without slowing down your customers. By combining identity, device, and network signals, businesses can effectively block fraud while providing a seamless experience for legitimate users.

https://osintsights.com/fraud-prevention-evolves-to-balance-security-and-user-experience?utm_source=mastodon&utm_medium=social

#FraudPrevention #UserExperience #IdentityVerification #DeviceSecurity #NetworkSecurity

CISA has added two Android Framework 0-days (CVE-2025-48572 & CVE-2025-48633) to the KEV list, confirming active exploitation.

Together, they enable privilege escalation and information disclosure, forming a potentially complete compromise path for targeted devices.

Federal agencies have a December 23 patch deadline, and wider organizations are encouraged to roll out updates and monitor for related indicators.

💬 Mobile ecosystems remain a critical attack surface - what best practices have worked for your teams?

Source: https://cybersecuritynews.com/android-0-day-vulnerability-exploited/

Follow us for ongoing vulnerability and threat intelligence updates.

#Cybersecurity #AndroidSecurity #KEV #CISA #ZeroDay #MobileThreats #ThreatIntel #Infosec #SecurityUpdates #DeviceSecurity

CISA has added two Android Framework 0-days (CVE-2025-48572 & CVE-2025-48633) to the KEV list, confirming active exploitation.

Together, they enable privilege escalation and information disclosure, forming a potentially complete compromise path for targeted devices.

Federal agencies have a December 23 patch deadline, and wider organizations are encouraged to roll out updates and monitor for related indicators.

💬 Mobile ecosystems remain a critical attack surface - what best practices have worked for your teams?

Source: https://cybersecuritynews.com/android-0-day-vulnerability-exploited/

Follow us for ongoing vulnerability and threat intelligence updates.

#Cybersecurity #AndroidSecurity #KEV #CISA #ZeroDay #MobileThreats #ThreatIntel #Infosec #SecurityUpdates #DeviceSecurity

CISA has added two Android Framework 0-days (CVE-2025-48572 & CVE-2025-48633) to the KEV list, confirming active exploitation.

Together, they enable privilege escalation and information disclosure, forming a potentially complete compromise path for targeted devices.

Federal agencies have a December 23 patch deadline, and wider organizations are encouraged to roll out updates and monitor for related indicators.

💬 Mobile ecosystems remain a critical attack surface - what best practices have worked for your teams?

Source: https://cybersecuritynews.com/android-0-day-vulnerability-exploited/

Follow us for ongoing vulnerability and threat intelligence updates.

#Cybersecurity #AndroidSecurity #KEV #CISA #ZeroDay #MobileThreats #ThreatIntel #Infosec #SecurityUpdates #DeviceSecurity

Qualcomm has detailed six high-priority vulnerabilities — including a critical secure boot flaw (CVE-2025-47372). Additional issues affect TZ Firmware, HLOS components, DSP, audio, and camera modules.

OEMs are receiving patches and users may need to check manufacturer timelines for deployment.
Follow us for more non-sensationalized security reporting.

Source: https://gbhackers.com/qualcomm-alerts-users-to-critical-flaws/

#Infosec #Qualcomm #SecureBoot #FirmwareSecurity #ThreatIntel #TechNadu #CVEs #DeviceSecurity

Qualcomm has detailed six high-priority vulnerabilities — including a critical secure boot flaw (CVE-2025-47372). Additional issues affect TZ Firmware, HLOS components, DSP, audio, and camera modules.

OEMs are receiving patches and users may need to check manufacturer timelines for deployment.
Follow us for more non-sensationalized security reporting.

Source: https://gbhackers.com/qualcomm-alerts-users-to-critical-flaws/

#Infosec #Qualcomm #SecureBoot #FirmwareSecurity #ThreatIntel #TechNadu #CVEs #DeviceSecurity

Qualcomm has detailed six high-priority vulnerabilities — including a critical secure boot flaw (CVE-2025-47372). Additional issues affect TZ Firmware, HLOS components, DSP, audio, and camera modules.

OEMs are receiving patches and users may need to check manufacturer timelines for deployment.
Follow us for more non-sensationalized security reporting.

Source: https://gbhackers.com/qualcomm-alerts-users-to-critical-flaws/

#Infosec #Qualcomm #SecureBoot #FirmwareSecurity #ThreatIntel #TechNadu #CVEs #DeviceSecurity

Zero Trust: The Cybersecurity Revolution We Can’t Ignore
https://youtu.be/Ql5Hoxw-Fm8 #ZeroTrust #CyberSecurity #IdentitySecurity #NetworkSecurity #CloudSecurity #DataProtection #WorkloadSecurity #DeviceSecurity #CISO #RiskManagement

🖥️ Device is a Liability: Harden It or Lose It #CyberSecurity #DeviceSecurity #Privacy #Encryption #Linux #ZeroTrust #AnonOps #Infosec #VPN #HardenYourDevice #DeadSwitch #GhostOps #TomITCafe #SecurityFirst #NoCompromise #DigitalAnonymity #AirGapped

http://tomsitcafe.com/2025/04/03/device-is-a-liability-harden-it-or-lose-it/

🖥️ Device is a Liability: Harden It or Lose It #CyberSecurity #DeviceSecurity #Privacy #Encryption #Linux #ZeroTrust #AnonOps #Infosec #VPN #HardenYourDevice #DeadSwitch #GhostOps #TomITCafe #SecurityFirst #NoCompromise #DigitalAnonymity #AirGapped

http://tomsitcafe.com/2025/04/03/device-is-a-liability-harden-it-or-lose-it/

🖥️ Device is a Liability: Harden It or Lose It #CyberSecurity #DeviceSecurity #Privacy #Encryption #Linux #ZeroTrust #AnonOps #Infosec #VPN #HardenYourDevice #DeadSwitch #GhostOps #TomITCafe #SecurityFirst #NoCompromise #DigitalAnonymity #AirGapped

http://tomsitcafe.com/2025/04/03/device-is-a-liability-harden-it-or-lose-it/

🖥️ Device is a Liability: Harden It or Lose It #CyberSecurity #DeviceSecurity #Privacy #Encryption #Linux #ZeroTrust #AnonOps #Infosec #VPN #HardenYourDevice #DeadSwitch #GhostOps #TomITCafe #SecurityFirst #NoCompromise #DigitalAnonymity #AirGapped

http://tomsitcafe.com/2025/04/03/device-is-a-liability-harden-it-or-lose-it/

🖥️ Device is a Liability: Harden It or Lose It #CyberSecurity #DeviceSecurity #Privacy #Encryption #Linux #ZeroTrust #AnonOps #Infosec #VPN #HardenYourDevice #DeadSwitch #GhostOps #TomITCafe #SecurityFirst #NoCompromise #DigitalAnonymity #AirGapped

http://tomsitcafe.com/2025/04/03/device-is-a-liability-harden-it-or-lose-it/

Cert-In Issues High Severity Warning for Android Users, Recommends Patching https://thecyberexpress.com/cert-in-severity-warning-for-android-users/ #TheCyberExpressNews #Vulnerabilities #TheCyberExpress #devicesecurity #securitythreat #FirewallDaily #OnlineSafety #Cyberattack #databreach #CyberNews #Phishing #Android #malware #CERTIn #Update #Patch

Cert-In Issues High Severity Warning for Android Users, Recommends Patching https://thecyberexpress.com/cert-in-severity-warning-for-android-users/ #TheCyberExpressNews #Vulnerabilities #TheCyberExpress #devicesecurity #securitythreat #FirewallDaily #OnlineSafety #Cyberattack #databreach #CyberNews #Phishing #Android #malware #CERTIn #Update #Patch

Apple warns iPhone users in 98 countries about spyware attacks

https://stackdiary.com/apple-warns-iphone-users-in-98-countries-about-spyware-attacks/

#Apple #iPhone #Spyware #Security #Alert #Warning #Cybersecurity #Protection #Hackers #Technology #Digital #Privacy #Threat #Safety #Notification #Cyberattack #Lockdown #Update #Passcode #Authentication #Malware #Vigilance #TechNews #AppleID #OnlineSafety #DeviceSecurity #Mercenary #ExpertHelp #Encryption #Software #DataProtection

Google's "Find My Device" Network Launches, Bridging the Gap with Apple's iPhone: https://www.reviewspace.info/google-s-find-my-device-network-launches-bridging-the-gap-with-apple-s-iphone

#Google #FindMyDevice #Android #SmartphoneTracking #Pixel8 #Pixel8Pro #DeviceSecurity #TechnologyNews

Apple debuts new feature to frustrate iPhone thieves

https://www.helpnetsecurity.com/2024/01/23/iphone-stolen-device-protection/

#iPhone #DeviceSecurity #AccountSecurity #Cybersecurity

"🚨 Major Bluetooth Flaw in BlueZ: Keystroke Injection Risk! 🚨"

A Bluetooth vulnerability, CVE-2023-45866, has been uncovered, posing a significant threat to various devices. Discovered by Marc Newlin, this flaw in BlueZ allows unauthenticated devices to inject HID events, leading to potential keystroke injections and arbitrary command executions on affected devices. Particularly alarming, this vulnerability affects a wide range of operating systems including Android, Linux, macOS, and iOS, even those in Lockdown Mode.

Key details include:

• BlueZ not properly restricting non-bonded devices from injecting HID events into the input subsystem.
• Potential for an unauthenticated Peripheral role HID Device to establish an encrypted connection without user interaction, injecting HID messages.
• CVE-2023-45866 carries a critical severity rating with a CVSS base score of 9.8, indicating a high level of threat.

Marc Newlin's analysis highlights that this attack exploits an unauthenticated pairing mechanism within the Bluetooth specification, allowing fake keyboards to connect to target devices.

Stay vigilant and update your devices! 🛡️📱💻

Tags: #CyberSecurity #BluetoothVulnerability #BlueZ #CVE202345866 #KeystrokeInjection #DeviceSecurity #MarcNewlin #ThreatAlert

Sources:

• NVD: CVE-2023-45866
• Tenable: CVE-2023-45866 Details
• Hackread Article by Waqas: Bluetooth Vulnerability Report

"🚨 Major Bluetooth Flaw in BlueZ: Keystroke Injection Risk! 🚨"

A Bluetooth vulnerability, CVE-2023-45866, has been uncovered, posing a significant threat to various devices. Discovered by Marc Newlin, this flaw in BlueZ allows unauthenticated devices to inject HID events, leading to potential keystroke injections and arbitrary command executions on affected devices. Particularly alarming, this vulnerability affects a wide range of operating systems including Android, Linux, macOS, and iOS, even those in Lockdown Mode.

Key details include:

• BlueZ not properly restricting non-bonded devices from injecting HID events into the input subsystem.
• Potential for an unauthenticated Peripheral role HID Device to establish an encrypted connection without user interaction, injecting HID messages.
• CVE-2023-45866 carries a critical severity rating with a CVSS base score of 9.8, indicating a high level of threat.

Marc Newlin's analysis highlights that this attack exploits an unauthenticated pairing mechanism within the Bluetooth specification, allowing fake keyboards to connect to target devices.

Stay vigilant and update your devices! 🛡️📱💻

Tags: #CyberSecurity #BluetoothVulnerability #BlueZ #CVE202345866 #KeystrokeInjection #DeviceSecurity #MarcNewlin #ThreatAlert

Sources:

• NVD: CVE-2023-45866
• Tenable: CVE-2023-45866 Details
• Hackread Article by Waqas: Bluetooth Vulnerability Report

"🚨 Major Bluetooth Flaw in BlueZ: Keystroke Injection Risk! 🚨"

A Bluetooth vulnerability, CVE-2023-45866, has been uncovered, posing a significant threat to various devices. Discovered by Marc Newlin, this flaw in BlueZ allows unauthenticated devices to inject HID events, leading to potential keystroke injections and arbitrary command executions on affected devices. Particularly alarming, this vulnerability affects a wide range of operating systems including Android, Linux, macOS, and iOS, even those in Lockdown Mode.

Key details include:

• BlueZ not properly restricting non-bonded devices from injecting HID events into the input subsystem.
• Potential for an unauthenticated Peripheral role HID Device to establish an encrypted connection without user interaction, injecting HID messages.
• CVE-2023-45866 carries a critical severity rating with a CVSS base score of 9.8, indicating a high level of threat.

Marc Newlin's analysis highlights that this attack exploits an unauthenticated pairing mechanism within the Bluetooth specification, allowing fake keyboards to connect to target devices.

Stay vigilant and update your devices! 🛡️📱💻

Tags: #CyberSecurity #BluetoothVulnerability #BlueZ #CVE202345866 #KeystrokeInjection #DeviceSecurity #MarcNewlin #ThreatAlert

Sources:

• NVD: CVE-2023-45866
• Tenable: CVE-2023-45866 Details
• Hackread Article by Waqas: Bluetooth Vulnerability Report

"🚨 Major Bluetooth Flaw in BlueZ: Keystroke Injection Risk! 🚨"

A Bluetooth vulnerability, CVE-2023-45866, has been uncovered, posing a significant threat to various devices. Discovered by Marc Newlin, this flaw in BlueZ allows unauthenticated devices to inject HID events, leading to potential keystroke injections and arbitrary command executions on affected devices. Particularly alarming, this vulnerability affects a wide range of operating systems including Android, Linux, macOS, and iOS, even those in Lockdown Mode.

Key details include:

• BlueZ not properly restricting non-bonded devices from injecting HID events into the input subsystem.
• Potential for an unauthenticated Peripheral role HID Device to establish an encrypted connection without user interaction, injecting HID messages.
• CVE-2023-45866 carries a critical severity rating with a CVSS base score of 9.8, indicating a high level of threat.

Marc Newlin's analysis highlights that this attack exploits an unauthenticated pairing mechanism within the Bluetooth specification, allowing fake keyboards to connect to target devices.

Stay vigilant and update your devices! 🛡️📱💻

Tags: #CyberSecurity #BluetoothVulnerability #BlueZ #CVE202345866 #KeystrokeInjection #DeviceSecurity #MarcNewlin #ThreatAlert

Sources:

• NVD: CVE-2023-45866
• Tenable: CVE-2023-45866 Details
• Hackread Article by Waqas: Bluetooth Vulnerability Report

"🚨 Major Bluetooth Flaw in BlueZ: Keystroke Injection Risk! 🚨"

A Bluetooth vulnerability, CVE-2023-45866, has been uncovered, posing a significant threat to various devices. Discovered by Marc Newlin, this flaw in BlueZ allows unauthenticated devices to inject HID events, leading to potential keystroke injections and arbitrary command executions on affected devices. Particularly alarming, this vulnerability affects a wide range of operating systems including Android, Linux, macOS, and iOS, even those in Lockdown Mode.

Key details include:

• BlueZ not properly restricting non-bonded devices from injecting HID events into the input subsystem.
• Potential for an unauthenticated Peripheral role HID Device to establish an encrypted connection without user interaction, injecting HID messages.
• CVE-2023-45866 carries a critical severity rating with a CVSS base score of 9.8, indicating a high level of threat.

Marc Newlin's analysis highlights that this attack exploits an unauthenticated pairing mechanism within the Bluetooth specification, allowing fake keyboards to connect to target devices.

Stay vigilant and update your devices! 🛡️📱💻

Tags: #CyberSecurity #BluetoothVulnerability #BlueZ #CVE202345866 #KeystrokeInjection #DeviceSecurity #MarcNewlin #ThreatAlert

Sources:

• NVD: CVE-2023-45866
• Tenable: CVE-2023-45866 Details
• Hackread Article by Waqas: Bluetooth Vulnerability Report

"🚨 UEFI Under Threat: The LogoFAIL Vulnerability 🚨"

A recent security report has brought attention to LogoFAIL, a collection of vulnerabilities that pose a substantial risk to devices utilizing UEFI firmware. These vulnerabilities enable attackers to install UEFI bootkits by leveraging weaknesses in the image-parsing components utilized by various vendors in their firmware. LogoFAIL's impact is widespread, affecting a broad range of devices across x86 and ARM architectures, including products from prominent manufacturers such as Intel, Acer, and Lenovo.

Researchers at Binarly have uncovered that malicious payloads can be executed by injecting image files into the EFI System Partition (ESP), effectively evading security features like Secure Boot. This method of attack ensures the persistence of malware on the system, rendering it virtually undetected. LogoFAIL's full scope of impact is still being assessed, but it is already evident that it poses a significant threat to both consumer and enterprise-grade devices, as it bypasses security mechanisms designed to protect UEFI systems.

Source: BlackHat talk and Bill Toulas, BleepingComputer

MITRE ATT&CK Reference for UEFI Vulnerabilities: T1588.006

Tags: #CyberSecurity #UEFI #Vulnerability #LogoFAIL #Bootkit #SecureBoot #FirmwareSecurity #Binarly #DeviceSecurity 🚨💻🔒

Not sure if an unattended device is your threat model but Windows machines do not do this. At least not to my knowledge. #MacBookProM2 #macos #apple #devicesecurity https://support.apple.com/guide/mac-help/allow-accessories-to-connect-mchlf779ae93/mac

Hey, all. This one is to help a friend. An abuser in her life opened a number of Google and other accounts in her name. We're already getting law enforcement involved. We want to take a forensic copy of the phone before we factory reset it. Any software recommendations?

#mobileforensics #devicesecurity #forensics

RT @[email protected]

London Councils Lose Nearly 1300 Devices Over Three Years https://www.infosecurity-magazine.com/news/london-councils-lose-1300-devices/#.XiWiEv9P41o.twitter #Cybersecurity #DataProtection #DataTheft #CyberRisk #CyberThreat #CyberAwareness #DataSecurity #DeviceSecurity #MobileDevices #InfoSec #Security

🐦🔗: https://twitter.com/GDPR123/status/1219241340875280384

Your WiFi signals are revealing your location - The home may be the hearth, but it’s not going to be a place of safety for too long.
With the abun... more: https://hackaday.com/2019/11/28/your-wifi-signals-are-revealing-your-location/ #devicesecurity #wirelesshacks #research #signals #wifi #iot