Google has released a partial patch for the Pixnapping attack and is working on an additional fix.

The post Pixnapping Attack Steals Data From Google, Samsung Android Phones appeared first on SecurityWeek.

Apple has announced significant updates to its bug bounty program, including new categories and target flags.

The post Apple Bug Bounty Update: Top Payout $2 Million, $35 Million Paid to Date appeared first on SecurityWeek.

The vulnerability could lead to a denial-of-service condition or memory corruption when a malicious font is processed.

The post Apple Updates iOS and macOS to Prevent Malicious Font Attacks appeared first on SecurityWeek.

More than 300 servers and 100,000 SIM cards designed to mimic cellphones and overwhelm networks.

The post A Massive Telecom Threat Was Stopped Right As World Leaders Gathered at UN Headquarters in New York appeared first on SecurityWeek.

NetRise has identified 20 device models from six vendors that are still vulnerable to Pixie Dust attacks.

The post Decade-Old Pixie Dust Wi-Fi Hack Still Impacts Many Devices appeared first on SecurityWeek.

An anonymous reader quotes a report from the Associated Press: The Taliban leader banned fibre optic internet in an Afghan province to "prevent immorality," a spokesman for the administration said Tuesday. It's the first time a ban of this kind has been imposed since the Taliban seized power in August 2021, and leaves government offices, the private sector, public institutions, and homes in northern Balkh province without Wi-Fi internet. Mobile internet remains functional, however. Haji Attaullah Zaid, a provincial government spokesman, said there was no longer cable internet access in Balkh by order of a "complete ban" from the leader Hibatullah Akhundzada. "This measure was taken to prevent immorality, and an alternative will be built within the country for necessities," Zaid told The Associated Press. He gave no further information, including why Balkh was chosen for the ban or if the shutdown would spread to other provinces.

Read more of this story at Slashdot.

Reported by Meta and WhatsApp, the vulnerability leads to remote code execution and was likely exploited by a spyware vendor.

The post Samsung Patches Zero-Day Exploited Against Android Users appeared first on SecurityWeek.

Apple’s new Memory Integrity Enforcement (MIE) brings always-on memory-safety protection covering key attack surfaces — including the kernel and over 70 userland processes.

The post Apple Unveils iPhone Memory Protections to Combat Sophisticated Attacks appeared first on SecurityWeek.

Dish's parent company EchoStar is selling $23 billion worth of 5G spectrum licenses to AT&T and shifting Boost Mobile onto AT&T and T-Mobile networks, effectively abandoning its bid to become the fourth major U.S. wireless carrier. The Verge reports: As part of T-Mobile's deal to acquire Sprint in 2019, the Department of Justice stipulated that another company must replace it as the fourth major wireless carrier. Dish came forward to acquire Boost Mobile from Sprint, paying $1.4 billion to purchase the budget carrier and other prepaid assets. Since then, Dish has spent billions acquiring spectrum to build out its own 5G network, which the company said was close to reaching 80 percent of the US population as of last year, in line with the Federal Communications Commission's deadline to meet certain coverage requirements. But Dish struggled to repay mounting debt, leading it to rejoin EchoStar, the company it originally spun off from in 2008. And at the same time, it came under renewed pressure from the FCC to make use of its spectrum. In April, the Elon Musk-owned SpaceX wrote a letter to the FCC saying EchoStar "barely uses" the AWS-4 (2GHz) spectrum band for satellite connectivity. Weeks later, FCC chair Brendan Carr opened an investigation into EchoStar's 5G expansion, criticizing the company's slow buildout and claiming that it had lost Boost Mobile customers since its acquisition of the carrier. Carr also questioned EchoStar's use of the AWS-4 spectrum, which isn't included in its deal with AT&T. In July, Carr said that he's not concerned with having a fourth mobile provider, saying during an open meeting that there isn't a "magic number" of carriers needed in the US to maintain competition. "We're always looking at a confluence of different factors to make sure that there's sufficient competition," he said, as reported by Fierce Network. Now, EchoStar will become a hybrid mobile network operator, which is a carrier that operates on its own network, in addition to using other companies' infrastructure. As noted in the press release, Boost Mobile will provide connectivity through AT&T towers and the T-Mobile network. "This ensures the survival of Boost Mobile," [said Roger Entner, founder and lead analyst at Recon Analytics]. "It gives them money, but at the end, they don't have much of a network left."

Read more of this story at Slashdot.

In this blog, I’m going to walk you through how to get started with airodump-ng and some of the techniques that you can use to home in on access points of interest.

The post Hunt for Weak Spots in Your Wireless Network with Airodump-ng from the Aircrack-ng Suite appeared first on Black Hills Information Security, Inc..

In the world of cybersecurity, it’s important to understand what attack surfaces exist. The best way to understand something is by first doing it. Whether you’re an aspiring penetration tester, […]

The post Wi-Fi Forge: Practice Wi-Fi Security Without Hardware  appeared first on Black Hills Information Security, Inc..

This is the first installment in a series of blogs relating to practical analysis of wireless communications: what they are, how they work, and how they can be attacked. In […]

The post Ghost in the Wireless: An introduction to Airspace Analysis with Kismet  appeared first on Black Hills Information Security, Inc..

by William Oldert // BHIS Intern BHIS had a problem.   We needed an environment for students to learn WiFi hacking safely. Our original solution used interconnected physical network gear […]

The post WifiForge – WiFi Exploitation for the Classroom appeared first on Black Hills Information Security, Inc..

tl;dr: Install Wifiphisher on Kali and run a basic attack.  This crappy little copy/paste-able operation resulted in a functional Wifiphisher virtual environment on Kali (as of January 22, 2024).   Two […]

The post How to Install and Perform Wi-Fi Attacks with Wifiphisher  appeared first on Black Hills Information Security, Inc..

Ray Felch // This write-up is the first of a multi-part series, providing an introduction to LoRa wireless technology and the LoRaWAN, low-power wide-area network (LPWAN). Interestingly, I came across […]

The post Introducing LoRa (Long Range) Wireless Technology – Part 1 appeared first on Black Hills Information Security, Inc..

Ray Felch // Preface: Recently, I acquired a few home automation devices, so that I might research Zigbee and get a better understanding of how this very popular wireless technology […]

The post Understanding Zigbee and Wireless Mesh Networking appeared first on Black Hills Information Security, Inc..

Paul Clark// Do you want to know how we learned Software Defined Radio? We learned it from Paul.  We also learned by getting our hands dirty with projects. For this […]

The post Webcast: Building a Small and Flexible Wireless Exfiltration Box with SDR appeared first on Black Hills Information Security, Inc..

Jordan Drysdale// With Wild West Hackin’ Fest 2018 coming up (!!!), here’s a preview of some things you might see in the wireless labs. First, s0lst1c3’s eaphammer. @relkci and I […]

The post Wireless Hack Packages Update appeared first on Black Hills Information Security, Inc..

Kent Ickler // It seemed like we were always cross-referencing the Hashcat Wiki or help file when working with Hashcat. We needed things like specific flags, hash examples, or command […]

The post Hashcat 4.10 Cheat Sheet v 1.2018.1 appeared first on Black Hills Information Security, Inc..