#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

call hacking | Breaking Cybersecurity News | The Hacker News

Signal Messenger Bug Lets Callers Auto-Connect Calls Without Receivers' Interaction

Signal Messenger Bug Lets Callers Auto-Connect Calls Without Receivers' Interaction

Oct 04, 2019
Almost every application contains security vulnerabilities, some of which you may find today, but others would remain invisible until someone else finds and exploits them—which is the harsh reality of cybersecurity and its current state. And when we say this, Signal Private Messenger —promoted as one of the most secure messengers in the world—isn't any exception. Google Project Zero researcher Natalie Silvanovich discovered a logical vulnerability in the Signal messaging app for Android that could allow malicious caller to force a call to be answered at the receiver's end without requiring his/her interaction. In other words, the flaw could be exploited to turn on the microphone of a targeted Signal user's device and listen to all surrounding conversations. However, the Signal vulnerability can only be exploited if the receiver fails to answer an audio call over Signal, eventually forcing the incoming call to be automatically answered on the receiver's device
Unprotected VOIP Server Exposed Millions of SMS Messages, Call Logs

Unprotected VOIP Server Exposed Millions of SMS Messages, Call Logs

Jan 16, 2019
A California-based Voice-Over-IP (VoIP) services provider VOIPO has accidentally left tens of gigabytes of its customer data, containing millions of call logs, SMS/MMS messages, and plaintext internal system credentials, publicly accessible to anyone without authentication. VOIPo is one of a leading providers of Voice-Over-IP (VoIP) services in the United States offering reseller VoIP, Cloud VoIP, and VoIP services to residentials and small businesses. Justin Paine , the head of Trust & Safety at CloudFlare, discovered an open ElasticSearch database last week using the Shodan search engine and notified the VOIPO's CTO, who then promptly secured the database that contains at least 4 years of data on its customers. According to Paine, the database contained 6.7 million call logs dating back to July 2017, 6 million SMS/MMS logs dating back to December 2015, and 1 million logs containing API key for internal systems. While the call logs included timestamp and duration o
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Hackers Can Remotely Record and Listen Calls from Your Samsung Galaxy Phones

Hackers Can Remotely Record and Listen Calls from Your Samsung Galaxy Phones

Nov 13, 2015
If you own a Samsung Galaxy Phone – S6, S6 Edge or Note 4 , in particular – there are chances that a skilled hacker could remotely intercept your voice calls to listen in and even record all your voice conversations. Two security researchers, Daniel Komaromy of San Francisco and Nico Golde of Berlin, have demonstrated exactly the same during a security conference in Tokyo. The duo demonstrated a man-in-the-middle (MITM) attack on an out-of-the-box and most updated Samsung handset that allowed them to intercept voice calls by connecting the device to fake cellular base stations. The issue actually resides in the Samsung's baseband chip , which comes in Samsung handsets, that handles voice calls but is not directly accessible to the end user. How to Intercept Voice Calls? The researchers set up a bogus OpenBTS base station that nearby Samsung devices, including the latest Samsung S6 and S6 Edge , think is a legitimate cellular tower. Once connected to
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Hillary Clinton's Phone Intercepted by German intelligence Agency

Hillary Clinton's Phone Intercepted by German intelligence Agency

Aug 17, 2014
After the allegations that the U.S. National Security Agency ( NSA ) not only conducted mass surveillance on German citizens, but also spied on German Chancellor Angela Merkel's own personal mobile phone for years, surveillance has become a big issue for Germany. So big, that Germany itself started spying on U.S. According to the reports came from the German media on Friday, the German foreign intelligence agency known as Bundesnachrichtendienst (BND) hacked into at least one call during Hillary Clinton's time in office as US Secretary of State. However, the time and location have not been disclosed, but Clinton's phone calls were interrupted during her phone conversations, according to the joint investigation done by German newspaper Süddeutsche Zeitung and German regional public broadcasters NDR and WDR. Although, after the story broke, some sources from the German government have denied the allegations of Clinton's phone calls interception and said that t
Cybersecurity Resources