OnePlus Five | Breaking Cybersecurity News | The Hacker News

This year's first bad news for OnePlus users—a large number of OnePlus customers are reporting of fraudulent credit card transactions after buying products from the Chinese smartphone manufacturer's official online store. The claim initially surfaced on the OnePlus support forum over the weekend from a customer who said that two of his credit cards used on the company's official website was suspected of fraudulent activities. " The only place that both of those credit cards had been used in the last 6 months was on the Oneplus website ," the customer wrote. Later a good number of users posted similar complaints on OnePlus, Twitter and Reddit forums, saying they also became a victim of credit card fraud. Many of the customers claimed that their credit cards had been compromised after they bought a new phone or some accessories directly from the OnePlus official website, indicating that the leak might have been through the company itself. Cybersecurity

Another terrible news for OnePlus users. Just over a month after OnePlus was caught collecting personally identifiable information on its users, the Chinese smartphone company has been found leaving a backdoor on almost all OnePlus handsets. A Twitter user, who goes by the name "Elliot Anderson" ( named after Mr. Robot's main character ), discovered a backdoor (an exploit) in all OnePlus devices running OxygenOS that could allow anyone to obtain root access to the devices. The application in question is " EngineerMode ," a diagnostic testing application made by Qualcomm for device manufacturers to easily test all hardware components of the device. This APK comes pre-installed ( accidentally left behind ) on most OnePlus devices, including OnePlus 2, 3, 3T, and the newly-launched OnePlus 5. We can confirm its existence on the OnePlus 2, 3 and 5. You can also check if this application is installed on your OnePlus device or not. For this, simply go t

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

There is terrible news for all OnePlus lovers. Your OnePlus handset, running OxygenOS—the company's custom version of the Android operating system, is collecting way more data on its users than it requires. A recent blog post published today by security researcher Christopher Moore on his website detailed the data collection practice by the Shenzhen-based Chinese smartphone maker, revealing that OxygenOS built-in analytics is regularly sending users' telemetry data to OnePlus' servers. Collecting basic telemetry device data is a usual practice that every software maker and device manufacturers do to identify, analyse and fix software issues and help improve the quality of their products, but OnePlus found collecting user identification information as well. Moore simply started intercepting the network traffic to analyse what data his OnePlus device sends to its servers, and found that the data collected by the company included: User' phone number MAC addresse