Xiaomi Mi 4 | Breaking Cybersecurity News | The Hacker News

Millions of Xiaomi smartphones are vulnerable to a dangerous remote code execution (RCE) vulnerability that could grant attackers complete control of handsets. The vulnerability, now patched, exists in MIUI – Xiaomi's own implementation of the Android operating system – in versions prior to MIUI Global Stable 7.2 which is based on Android 6.0. The flaw, discovered by IBM X-Force researcher David Kaplan, potentially allows attackers with privileged network access, such as cafe Wi-Fi, to install malware remotely on the affected devices and fully compromise them. Researchers found some apps in the analytics package in MIUI, which can be abused to provide malicious ROM updates remotely through a man-in-the-middle attack. " The vulnerability we discovered allows for a man-in-the-middle attacker to execute arbitrary code as the highly privileged Android 'system' user, " researchers say. Researchers say they discovered vulnerable analytics packages in at lea

Recently a mobile-security firm Bluebox claimed that the brand new Xiaomi Mi4 LTE comes pre-installed with spyware /adware and a " forked " vulnerable version of Android operating system on top of it, however, the company denies the claim. Xiaomi , which is also known as Apple of China, provides an affordable and in-budget smartphones with almost all features that an excellent smartphone provides. On 5th March, when Bluebox researchers claimed to have discovered some critical flaws in Mi4 LTE smartphone, Xiaomi issued a statement to The Hacker News claiming that " There are glaring inaccuracies in the Bluebox blog post " and that they are investigating the matter. RESEARCHERS GET TROLLED BY CHINESE SELLERS Now, Xiaomi responded to Bluebox Labs by preparing a lengthy denial to their claims and said the new Mi4 smartphone purchased by Bluebox team in China (known as the birthplace of fake smartphones) was not an original Xiaomi smartphone but a coun

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

Once again the very popular and the world's third largest smartphone distributor Xiaomi , which had previously been criticized for secretly stealing users' information from the device without the user's permissions, has been found spreading malware . The top selling Android smartphone in China, Xiaomi Mi4 LTE , has been found to be shipped with pre-loaded spyware/adware and a "forked," or not certified, vulnerable version of Android operating system on top of that, according to a San Francisco-based mobile-security company, Bluebox. Xiaomi, which is also known as Apple of China, provides an affordable and in-budget smartphones with almost all features that an excellent smartphone provides. Just like other Xiaomi devices, Mi4 LTE smartphone seems to attract a large number of customers with more than 25,000 units sold out in just 15 seconds on India's online retailer Flipkart . Security Researcher Andrew Blaich of Bluebox firm revealed Thursday that the brand new