A leading U.S. senator has requested that the Federal Trade Commission (FTC) launch an inquiry into Microsoft, citing what he has termed “gross cybersecurity negligence.” This call to action stems from concerns regarding the company’s continued reliance on the outdated RC4 encryption method, which is set as the default in…
Cindy Cohn Steps Down as EFF Executive Director After 25 Years of Advocacy Cindy Cohn, a prominent defender of digital rights, announced her departure from the role of executive director at the Electronic Frontier Foundation (EFF) on Tuesday. Having led the San Francisco-based nonprofit since 2015, Cohn’s resignation marks the…
Data Breach Notification, Data Security, Fraud Management & Cybercrime Breach Affecting 104,000 Highlights Health Data Risks for Non-Healthcare Companies Marianne Kolbasuk McGee (HealthInfoSec) • September 9, 2025 Cornwell Quality Tools has informed nearly 104,000 individuals that their medical information may have been compromised in a recent cyber incident. (Image: Cornwell)…
Concerns Arise Over Malaysia’s Proposed Enhanced MyKad with Biometric Data In a recent announcement, Malaysia’s Home Ministry proposed a new version of the MyKad, the national identity card, set to incorporate biometrics in the form of 10 fingerprints, facial recognition, and iris scans. While this initiative is aimed at bolstering…
In March 2025, 23andMe, a notable player in the biotech sector known for genetic testing, declared Chapter 11 bankruptcy, exposing the vulnerabilities that surround firms handling sensitive genetic data. This drastic step followed a credential-stuffing attack in 2023, which compromised the genetic information of approximately 6.4 million users. As the…
In the process of evaluating an organization’s external attack surface, issues tied to encryption, specifically SSL misconfigurations, attract significant scrutiny. The reasons for this focus are manifold: their prevalence, intricate configuration processes, and the ease with which they can be exploited by attackers make these vulnerabilities a pressing concern for…
Three security vulnerabilities have been identified in preloaded Android applications on Ulefone and Krüger&Matz smartphones. These flaws enable any installed app to factory reset the device and potentially encrypt other applications. Key details of the vulnerabilities include:
CVE-2024-13915 (CVSS score: 6.9): A pre-installed “com.pri.factorytest” app on Ulefone and Krüger&Matz devices exposes a service that permits any app to execute a factory reset.
CVE-2024-13916 (CVSS score: 6.9): The “com.pri.applock” app on Krüger&Matz smartphones allows users to encrypt apps using a PIN or biometric data. This app also exposes a method that lets malicious apps access sensitive fingerprint data.
Security Flaws in Preinstalled Apps on Ulefone and Krüger&Matz Smartphones Enable Malicious Actions On June 2, 2025, significant security vulnerabilities were uncovered in pre-installed applications on smartphones manufactured by Ulefone and Krüger&Matz. These vulnerabilities could potentially allow any application downloaded onto these devices to conduct a factory reset or encrypt…
Three security vulnerabilities have been identified in preloaded Android applications on Ulefone and Krüger&Matz smartphones. These flaws enable any installed app to factory reset the device and potentially encrypt other applications. Key details of the vulnerabilities include:
CVE-2024-13915 (CVSS score: 6.9): A pre-installed “com.pri.factorytest” app on Ulefone and Krüger&Matz devices exposes a service that permits any app to execute a factory reset.
CVE-2024-13916 (CVSS score: 6.9): The “com.pri.applock” app on Krüger&Matz smartphones allows users to encrypt apps using a PIN or biometric data. This app also exposes a method that lets malicious apps access sensitive fingerprint data.
Police Scotland is facing significant scrutiny over its data management practices, having amassed nearly 1,400 recorded data breaches within the last three years. This alarming statistic highlights the urgent need for improved safeguards surrounding sensitive information. Among the incidents reported, various issues such as lost or stolen devices, unauthorized access…
Researchers in the Netherlands have uncovered serious vulnerabilities in encryption standards used across various critical communication systems, including those for law enforcement and military applications. Two years ago, these researchers revealed an intentional backdoor in the TETRA (Terrestrial Trunked Radio) encryption algorithm used globally for securing communications among police, intelligence,…
