Concerns Arise Over Malaysia’s Proposed Enhanced MyKad with Biometric Data In a recent announcement, Malaysia’s Home Ministry proposed a new version of the MyKad, the national identity card, set to incorporate biometrics in the form of 10 fingerprints, facial recognition, and iris scans. While this initiative is aimed at bolstering…
In March 2025, 23andMe, a notable player in the biotech sector known for genetic testing, declared Chapter 11 bankruptcy, exposing the vulnerabilities that surround firms handling sensitive genetic data. This drastic step followed a credential-stuffing attack in 2023, which compromised the genetic information of approximately 6.4 million users. As the…
In the process of evaluating an organization’s external attack surface, issues tied to encryption, specifically SSL misconfigurations, attract significant scrutiny. The reasons for this focus are manifold: their prevalence, intricate configuration processes, and the ease with which they can be exploited by attackers make these vulnerabilities a pressing concern for…
Three security vulnerabilities have been identified in preloaded Android applications on Ulefone and Krüger&Matz smartphones. These flaws enable any installed app to factory reset the device and potentially encrypt other applications. Key details of the vulnerabilities include:
CVE-2024-13915 (CVSS score: 6.9): A pre-installed “com.pri.factorytest” app on Ulefone and Krüger&Matz devices exposes a service that permits any app to execute a factory reset.
CVE-2024-13916 (CVSS score: 6.9): The “com.pri.applock” app on Krüger&Matz smartphones allows users to encrypt apps using a PIN or biometric data. This app also exposes a method that lets malicious apps access sensitive fingerprint data.
Security Flaws in Preinstalled Apps on Ulefone and Krüger&Matz Smartphones Enable Malicious Actions On June 2, 2025, significant security vulnerabilities were uncovered in pre-installed applications on smartphones manufactured by Ulefone and Krüger&Matz. These vulnerabilities could potentially allow any application downloaded onto these devices to conduct a factory reset or encrypt…
Three security vulnerabilities have been identified in preloaded Android applications on Ulefone and Krüger&Matz smartphones. These flaws enable any installed app to factory reset the device and potentially encrypt other applications. Key details of the vulnerabilities include:
CVE-2024-13915 (CVSS score: 6.9): A pre-installed “com.pri.factorytest” app on Ulefone and Krüger&Matz devices exposes a service that permits any app to execute a factory reset.
CVE-2024-13916 (CVSS score: 6.9): The “com.pri.applock” app on Krüger&Matz smartphones allows users to encrypt apps using a PIN or biometric data. This app also exposes a method that lets malicious apps access sensitive fingerprint data.
Police Scotland is facing significant scrutiny over its data management practices, having amassed nearly 1,400 recorded data breaches within the last three years. This alarming statistic highlights the urgent need for improved safeguards surrounding sensitive information. Among the incidents reported, various issues such as lost or stolen devices, unauthorized access…
Researchers in the Netherlands have uncovered serious vulnerabilities in encryption standards used across various critical communication systems, including those for law enforcement and military applications. Two years ago, these researchers revealed an intentional backdoor in the TETRA (Terrestrial Trunked Radio) encryption algorithm used globally for securing communications among police, intelligence,…
Published: July 21, 2025
Category: Enterprise Security / Zero Day
Even the most secure environments are at risk as attackers bypass elaborate defenses—not with elaborate exploits, but by leveraging weak configurations, outdated encryption, and unprotected trusted tools. These stealthy attacks evade detection by blending into normal operations, exploiting gaps in monitoring and assumptions of safety. What once appeared suspicious now seems routine, thanks to modular techniques and automation that mimic legitimate behavior.
The critical issue? Our control is not only being tested; it’s being silently compromised. This week’s updates shed light on how default configurations, blurred trust boundaries, and exposed infrastructures are transforming standard systems into vulnerabilities.
Microsoft has rolled out patches for two security vulnerabilities in SharePoint Server that have been actively exploited, impacting numerous organizations globally. Details on the exploitation surfaced…
Weekly Security Brief: SharePoint Vulnerability, Chrome Exploit, macOS Spyware, and NVIDIA Toolkit RCE July 21, 2025 In the realm of cybersecurity, recent developments indicate that attackers are increasingly circumventing traditional defenses by exploiting seemingly benign vulnerabilities. These intrusions often rely on outdated security configurations, weak encryption, and unprotected trusted tools…
Published: July 21, 2025
Category: Enterprise Security / Zero Day
Even the most secure environments are at risk as attackers bypass elaborate defenses—not with elaborate exploits, but by leveraging weak configurations, outdated encryption, and unprotected trusted tools. These stealthy attacks evade detection by blending into normal operations, exploiting gaps in monitoring and assumptions of safety. What once appeared suspicious now seems routine, thanks to modular techniques and automation that mimic legitimate behavior.
The critical issue? Our control is not only being tested; it’s being silently compromised. This week’s updates shed light on how default configurations, blurred trust boundaries, and exposed infrastructures are transforming standard systems into vulnerabilities.
Microsoft has rolled out patches for two security vulnerabilities in SharePoint Server that have been actively exploited, impacting numerous organizations globally. Details on the exploitation surfaced…
Last week, the United Kingdom instituted a requirement for residents to verify their ages before accessing online pornography and other adult content, aiming to enhance child protection. However, the implementation faced immediate challenges that aligned with expert forecasts. In response to the new regulations, UK residents swiftly adopted virtual private…
A digital platform intended to provide anonymity and safeguard personal experiences has instead compromised the privacy of its users. The app, Tea, designed as a secure space for women to discuss their experiences in potentially harmful relationships, has experienced two significant data breaches within a short span, resulting in the…
