11 December 2023
■ Researchers Bypass Android Lock Screen Using Driving Mode Assistant
Researchers have discovered a new method to bypass the Android Lock Screen on recent versions like Android 14 and 13. This method allows extraction of sensitive information, including photos, contacts, browsing history, and more. Google has acknowledged the issue, awaiting a security patch for affected versions.
■ AutoSpill Attack Steals Passwords From Password Managers
A credential-stealing method leveraging legitimate Autofill service options on Android has been identified, allowing threat actors to steal user credentials without social engineering or malicious code.
■ Kelvin Security Hacking Group Leader Arrested in Spain
Spanish authorities have apprehended an alleged leader of the 'Kelvin Security' hacking group, responsible for approximately 300 cyberattacks on organizations across 90 countries since 2020.
■ Russian Hackers Exploiting Outlook Zero-day to Attack NATO Member Countries
Utilizing a zero-day exploit in Microsoft Outlook (CVE-2023-23397), the APT28 group, aka Fighting Ursa, targets companies across 14 countries, significant sources of strategic intelligence for the Russian government and military.
■ Meta Makes End-to-End Encryption Default on Facebook Messenger
Meta announces a landmark shift for Messenger, implementing default end-to-end encryption for all personal messages and calls, marking a significant enhancement in user privacy.