Hey, Siri: Hackers Can Control Smart Devices Using Inaudible Sounds

A technique, dubbed the "Near-Ultrasound Inaudible Trojan" (NUIT), allows an attacker to exploit smartphones and smart speakers over the Internet, using sounds undetectable by humans. [TechWeb]( Follow Dark Reading: [RSS]( March 29, 2023 LATEST SECURITY NEWS & COMMENTARY [Hey, Siri: Hackers Can Control Smart Devices Using Inaudible Sounds]( A technique, dubbed the "Near-Ultrasound Inaudible Trojan" (NUIT), allows an attacker to exploit smartphones and smart speakers over the Internet, using sounds undetectable by humans. [North Korea's Kimsuky Evolves into Full-Fledged, Prolific APT]( In cyberattacks against the US, South Korea, and Japan, the group (aka APT43 or Thallium) is using advanced social engineering and cryptomining tactics that set it apart from other threat actors. [MacStealer Malware Plucks Bushels of Data From Apple Users]( A novel cyber threat against macOS users is being sold for $100 a pop on the Dark Web, and activity is ramping up. [NullMixer Polymorphic Malware Variant Infects 8K Targets in Just a Month]( The NullMixer loader has compromised thousands of endpoints in the US, France, and Italy, stealing data and selling it to Dark Web data dealers, all without setting off alarm bells. [Millions of Pen Tests Show Companies' Security Postures Are Getting Worse]( A lack of website protections, Sender Policy Framework (SPF) records, and DNSSEC configurations leave companies open to phishing and data exfiltration attacks. [Spend on Safety Measures & Call Out Insecure Practices for Safer IoT]( IoT risk and security must get more attention from vendors and support from the marketplace. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Twitter's Source Code Leak on GitHub a Potential Cyber Nightmare]( Indicators point to Twitter's source code being publicly available for around three months, offering a developer security object lesson for businesses. [Cybersecurity vs. Everyone: From Conflict to Collaboration]( Don't assume stakeholders outside security understand your goals and priorities, but consider how you'll communicate with them to gain their support. [Bundestag Bungle: Political Microtargeting of Facebook Users Draws Ire]( With shades of the Cambridge Analytica scandal, German political parties skirted consumer data privacy regulations during the country's last parliamentary election, a privacy watchdog warns. [MORE]( EDITORS' CHOICE [7 Women Leading the Charge in Cybersecurity Research & Analysis]( From rising stars to veterans heading up research teams, check out our profiles of women making a big impact in cyber defense as the threat landscape expands. LATEST FROM THE EDGE [How Does Data Literacy Enhance Data Security?]( With the rise in cloud-based security concerns and other issues, organizations must improve data literacy across the enterprise. LATEST FROM DR TECHNOLOGY [Microsoft Security Copilot Uses GPT-4 to Beef Up Security Incident Response]( Microsoft's new AI assistant tool helps cybersecurity teams investigate security incidents and hunt for threats. WEBINARS - [How Applications Are Attacked: A Year in Application Security]( Cloudflare sees up to 61 million requests per second, meaning we have an unprecedented view into Internet trends like application attacks and API traffic, and automated bot activity. We have put that incredible visibility to use by profiling a year of ... - [Ten Emerging Vulnerabilities Every Enterprise Should Know]( Every day, black hat attackers and white hat researchers are discovering new security vulnerabilities in widely-used systems and applications that might be exploited to compromise your data. Are you aware of the newest - and potentially most impactful - vulnerabilities ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Why Account Security Doesn't Stop at Login]( - [Cloud Journey Adoption Stage: Securing Hybrid and Multi-cloud Environments]( - [Cloud Journey Migration Stage: Adaptive Cloud Security]( - [Cloud Journey Consideration Stage: 2022 Cloud Security Report]( - [Attack Surface Management v2.0 by Brad LaPorte]( - [Forrester Total Economic Impact Report Infographic]( - [State of Enterprise Cybersecurity: Invest Now, or Pay Big Later]( [View More White Papers >>]( FEATURED REPORTS - [Shoring Up the Software Supply Chain Across Enterprise Applications]( Supply chain security attacks are growing at an alarming pace, and things are going to keep getting worse until DevSecOps teams get on the same page. A little help from the feds could also be welcome Modern-day software development depends ... - [The Promise and Reality of Cloud Security]( Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... - [10 Hot Talks From Black Hat USA 2022]( Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Bitwarden Announces Secrets Management With a Combination of Open Source, End-to-End Encryption, and Ease of Use]( [CyberSecure Announces Strategic Alliance]( [XM Cyber Announces Acquisition of Confluera, Adding Run-Time Protection on Cloud Workloads]( [Research Highlights Cyber Security's Underestimated Role As a Business and Revenue Enabler]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The 10 Most Impactful Types of Vulnerabilities for Enterprises Today]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)