Cyber Security Headlines Sturnus captures encrypted chats, PowerSchool schools blamed, SEC security bill
18 snips
Nov 21, 2025 A new Android Trojan called Sturnus is causing chaos by capturing encrypted chat content and hijacking devices. Canadian regulators are pointing fingers at schools for their lackluster security that led to a PowerSchool hack. Meanwhile, cybersecurity takes a front seat as a new bipartisan bill aims to enhance data protection at the SEC. Plus, urgent directives are issued to patch critical vulnerabilities, while guidance on evasion attacks emerges from Germany's BSI. Stay informed and secure!
AI Snips
Chapters
Transcript
Episode notes
Screen Capture Defeats Encrypted Chats
- Threat Fabrik discovered Sternus captures decrypted chat content directly from device screens to bypass messaging encryption.
- This enables monitoring of WhatsApp, Telegram and Signal without breaking encryption protocols.
Watch For Overlay Login Attacks
- Monitor for overlay attacks and suspicious fake login screens on mobile banking apps.
- Require multi-factor checks and educate users to reject unexpected credential prompts.
Fix Contracts And Rehearse Breach Response
- Include explicit privacy and security provisions in vendor contracts and actively monitor vendor controls.
- Prepare and rehearse breach response plans before incidents occur.