Tag: mobile
-
Virgin Media 02 Vuln Exposes Call Recipient Location
A hacker exploiting the security flaw in the mobile provider’s network could have potentially located a call recipient with accuracy of up to 100 square meters. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/virgin-media-02-call-recipient-location
-
CISA Adds Actively Exploited Ivanti EPMM Zero-Day to KEV Catalog
Tags: authentication, cisa, cve, cyber, cybersecurity, endpoint, exploit, flaw, infrastructure, ivanti, kev, mobile, open-source, remote-code-execution, vulnerability, zero-dayCybersecurity and Infrastructure Security Agency (CISA) has added two critical zero-day vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The flaws CVE-2025-4427 and CVE-2025-4428 enable authentication bypass and remote code execution, respectively, and stem from insecure implementations of widely used open-source…
-
O2 UK patches bug leaking mobile user location from call metadata
A flaw in O2 UK’s implementation of VoLTE and WiFi Calling technologies could allow anyone to expose the general location of a person and other identifiers by calling the target. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/o2-uk-patches-bug-leaking-mobile-user-location-from-call-metadata/
-
RSA 2025: AI’s Promise vs. Security’s Past”Š”, “ŠA Reality Check”
Tags: ai, automation, cloud, conference, cyberattack, cybersecurity, data, detection, edr, endpoint, infrastructure, mobile, resilience, soar, tool, update, windows, zero-trustRSA 2025: AI’s Promise vs. Security’s Past”Š”, “ŠA Reality Check Ah, RSA. That yearly theater (Carnival? Circus? Orgy? Got any better synonyms, Gemini?) of 44,000 people vaguely (hi salespeople!) related to cybersecurity “¦ where the air is thick with buzzwords and the vendor halls echo with promises of a massive revolution”Š”, “Ševery year. Gemini imagines RSA 2025 (very tame!)…
-
Ivanti Fixes RCE and Auth Bypass Vulnerabilities in Endpoint Manager Mobile
Tags: cve, endpoint, exploit, ivanti, mobile, rce, remote-code-execution, risk, software, vulnerabilityIvanti has released security patches to address two vulnerabilities in its Endpoint Manager Mobile (EPMM) software, which were being actively exploited in limited attacks. These vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, have the potential to allow attackers to execute remote code on vulnerable systems, posing a severe risk to organizations using the software. First seen…
-
Android Enterprise Launches Device Trust For Enhanced Security
Android Enterprise introduced Device Trust to enhance mobile security on Android devices First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/android-enterprise-launches-device/
-
Russian internet shutdown that disrupted essential services condemned by rights groups
Russian authorities restricted mobile internet access from May 5 to May 9, citing security concerns related to the preparation and celebration of the Victory Day parade in Moscow. First seen on therecord.media Jump to article: therecord.media/russian-internet-shutdown-condemned-by-rights-groups
-
Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks
Tags: access, attack, authentication, credentials, cve, endpoint, exploit, flaw, ivanti, mobile, remote-code-execution, software, update, vulnerabilityIvanti has released security updates to address two security flaws in Endpoint Manager Mobile (EPMM) software that have been chained in attacks to gain remote code execution.The vulnerabilities in question are listed below -CVE-2025-4427 (CVSS score: 5.3) – An authentication bypass in Ivanti Endpoint Manager Mobile allowing attackers to access protected resources without proper credentials…
-
CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution
Tags: access, advisory, api, attack, authentication, cve, endpoint, exploit, flaw, ivanti, mobile, open-source, programming, rce, remote-code-execution, software, vulnerability, waf, zero-dayRemote code execution vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacks Background On May 13, Ivanti released a security advisory to address a high severity remote code execution (RCE) and a medium severity authentication bypass vulnerability in its Endpoint Manager Mobile (EPMM) product, a…
-
Ivanti fixes EPMM zero-days chained in code execution attacks
Ivanti warned customers today to patch their Ivanti Endpoint Manager Mobile (EPMM) software against two security vulnerabilities chained in attacks to gain remote code execution. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ivanti-fixes-epmm-zero-days-chained-in-code-execution-attacks/
-
Ivanti Released Security Updates to Fix for the Mutiple RCE Vulnerabilities Patch Now
Ivanti, a leading enterprise software provider, has released critical security updates addressing vulnerabilities across several products, including Endpoint Manager Mobile (EPMM), Neurons for ITSM (on-premises), Cloud Services Application (CSA), and Neurons for MDM (N-MDM). These vulnerabilities, ranging from medium to critical severity, could allow attackers to execute remote code, gain administrative access, escalate privileges, or…
-
Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428)
Attackers have exploited vulnerabilities in open-source libraries to compromise on-prem Ivanti Endpoint Manager Mobile (EPMM) instances of a >>very limited
-
Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428)
Attackers have exploited vulnerabilities in open-source libraries to compromise on-prem Ivanti Endpoint Manager Mobile (EPMM) instances of a >>very limited
-
The rise of vCISO as a viable cybersecurity career path
Tags: advisory, business, ceo, cio, ciso, compliance, computer, control, country, cyber, cybersecurity, government, grc, group, guide, healthcare, incident response, infrastructure, ISO-27001, jobs, mobile, network, nist, risk, risk-assessment, risk-management, service, skills, strategy, technology, tool, trainingDamon Petraglia, vCISO and CISO on demand Blue Mantis Damon Petraglia A long-time cybersecurity pro with chops built up in the federal government world and through forensic investigation work, Damon Petraglia works as a vCISO and CISO on demand for the IT services firm Blue Mantis.”Where I am today as a vCISO is a culmination…
-
What your browser knows about you, from contacts to card numbers
Chrome and Safari are the most popular browser apps, accounting for 90% of the mobile browsers market share, according to Surfshark. Chrome: the most data-hungry browser … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/09/browser-data-collection-tracking/
-
SonicWall SMA 100 Series Critical Post-Authentication Vulnerabilities (CVE-2025-32819, CVE-2025-32820, CVE-2025-32821)
Summary On May 7, 2025, SonicWall and Rapid7 disclosed three vulnerabilities affecting SonicWall Secure Mobile Access (SMA) 100 Series appliances, including models 200, 210, 400, First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2025/05/09/sonicwall-sma-100-series-critical-post-authentication-vulnerabilities-cve-2025-32819-cve-2025-32820-cve-2025-32821/
-
SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root
SonicWall has released patches to address three security flaws affecting SMA 100 Secure Mobile Access (SMA) appliances that could be fashioned to result in remote code execution.The vulnerabilities are listed below -CVE-2025-32819 (CVSS score: 8.8) – A vulnerability in SMA100 allows a remote authenticated attacker with SSL-VPN user privileges to bypass the path traversal checks…
-
The Subscription Society
In the quaint town of Everyville, USA, Sarah starts her day with a familiar routine. She wakes up in her rented apartment, checks her phone (leased through her mobile plan), and streams her favourite morning playlist on Spotify. As she sips her coffee, brewed from beans delivered monthly by a subscription service, Sarah reflects on……
-
SonicWall urges admins to patch VPN flaw exploited in attacks
SonicWall has urged its customers to patch three security vulnerabilities affecting its Secure Mobile Access (SMA) appliances, one of them tagged as exploited in attacks First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sonicwall-urges-admins-to-patch-vpn-flaw-exploited-in-attacks/
-
Meta awarded $167m in court battle with spyware mercenaries
WhatsApp owner Meta is awarded millions of dollars in damages and compensation after its service was exploited by users of mercenary spyware developer NSO’s infamous Pegasus mobile malware. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366623689/Meta-awarded-167m-in-court-battle-with-spyware-mercenaries
-
You’ll never guess which mobile browser is the worst for data collection
We were shocked SHOCKED by the answer First seen on theregister.com Jump to article: www.theregister.com/2025/05/07/mobile_browser_data_collection/
-
SonicBoom Attack Chain Lets Hackers Bypass Login and Gain Admin Control
Tags: access, attack, authentication, control, cyber, cybersecurity, exploit, hacker, login, mobile, vulnerabilityCybersecurity researchers have uncovered a dangerous new exploitation technique, dubbed the >>SonicBoom Attack Chain,
-
Zimperiums Global Mobile Threat Report 2025: Mobilgeräte als bevorzugter Angriffsvektor Cyber-Krimineller
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/zimperium-global-mobile-threat-report-2025-mobilgeraete-bevorzugung-angriffsvektor-cyber-kriminelle
-
RSAC 2025: Top 5 mobile app risks revealed by half a million assessments
First seen on scworld.com Jump to article: www.scworld.com/news/rsac-2025-top-5-mobile-app-risks-revealed-by-half-a-million-assessments
-
Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221)
Attackers have been using two previously known vulnerabilities (CVE-2024-38475, CVE-2023-44221) to compromise SonicWall secure mobile access devices, the vendor has confirmed … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/02/sonicwall-cve-2024-38475-cve-2023-44221-exploited/
-
Mobilgeräte bevorzugter Angriffsvektor für Cyberkriminelle
Die Sicherheit mobiler Geräte rückt zunehmend in den Fokus der Cybersicherheitsbranche. Der aktuelle ‘Global Mobile Threat Report 2025″ des Unternehmens Zimperium zeigt auf, dass mobile Endgeräte längst zum bevorzugten Ziel für Cyberangriffe geworden sind. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/mobilgeraete-angriffsvektor
-
Report Exposes Soft Security Underbelly of Mobile Computing
Zimperium, this week during the 2025 RSA Conference, shared an analysis of mobile computing environments that finds more than 60% of iOS and 34% of Android apps lack basic code protection, with nearly 60% of iOS and 43% of Android apps also vulnerable to leaking personally identifiable information (PII). First seen on securityboulevard.com Jump to…
-
SonicWall warns of more VPN flaws exploited in attacks
Cybersecurity company SonicWall has warned customers that several vulnerabilities impacting its Secure Mobile Access (SMA) appliances are now being actively exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sonicwall-sma100-vpn-vulnerabilities-now-exploited-in-attacks/