Tag: mobile

Massistant: Chinese Mobile Forensic Tool Accesses SMS, Images, Audio, and GPS Data

Jul 17, 2025 5:40 PM

Tags: china, cyber, cybersecurity, data, law, mobile, threat, tool

Cybersecurity researchers at Lookout Threat Lab have uncovered a sophisticated mobile forensics application called Massistant, deployed by Chinese law enforcement to extract comprehensive data from confiscated mobile devices. The tool represents a significant evolution from its predecessor MFSocket, incorporating advanced capabilities to bypass device security measures and collect sensitive information including SMS messages, images, audio…
0-Day RCE Flaw in SonicWall SMA Devices Exploited to Launch OVERSTEP Ransomware

Jul 17, 2025 10:40 AM

Tags: access, breach, credentials, cyber, cyberattack, exploit, flaw, google, group, intelligence, mobile, ransomware, rce, remote-code-execution, threat, zero-day

Google’s Threat Intelligence Group (GTIG) has uncovered a sophisticated cyberattack campaign targeting end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances, where threat actors are exploiting previously stolen credentials and deploying a new rootkit called OVERSTEP. The financially motivated group, tracked as UNC6148, has been operating since at least October 2024 and is suspected of…
SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit

Jul 16, 2025 7:40 PM

Tags: access, backdoor, Intruder, mobile

Unknown intruders are targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances and deploying a novel, persistent backdoor / rootkit, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/16/sonicwall-sma-devices-persistently-infected-with-stealthy-overstep-backdoor-rootkit/
SonicWall SMA devices hacked with OVERSTEP rootkit tied to ransomware

Jul 16, 2025 6:40 PM

Tags: access, malware, mobile, ransomware, threat

A threat actor has been deploying a previously unseen malware called OVERSTEP that modifies the boot process of fully-patched but no longer supported SonicWall Secure Mobile Access appliances. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sonicwall-sma-devices-hacked-with-overstep-rootkit-tied-to-ransomware/
UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Jul 16, 2025 4:40 PM

Tags: access, backdoor, google, group, intelligence, malicious, mobile, threat

A threat activity cluster has been observed targeting fully-patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances as part of a campaign designed to drop a backdoor called OVERSTEP.The malicious activity, dating back to at least October 2024, has been attributed by the Google Threat Intelligence Group (GTIG) to a group it tracks as…
Konfety Android Malware Exploits ZIP Tricks to Masquerade as Legit Apps on Google Play

Jul 16, 2025 12:40 PM

Tags: android, cyber, detection, exploit, google, malicious, malware, mobile, strategy

Security researchers from zLabs have discovered a more advanced version of the Konfety Android malware, which uses complex ZIP-level changes to avoid detection and mimic genuine apps on the Google Play Store, marking a dramatic increase in mobile dangers. This malware employs an >>evil-twin
7 obsolete security practices that should be terminated immediately

Jul 16, 2025 9:40 AM

Tags: access, advisory, antivirus, api, attack, authentication, awareness, breach, business, cloud, compliance, control, cybersecurity, data, defense, detection, edr, endpoint, exploit, google, grc, identity, infrastructure, iot, linkedin, mfa, microsoft, mobile, monitoring, network, office, password, phishing, phone, ransomware, risk, service, siem, social-engineering, strategy, tactics, technology, threat, tool, training, unauthorized, update, vpn, vulnerability, zero-trust

2. Taking a compliance-driven approach to security: Too many teams let compliance drive their security programs, focusing more on checking boxes than solving actual cybersecurity challenges, says George Gerchow, CSO at data security services firm Bedrock Security. He notes that many enterprises drive to meet compliance standards, yet still suffer serious breaches. The reason? They…
No Data on Devices: How Virtual Mobile Infrastructure Changes the Game

Jul 15, 2025 4:40 PM

Tags: attack, data, infrastructure, mobile, network, phishing, privacy, strategy, vulnerability

Hypori’s Lewandowski on Eliminating Data and Apps From Personal Devices. Traditional BYOD strategies rely on managing personal devices directly, which introduces privacy concerns and leaves organizations vulnerable to attacks such as phishing, network compromise and device rooting, said Wayne Lewandowski, chief revenue officer at Hypori. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/no-data-on-devices-how-virtual-mobile-infrastructure-changes-game-a-28968
350M Cars, 1B Devices Exposed to 1-Click Bluetooth RCE

Jul 11, 2025 10:40 PM

Tags: data-breach, mobile, rce, remote-code-execution, vulnerability

Mercedes, Skoda, and Volkswagen vehicles, as well as untold industrial, medical, mobile, and consumer devices, may be exposed to a vulnerable Bluetooth implementation called PerfektBlue. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/350m-cars-1b-devices-1-click-bluetooth-rce
Businesses are overconfident as mobile phishing scams surge

Jul 11, 2025 6:40 PM

Tags: attack, mobile, phishing, scam

Nearly six in 10 companies experienced incidents because of voice or text phishing attacks that led to executive impersonation, according to a new report from Lookout. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/mobile-phishing-risks-lookout/752824/
»manage it« TechTalk: Darum stehen Mobile-First-Sicherheitsstrategien zunehmend im Fokus

Jul 11, 2025 5:40 AM

Tags: cloud, conference, identity, iphone, mobile

Die richtige Mobile-First-Sicherheitsstrategie soll helfen, iPhone, iPad und Co. resilienter und weniger angreifbar zu machen. Warum wird das immer wichtiger und worauf sollten sich Unternehmen dabei einstellen? Darüber haben wir mit Matthew Berzinski vom Sicherheitsanbieter Ping Identity auf der European Identity Cloud Conference 2025 gesprochen. Herausgekommen ist dieses Video, in dem er außerdem sagt, wie…
INE Security Launches Enhanced eMAPT Certification

Jul 10, 2025 4:40 PM

Tags: cyber, cybersecurity, mobile, penetration-testing

Cary, North Carolina, July 10th, 2025, CyberNewsWire Industry’s Most Comprehensive Mobile Application Penetration Testing Program Addresses Real-World Mobile Security Challenges. INE Security, a leading provider of cybersecurity education and cybersecurity certifications, today launched its significantly enhanced eMAPT (Mobile Application Penetration Testing) certification. The updated certification delivers the industry’s most comprehensive and practical approach to mobile…
INE Security Launches Enhanced eMAPT Certification

Jul 10, 2025 4:40 PM

Tags: cyber, cybersecurity, mobile, penetration-testing

Cary, North Carolina, July 10th, 2025, CyberNewsWire Industry’s Most Comprehensive Mobile Application Penetration Testing Program Addresses Real-World Mobile Security Challenges. INE Security, a leading provider of cybersecurity education and cybersecurity certifications, today launched its significantly enhanced eMAPT (Mobile Application Penetration Testing) certification. The updated certification delivers the industry’s most comprehensive and practical approach to mobile…
Google reveals details on Android’s Advanced Protection for Chrome

Jul 9, 2025 10:39 PM

Tags: android, browser, chrome, google, mobile

Google is sharing more information on how Chrome operates when Android mobile users enable Advanced Protection, highlighting strong security improvements. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-reveals-details-on-androids-advanced-protection-for-chrome/
SparkKitty Malware Steals Photos from iOS and Android Devices

Jul 9, 2025 6:39 PM

Tags: android, crypto, cyber, cybersecurity, malware, mobile, risk, theft

A sophisticated Trojan malware campaign has been targeting mobile device users across iOS and Android platforms since February 2024, with cybersecurity researchers identifying a significant escalation in photo theft capabilities that poses particular risks to cryptocurrency users and individuals storing sensitive information in their device galleries. SparkKitty represents a concerning evolution in mobile malware distribution,…
South Korean Government Imposes Penalties on SK Telecom for Breach

Jul 9, 2025 6:39 PM

Tags: breach, country, data-breach, government, mobile

Following a breach at the country’s top mobile provider that exposed 27 million records, the South Korean government imposed a small monetary penalty but stiff regulatory requirements. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/south-korea-imposes-penalties-sk-telecom-breach
Anatsa mobile malware returns to victimize North American bank customers

Jul 8, 2025 9:34 PM

Tags: android, banking, finance, malware, mobile

Android banking malware known as Anatsa was back for a brief but noticeable run in late June, researchers said. First seen on therecord.media Jump to article: therecord.media/anatsa-android-banking-malware-returns-north-america
Malware Attacks on Android Devices Surge in Q2, Driven by Banking Trojans and Spyware

Jul 7, 2025 9:34 PM

Tags: adware, android, attack, banking, cyber, malware, mobile, spyware, threat

Dr.Web Security Space for mobile devices reported that malware activity on Android devices increased significantly in the second quarter of 2025. Adware trojans, particularly from the Android.HiddenAds family, remained the most prevalent threat, despite an 8.62% decrease in user encounters. These trojans often disguise themselves as harmless apps or hide within system directories, concealing their…
NSB Warns of Cybersecurity Risks Linked to Popular Chinese Apps Like Rednote, Weibo, TikTok, WeChat, and Baidu Cloud

Jul 7, 2025 6:34 PM

Tags: china, cloud, cyber, cybersecurity, mobile, risk

Taiwan’s National Security Bureau (NSB) has issued a stark warning about cybersecurity risks associated with several widely used China-developed mobile applications, including Rednote, Weibo, TikTok, WeChat, and Baidu Cloud. Following an in-depth investigation conducted in collaboration with the Ministry of Justice Investigation Bureau (MJIB) and the Criminal Investigation Bureau (CIB) under the National Police Agency,…
Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams

Jul 3, 2025 6:34 PM

Tags: android, fraud, intelligence, malware, mobile, nfc, scam, threat

A mobile ad fraud operation dubbed IconAds that consisted of 352 Android apps has been disrupted, according to a new report from HUMAN.The identified apps were designed to load out-of-context ads on a user’s screen and hide their icons from the device home screen launcher, making it harder for victims to remove them, per the…
Verizon and T-Mobile Deny Data Breaches as Millions of User Records Sold Online

Jul 2, 2025 1:34 PM

Tags: breach, data, mobile

User claims to sell stolen Verizon and T-Mobile data for millions of users (online Verizon says data is old T-Mobile denies any breach and links to it. First seen on hackread.com Jump to article: hackread.com/verizon-t-mobile-deny-data-breaches-user-records-sold/
FBI’s mobile security recommendations lacking, senator says

Jul 1, 2025 10:34 PM

Tags: mobile

First seen on scworld.com Jump to article: www.scworld.com/brief/fbis-mobile-security-recommendations-lacking-senator-says
ICE’s Shiny New ‘AI’ Facial Recognition App: False Positives Ahoy!

Jun 30, 2025 8:33 PM

Tags: ai, mobile, threat

Mobile Fortify: Liberty’s existential threat, or sensible way to ID illegal immigrants? First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/ice-facial-recognition-mobile-fortify-richixbw/
DOJ: Cartel Hacked Phones, Cameras to Track FBI Informants

Jun 30, 2025 8:33 PM

Tags: cctv, data, hacker, mobile, phone, technology

New Report Says Mexican Cartel Hired Hacker to Identify, Track and Kill FBI Sources. A Justice Department watchdog found a Mexican cartel hired a hacker to tap mobile data and Mexico City cameras, helping track, intimidate and kill potential U.S. informants linked to El Chapo while calling for reforms to protect sensitive investigations from rapidly…
Fresh UK postcode tool points out best mobile network in your area

Jun 28, 2025 11:33 PM

Tags: 5G, mobile, network, tool

Pick a provider based on how good their local 4G and 5G coverage is First seen on theregister.com Jump to article: www.theregister.com/2025/06/27/ofcoms_postcode_checker_points_out/
Cisco warns of critical API vulnerabilities in ISE and ISE-PIC

Jun 27, 2025 5:36 AM

Tags: access, ai, api, application-security, attack, authentication, automation, best-practice, business, ceo, cisco, ciso, cloud, communications, control, credentials, data, defense, email, endpoint, exploit, firewall, flaw, framework, guide, Hardware, incident response, malicious, microsoft, mobile, network, penetration-testing, programming, risk, router, saas, sans, service, software, threat, update, vpn, vulnerability, waf

root user.The fault behind both vulnerabilities: Holes in application programming interfaces (APIs).”Take this vulnerability seriously,” said Moses Frost, senior course instructor on cloud penetration testing at the SANS Institute. “In my experience assessing networks, I have found through testing that many lack essential patches and security hardening on their core network devices. I have seen Cisco…
Beware of Weaponized Wedding Invite Scams Delivering SpyMax RAT to Android Devices

Jun 25, 2025 10:35 PM

Tags: android, computing, cyber, malicious, mobile, phishing, rat, scam, threat

A sophisticated Android phishing campaign, aptly named “Wedding Invitation,” has emerged as a significant threat targeting mobile users across India. According to a detailed report from K7 Computing, this malicious operation leverages the guise of digital wedding invitations to deceive unsuspecting users into installing compromised APK files. Stealthy Phishing Campaign Distributed primarily through popular messaging…
Hackers claim breach of 64M T-Mobile records

Jun 24, 2025 10:35 PM

Tags: breach, hacker, mobile

First seen on scworld.com Jump to article: www.scworld.com/brief/hackers-claim-breach-of-64m-t-mobile-records
New SparkKitty malware targets mobile photos for cryptowallet compromise

Jun 24, 2025 10:35 PM

Tags: malware, mobile

First seen on scworld.com Jump to article: www.scworld.com/brief/new-sparkkitty-malware-targets-mobile-photos-for-cryptowallet-compromise
Malware on Google Play, Apple App Store stole your photos”, and crypto

Jun 23, 2025 8:35 PM

Tags: android, apple, crypto, google, malware, mobile

A new mobile crypto-stealing malware called SparkKitty was found in apps on Google Play and the Apple App Store, targeting Android and iOS devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malware-on-google-play-app-store-stole-your-photos-and-crypto/