Tag: mobile

Discontinuation of CISA’s mobile app security program untimely, lawmaker says

Jun 6, 2025 9:54 PM

Tags: cisa, mobile

First seen on scworld.com Jump to article: www.scworld.com/brief/discontinuation-of-cisas-mobile-app-security-program-untimely-lawmaker-says
Colossal breach exposes 4B Chinese user records in surveillance-grade database

Jun 6, 2025 2:54 PM

Tags: breach, china, cybercrime, cybersecurity, data, data-breach, disinformation, exploit, finance, fraud, group, identity, infrastructure, insurance, intelligence, iphone, leak, mobile, organized, phishing, phone, threat

according to cybersecurity firm Cybernews, which reported its findings based on its own research.What makes this breach particularly alarming isn’t just its size, though at four billion records, it’s believed to be the largest single-source leak of Chinese personal data ever found, it’s the breadth and depth of information that was exposed.According to the report, the researchers stumbled…
Cellebrite to acquire mobile testing firm Corellium in $200 million deal

Jun 5, 2025 4:55 PM

Tags: mobile

Both companies have faced controversy in recent years, primarily for their work in circumventing mobile device security features First seen on cyberscoop.com Jump to article: cyberscoop.com/cellebrite-correllium-acquisition-ios-android/
Rep. Garbarino: Ending CISA mobile app security program for feds sends ‘wrong signal’

Jun 5, 2025 3:55 PM

Tags: cisa, cybersecurity, mobile

CyberScoop is first to report on the letter to DHS from the chair of a cybersecurity subcommittee, which also addresses CISA’s role as lead coordinator with the telecom sector. First seen on cyberscoop.com Jump to article: cyberscoop.com/rep-garbarino-ending-cisa-mobile-app-security-program-for-feds-sends-wrong-signal/
Phone unlocking firm Cellebrite to acquire mobile testing startup Corellium for $170M

Jun 5, 2025 2:54 PM

Tags: mobile, phone, startup, vulnerability

Cellebrite said the deal will help with the “accelerated identification of mobile vulnerabilities and exploits.” First seen on techcrunch.com Jump to article: techcrunch.com/2025/06/05/phone-unlocking-firm-cellebrite-to-acquire-mobile-testing-startup-corellium-for-170m/
Web Application Firewall (WAF) Best Practices For Optimal Security

Jun 4, 2025 10:54 PM

Tags: best-practice, firewall, injection, mobile, sql, threat, waf

Web and mobile application code protection is a must-have security control. Modern solutions such as application layer firewall help your organisation to keep those assets protected from threats like SQL injection, cross-site scripting and bot-driven attacks. This is where a Web Application Firewall (WAF) comes into the picture. A WAF has the capability of filtering,……
Don’t Be a Statistic: Proactive API Security in the Age of AI

Jun 4, 2025 2:55 PM

Tags: access, ai, api, attack, breach, business, cloud, compliance, cybercrime, data, data-breach, defense, email, exploit, finance, governance, infrastructure, Internet, iot, mobile, phone, privacy, risk, security-incident, strategy, threat, tool, unauthorized, update, vulnerability

Your business depends on APIs, which are essential for contemporary digital experiences, encompassing everything from mobile applications and IoT devices to the rapidly evolving AI landscape. With more than 80% of internet traffic now routed through APIs”, a number projected to rise significantly due to AI developments”, their security is crucial. Unfortunately, this vital infrastructure…
New Crocodilus Malware Grants Full Control Over Android Devices

Jun 4, 2025 12:55 PM

Tags: android, banking, control, cyber, intelligence, malware, mobile, threat

The Mobile Threat Intelligence (MTI) team identified a formidable new player in the mobile malware landscape: Crocodilus, an Android banking Trojan designed for device takeover. Initially observed in test campaigns with limited live instances, this malware has rapidly evolved, demonstrating a surge in active campaigns and sophisticated development. A Rising Threat in the Android Ecosystem…
Meta pauses mobile port tracking tech on Android after researchers cry foul

Jun 4, 2025 1:55 AM

Tags: android, data, mobile

Zuckercorp and Yandex used localhost loophole to tie browser data to app users, say boffins First seen on theregister.com Jump to article: www.theregister.com/2025/06/03/meta_pauses_android_tracking_tech/
HYPR and HID: Converge Physical and Digital Access Control

Jun 3, 2025 6:54 PM

Tags: access, compliance, control, credentials, Hardware, mobile, passkey, software
Interlock and the Kettering Ransomware Attack: ClickFix’s Persistence

Jun 3, 2025 4:54 PM

Tags: access, attack, breach, captcha, ciso, computer, control, credentials, cyberattack, data, data-breach, detection, endpoint, exploit, group, healthcare, HIPAA, incident response, injection, malicious, mobile, network, phishing, powershell, ransom, ransomware, risk, saas, service, technology, threat, tool, vulnerability

In healthcare, every minute of downtime isn’t just a technical problem”Š”, “Šit’s a patient safety risk. CNN recently reported that Kettering Health, a major hospital network in Ohio, was hit by a ransomware attack. According to CNN, the Interlock ransomware group claimed responsibility, sending a chilling reminder that healthcare remains a prime target for this particular…
Getting the Most Value Out of the OSCP: After the Exam

Jun 2, 2025 10:54 PM

Tags: access, attack, automation, bug-bounty, business, cloud, compliance, conference, control, corporate, credentials, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, flaw, framework, google, governance, group, guide, hacker, hacking, incident response, infosec, injection, intelligence, Internet, iran, jobs, kali, linkedin, linux, malicious, malware, microsoft, mobile, network, office, open-source, penetration-testing, powershell, privacy, RedTeam, reverse-engineering, risk, service, skills, soc, social-engineering, sql, strategy, stuxnet, technology, threat, tool, training, update, vulnerability, windows

In the final post of this series, I’ll discuss what to do after your latest exam attempt to get the most value out of your OSCP journey. DISCLAIMER: All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s copyright policies and agreements. I have not been…
KnowBe4 gibt praktische Tipps für den Datenschutz in der Urlaubszeit

Jun 1, 2025 12:55 PM

Tags: mail, mobile, phishing

Ob Phishing-Mails im Urlaubslook, unsichere WLAN-Verbindungen oder anfällige mobile Geräte: Die Bedrohungslage für Reisende hat sich weiterentwickelt. Umso wichtiger ist es, vorbereitet zu sein. KnowBe4 gibt sieben einfache, aber wirkungsvolle Empfehlungen, wie man sich und seine Daten auf Reisen schützen kann: First seen on infopoint-security.de Jump to article: www.infopoint-security.de/knowbe4-gibt-praktische-tipps-fuer-den-datenschutz-in-der-urlaubszeit/a40980/
Cybersecurity Snapshot: New Standard for AI System Security Published, While Study Finds Cyber Teams Boost Value of Business Projects

May 31, 2025 6:55 AM

Tags: access, ai, attack, authentication, awareness, best-practice, breach, business, ceo, ciso, cloud, compliance, computer, conference, control, cyber, cybersecurity, data, email, extortion, framework, group, guide, hacker, Hardware, intelligence, Internet, kubernetes, law, linux, login, metric, mfa, microsoft, mobile, phishing, ransom, ransomware, risk, service, software, supply-chain, technology, threat, tool, unauthorized, update, windows

Check out ETSI’s new global standard for securing AI systems and models. Plus, learn how CISOs and their teams add significant value to orgs’ major initiatives. In addition, discover what webinar attendees told Tenable about their cloud security challenges. And get the latest on properly decommissioning tech products; a cyber threat targeting law firms; and…
Top Cloud Vulnerabilities in Fintech and How to Fix Them

May 31, 2025 1:55 AM

Tags: banking, cloud, computing, cyber, finance, fintech, international, mobile, service, technology, threat, vulnerability

For financial technology (FinTech) organizations, cloud security is both a top priority and a significant concern, as highlighted by a study conducted by McKinsey and the Institute of International Finance (IIF). FinTech companies increasingly rely on cloud computing to power services such as mobile banking, digital payments, and investment platforms. However, as cyber threats grow……
Krankenhaus-Betreiber in Großbritannien von Cyberangriff auf Mobile Device Management betroffen

May 30, 2025 8:58 AM

Tags: cyber, cyberattack, mobile, security-incident

Cyber security incident at UCLH First seen on uclh.nhs.uk Jump to article: www.uclh.nhs.uk/news/cyber-incident-uclh-may2025
Krankenhaus-Betreiber in Großbritannien von Cyberangriff auf Mobile Device Management betroffen

May 30, 2025 8:58 AM

Tags: cyberattack, mobile

Two NHS trusts hit by cyberattack First seen on computing.co.uk Jump to article: www.computing.co.uk/news/2025/security/two-nhs-trusts-hit-by-cyberattack
New ChoiceJacking Exploit Targets Android and iOS via Infected Charging Ports

May 29, 2025 11:55 AM

Tags: android, apple, attack, cyber, cybersecurity, exploit, google, mobile, technology, threat

A team of cybersecurity researchers from the Institute of Information Security and A-SIT Secure Information Technology Centre Austria has unveiled a new class of USB-based attacks on mobile devices, dubbed “ChoiceJacking.” This attack revives and surpasses the notorious “juice jacking” threat from a decade ago, which prompted Apple and Google to introduce user confirmation prompts…
Your Mobile Apps May Not Be as Secure as You Think”¦ FireTail Blog

May 28, 2025 6:54 PM

Tags: access, ai, android, api, authentication, banking, best-practice, cloud, control, cyber, cybersecurity, data, encryption, finance, leak, mobile, password, phone, risk, threat, vulnerability

May 28, 2025 – Lina Romero – Your Mobile Apps May Not Be as Secure as You Think”¦ Excerpt: Cybersecurity risks are too close for comfort. Recent data from the Global Mobile Threat Report reveals that our mobile phone applications are most likely exposing our data due to insecure practices such as API key hardcoding.…
Cellcom Restores Regional Mobile Services After Cyberattack

May 28, 2025 6:54 PM

Tags: cyberattack, mobile, service

Customers in parts of Wisconsin and Michigan could not make calls or send text messages for nearly a week after an incident on May 14, and service is still intermittent in some areas. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/cellcom-restores-regional-mobile-services-cyberattack
Militärfunk: Motorola kauft Silvus für 4,4 Milliarden US-Dollar

May 28, 2025 6:54 PM

Tags: mobile

Motorola Solutions erwirbt einen US-Militärfunkausrüster mit 200 Beschäftigten und 100 Millionen US-Dollar Umsatz: Silvus Technologies mit Mobile Ad-Hoc Networking. First seen on golem.de Jump to article: www.golem.de/news/militaerfunk-motorola-kauft-silvus-fuer-4-4-milliarden-us-dollar-2505-196676.html
‘Secure email’: A losing battle CISOs must give up

May 28, 2025 10:55 AM

Tags: access, attack, authentication, business, cisco, ciso, communications, compliance, corporate, credentials, cyber, cybercrime, data, dkim, dmarc, dns, email, encryption, finance, google, Internet, mail, mfa, microsoft, mobile, password, phishing, risk, service, threat, tool, windows

End-to-end encryption remains elusive: Email continues to be the dominant electronic communication tool today because it is well understood, relatively easy to use, and relatively inexpensive. By and large, businesses have approved email for sending confidential information, and we often convince ourselves that it is secure, can be secured with third-party tools, or it’s “good…
Employees Searching Payroll Portals on Google Tricked Into Sending Paychecks to Hackers

May 27, 2025 12:54 PM

Tags: access, data-breach, google, hacker, login, mobile, threat

Threat hunters have exposed a novel campaign that makes use of search engine optimization (SEO) poisoning techniques to target employee mobile devices and facilitate payroll fraud.The activity, first detected by ReliaQuest in May 2025 targeting an unnamed customer in the manufacturing sector, is characterized by the use of fake login pages to access the employee…
New Android Malware GhostSpy Grants Attackers Full Control Over Infected Devices

May 27, 2025 10:54 AM

Tags: android, banking, control, cyber, malware, mobile, risk, threat

A chilling new Android malware, dubbed GhostSpy, has emerged as a significant threat to mobile security, according to a detailed report by CYFIRMA. This high-risk malware employs advanced evasion, persistence, and surveillance techniques to seize complete control over infected devices. With capabilities ranging from keylogging to bypassing banking app protections, GhostSpy poses a severe risk…
Ausgezeichnete Sicherheit für unterwegs: Miercom kürt Check Point Harmony Mobile

May 26, 2025 4:54 PM

Tags: mobile

Harmony Mobile ist Teil von Check Points Infinity-Architektur einer Plattform, die Unternehmen dabei unterstützt, ihre gesamte IT-Umgebung einheitlich und effektiv abzusichern. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/ausgezeichnete-sicherheit-fuer-unterwegs-miercom-kuert-check-point-harmony-mobile/a40930/
Miercom zeichnet Harmony-Mobile von Check Point als führende Sicherheitslösung für mobile Endgeräte aus

May 26, 2025 1:54 PM

Tags: defense, mobile, software, threat

Check Point Software Technologies hat die Ergebnisse eines unabhängigen Tests von Miercom veröffentlicht, in dem Harmony-Mobile als branchenführende Lösung für Mobile-Threat-Defense (MTD) ausgezeichnet wurde. Die 2025er Ausgabe der Studie bescheinigt Harmony-Mobile herausragende Schutzfähigkeiten gegen Handy-Bedrohungen sowie minimale Auswirkungen auf die Geräteleistung und eine besonders einfache Implementierung. Miercom führte umfassende und praxisnahe Angriffssimulationen durch, bei denen…
Sieben gängige Wege, ein Smartphone zu hacken

May 26, 2025 6:54 AM

Tags: access, ai, android, api, apple, ceo, cyberattack, exploit, google, hacker, hacking, Hardware, infrastructure, iphone, mail, malware, mobile, phishing, privacy, smishing, social-engineering, spyware, tool, update, usa, vpn, vulnerability, wifi, zero-day

Angriffsvektoren gibt es etliche, doch wenn der Mensch aufpasst, lassen sich viele neutralisieren.Mobiltelefone gelten gemeinhin zwar als sicherer als PCs, sind aber dennoch anfällig für Angriffe insbesondere durch Social Engineering und andere Hacking-Methoden. Die sieben am weitesten verbreiteten Wege, ein Smartphone zu hacken, sind dabei:Zero-Click-SpywareSocial EngineeringMalvertisingSmishingGefälschte AppsPretextingPhysischer Zugriff Die gefährlichsten und raffiniertesten Angriffe auf Smartphones…
Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

May 23, 2025 7:55 PM

Tags: china, cve, cyber, endpoint, exploit, flaw, hacker, Internet, ivanti, mobile, remote-code-execution, risk, vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile (EPMM) version 12.5.0.0 and earlier. These flaws, when chained together, allow unauthenticated remote code execution (RCE) on internet-facing systems, posing a severe risk to enterprise security. EclecticIQ analysts have confirmed active exploitation in the wild since the disclosure date, with…
Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations

May 23, 2025 4:55 PM

Tags: breach, china, cve, cyber, endpoint, exploit, flaw, ivanti, mobile, vulnerability, zero-day

CVE-2025-4427 and CVE-2025-4428 the two Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities that have been exploited in the wild as zero-days and patched by Ivanti … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/23/chinese-cyber-spies-are-using-ivanti-epmm-flaws-to-breach-eu-us-organizations/
Ivanti EPMM flaw exploited by Chinese hackers to breach govt agencies

May 22, 2025 4:55 PM

Tags: breach, china, endpoint, exploit, flaw, government, hacker, ivanti, mobile, remote-code-execution

Chinese hackers have been exploiting a remote code execution flaw in Ivanti Endpoint Manager Mobile (EPMM) to breach high-profile organizations worldwide. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ivanti-epmm-flaw-exploited-by-chinese-hackers-to-breach-govt-agencies/