Tag: mobile

Btmob RAT: A New Evolution of Android Malware Targets Users via Phishing Sites

Feb 12, 2025 3:55 PM

Tags: android, malware, mobile, phishing, rat, threat

A newly discovered Android malware, Btmob RAT, has been identified as a major threat to mobile users. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/btmob-rat/
Apple issues emergency patches to contain an ‘extremely sophisticated attack’ on targeted individuals

Feb 11, 2025 1:55 PM

Tags: access, advisory, android, apple, attack, crime, data, data-breach, exploit, government, group, infrastructure, Internet, iot, iphone, law, mobile, phone, privacy, risk, spyware, technology, terrorism, threat, tool, update, vulnerability, zero-day

Security researcher uncovers the exploit: The vulnerability was discovered by Bill Marczak, a senior researcher at Citizen Lab, a digital rights research group at the University of Toronto’s Munk School.Marczak took to social media to urge users to update their devices immediately, stating: “Update your iPhones”¦ again! iOS 18.3.1 out today with a fix for…
FinStealer Malware Targets Leading Indian Bank’s Mobile Users, Stealing Login Credentials

Feb 11, 2025 10:55 AM

Tags: banking, credentials, credit-card, cyber, cybersecurity, finance, india, login, malware, mobile, phishing, threat

A new cybersecurity threat has emerged, targeting customers of a prominent Indian bank through fraudulent mobile applications. Dubbed >>FinStealer,
Apple and Google take down malicious mobile apps from their app stores

Feb 11, 2025 5:55 AM

Tags: apple, data, google, malicious, mobile

Apple and Google have pulled as many as 20 apps from their respective apps for carrying a data-stealing malware. First seen on techcrunch.com Jump to article: techcrunch.com/2025/02/10/apple-and-google-take-down-malicious-apps-from-their-app-stores/
Phishing Season 2025: The Latest Predictions Unveiled

Feb 10, 2025 7:55 PM

Tags: access, ai, attack, authentication, automation, cloud, communications, control, credentials, cyber, cyberattack, cybercrime, cybersecurity, data, defense, detection, election, email, exploit, finance, google, government, group, infrastructure, intelligence, login, malware, mfa, mobile, network, passkey, phishing, ransomware, risk, service, social-engineering, strategy, tactics, technology, threat, tool, update, voip, vulnerability, zero-trust

Every year, cybercriminals sharpen their tools and refine their tactics to exploit network and security vulnerabilities. Gone are the days of clumsy emails with glaring typos and suspicious attachments. Instead, we face an era of new sophistication. No longer just stealing credentials, attackers are creating intricate digital narratives that make it difficult to distinguish friend…
DeepSeek App Transmits Sensitive User and Device Data Without Encryption

Feb 7, 2025 6:06 PM

Tags: apple, data, encryption, Internet, mobile, sans

A new audit of DeepSeek’s mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks.The assessment comes from NowSecure, which also found that the app fails to adhere to best security…
New Scareware Attack Targeting Mobile Users to Deploy Malicious Antivirus Apps

Feb 7, 2025 3:06 PM

Tags: antivirus, attack, cyber, exploit, fraud, malicious, mobile, social-engineering, tactics, threat

A new wave of scareware attacks has emerged, targeting unsuspecting mobile users with fake antivirus applications designed to exploit fear and trick victims into downloading malicious software. Scareware, a type of digital fraud, employs social engineering tactics to alarm users with fabricated warnings about security threats, ultimately coercing them into taking risky actions. Scareware: A…
Studie: Auch bei Smartphones Phishing Top-Sicherheitsrisiko

Feb 7, 2025 9:06 AM

Tags: malware, mobile, phishing, social-engineering

Eine neue globale Umfrage unter Smartphone-Nutzern offenbart eine alarmierende Realität: Phishing ist auch für mobile Sicherheit die mit großem Abstand die größte Bedrohung. Cyberkriminelle nutzen raffinierte Täuschungsmanöver, um an persönliche Daten zu gelangen. Auf Platz zwei folgen Malware und Viren meist eingeschleust durch Social-Engineering-Tricks. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/security-management/studie-auch-bei-smartphones-phishing-top-sicherheitsrisiko/
DeepSeek iOS App Leaks Data to ByteDance Servers Without Encryption

Feb 7, 2025 9:06 AM

Tags: ai, cyber, cybersecurity, data, encryption, flaw, government, leak, mobile

DeepSeek iOS app”, a highly popular AI assistant recently crowned as the top iOS app since its January 25 release”, has been discovered to transmit sensitive user data to ByteDance servers without encryption. The security flaws, uncovered by mobile app security firm NowSecure, have prompted swift reactions from governments, enterprises, and cybersecurity experts worldwide. The…
MobSF Framework Zero-Day Vulnerability Allows Attackers to Trigger DoS in Scan Results

Feb 6, 2025 9:06 AM

Tags: cyber, cybersecurity, dos, framework, github, mobile, service, vulnerability, zero-day

A recently discovered zero-day vulnerability in the Mobile Security Framework (MobSF) has raised alarms in the cybersecurity community. The vulnerability, which allows attackers to cause a partial Denial of Service (DoS) on scan results and the iOS Dynamic Analyzer functionality, was disclosed on GitHub yesterday by Ajin Abraham, under the advisory GHSA-jrm8-xgf3-fwqr. Technical Overview The vulnerability,…
Mobile Malware Targeting Indian Banks Exposes 50,000 Users

Feb 5, 2025 4:12 PM

Tags: attack, banking, data, finance, india, malware, mobile, phishing

Indian banking malware attack exposes 50,000 users, stealing financial data via SMS interception and phishing First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/mobile-malware-indian-banks/
Italian founder of migrant rescue group ‘targeted with spyware’

Feb 5, 2025 12:12 PM

Tags: government, group, military, mobile, phone, spyware

Luca Casarini is most prominent person to come forward since WhatsApp said that 90 people, across two dozen countries, had probably been hackedThe Italian founder of the NGO Mediterranea Saving Humans, who has been a vocal critic of Italy’s alleged complicity in abuses suffered by migrants in Libya, has revealed WhatsApp informed him his mobile…
Activists critical of Italian PM may have had their phones targeted by Paragon spyware, says WhatsApp

Feb 5, 2025 10:12 AM

Tags: government, military, mobile, phone, spyware

Messaging app announces that 90 people, residing in two dozen countries, may have had their devices hacked The Italian founder of the NGO Mediterranea Saving Humans, who has been a vocal critic of Italy’s alleged complicity in abuses suffered by migrants in Libya, has revealed WhatsApp informed him his mobile phone was targeted by military-grade…
Warnung vor neuer PDF-Mishing-Kampagne

Feb 3, 2025 1:12 PM

Tags: mobile

Kriminelle nutzen gezielt präparierte PDF-Dokumente, um mobile Endgeräte anzugreifen und sich Zugang zu sensiblen Daten von Unternehmen, Behörden und Organisationen zu verschaffen. Diese raffinierte Methode hat bereits Ziele in über 50 Ländern getroffen mit teils gravierenden Folgen. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/cybersecurity/warnung-vor-neuer-pdf-mishing-kampagne/
Why API Security is Essential for the Hospitality Sector: Safeguarding Your Guests and Your Rewards

Jan 29, 2025 8:36 PM

Tags: ai, api, attack, authentication, breach, business, credit-card, cyber, data, exploit, finance, firewall, flaw, governance, hacker, mobile, phone, risk, threat, vulnerability, waf

Trust is the cornerstone of the hospitality industry. Guests rely on you to safeguard their personal data, payment information, and loyalty rewards. However, in today’s digital landscape, this trust faces constant risks. APIs, which serve as the unseen connections among various systems and applications, are particularly vulnerable to cyber threats. A single flaw can compromise…
New SLAP and FLOP CPU Attacks Expose Data From Apple Computers, Phones

Jan 29, 2025 2:36 PM

Tags: apple, attack, computer, data, exploit, mobile, phone, side-channel

New CPU side-channel attacks named SLAP and FLOP can be exploited to remotely steal data from Apple mobile and desktop devices. The post New SLAP and FLOP CPU Attacks Expose Data From Apple Computers, Phones appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/new-slap-and-flop-cpu-attacks-expose-data-from-apple-computers-phones/
Critical Vulnerability in SonicWall Secure Mobile Access (SMA) 1000 Series Appliances

Jan 29, 2025 12:36 PM

Tags: access, mobile, remote-code-execution, vulnerability

Summary A critical vulnerability (CVE-2025-23006) has been identified in SonicWall Secure Mobile Access (SMA) 1000 Series Appliances, potentially allowing for remote code execution (RCE). This First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2025/01/29/critical-vulnerability-in-sonicwall-secure-mobile-access-sma-1000-series-appliances/
Malicious PDFs Used in Large-Scale Phishing Operation

Jan 29, 2025 5:37 AM

Tags: malicious, malware, mobile, phishing

A new report from Fernando Ortega, a malware researcher at Zimperium, exposes an advanced phishing campaign targeting mobile First seen on securityonline.info Jump to article: securityonline.info/malicious-pdfs-used-in-large-scale-phishing-operation/
API Supply Chain Attacks, The Sky’s the Limit

Jan 28, 2025 6:36 PM

Tags: access, api, attack, authentication, awareness, business, control, credentials, credit-card, data, defense, email, endpoint, exploit, flaw, GDPR, governance, jobs, login, malicious, mobile, penetration-testing, phone, programming, risk, service, supply-chain, technology, unauthorized, vulnerability

Account takeover of a third-party service provider may put millions of airline users worldwide at risk. Summary Salt Labs has identified an account takeover vulnerability in a popular online top-tier travel service for hotel and car rentals. The service is integrated into dozens of commercial airline online services and allows airline users to add hotel…
Apple Patches First Exploited iOS Zero-Day of 2025

Jan 28, 2025 12:36 PM

Tags: apple, exploit, mobile, vulnerability, zero-day

Apple has released fixes for dozens of vulnerabilities in its mobile and desktop products, including an iOS zero-day exploited in attacks. The post Apple Patches First Exploited iOS Zero-Day of 2025 appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/apple-patches-first-exploited-ios-zero-day-of-2025/
Hackers Mimic USPS To Deliver Malicious PDF In Attack Targeted Mobile Devices

Jan 28, 2025 11:36 AM

Tags: attack, communications, credentials, cyber, hacker, malicious, mobile, phishing, service, social-engineering, tactics

In a detailed analysis published on January 27, 2025, Zimperium’s zLabs team uncovered a sophisticated phishing campaign targeting mobile devices through malicious PDF files. Disguised as communications from the United States Postal Service (USPS), this campaign employs advanced social engineering and obfuscation tactics to steal user credentials and sensitive data. The campaign reportedly spans more…
Hackers Use Malicious PDFs, pose as USPS in Mobile Phishing Scam

Jan 27, 2025 10:03 PM

Tags: credentials, hacker, malicious, mobile, phishing, scam, service

A large-scale phishing campaign is using PDF files and hidden malicious links, as well as posing at the U.S. Postal Service, in phishing campaign targeting mobile device users in hope that victims will divulge credentials and personal information, Zimperium researchers say. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/hackers-use-malicious-pdfs-pose-as-usps-in-mobile-phishing-scam/
Hidden in Plain Sight: PDF Mishing Attack

Jan 27, 2025 8:03 PM

Tags: attack, mobile, phishing, service, threat

As part of our ongoing mission to identify emerging threats to mobile security, our zLabs team has been actively tracking a phishing campaign impersonating the United States Postal Service (USPS) which is exclusively targeting mobile devices. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/hidden-in-plain-sight-pdf-mishing-attack/
New Phishing Campaign Targets Mobile Devices with Malicious PDFs

Jan 27, 2025 4:03 PM

Tags: credentials, malicious, mobile, phishing

A novel phishing campaign identified by Zimperium targets mobile users with malicious PDFs, impersonating USPS to steal credentials First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/phishing-campaign-targets-mobile/
SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation

Jan 23, 2025 1:22 PM

Tags: access, authentication, cve, cvss, data, exploit, flaw, mobile, update, vulnerability

SonicWall is alerting customers of a critical security flaw impacting its Secure Mobile Access (SMA) 1000 Series appliances that it said has been likely exploited in the wild as a zero-day.The vulnerability, tracked as CVE-2025-23006, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system.”Pre-authentication deserialization of untrusted data vulnerability has…
SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006)

Jan 23, 2025 11:22 AM

Tags: access, attack, exploit, mobile, vulnerability, zero-day

A critical zero-day vulnerability (CVE-2025-23006) affecting SonicWall Secure Mobile Access (SMA) 1000 Series appliances is being exploited by attackers. >>We strongly … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/23/sonicwall-sma-1000-exploited-zero-day-cve-2025-23006/
The Quiet Rise of the ‘API Tsunami’

Jan 22, 2025 8:22 PM

Tags: access, api, attack, authentication, breach, business, cloud, compliance, control, data, data-breach, encryption, endpoint, finance, GDPR, healthcare, HIPAA, infrastructure, law, leak, mail, malicious, mfa, mobile, monitoring, network, privacy, programming, regulation, risk, security-incident, service, threat, tool, unauthorized, update, vulnerability

As enterprises increasingly adopt cloud-native architectures, microservices, and third-party integrations, the number of Application Programming Interfaces (APIs) has surged, creating an “API tsunami” in an organization’s infrastructure that threatens to overwhelm traditional management practices. As digital services proliferate, so does the development of APIs, which allow various applications to communicate or integrate with each other…
Die Zukunft des ultramobilen Arbeitens: Diese Trends prägen 2025

Jan 21, 2025 6:22 AM

Tags: mail, mobile

Ultramobiles Arbeiten ist auf dem Vormarsch, das Jahr 2025 hält viele spannende neue Möglichkeiten bereit. Fünf Trends stechen dabei aus Sicht des Kommunikationsspezialisten Materna Virtual Solution besonders hervor. Unterwegs schnell E-Mails checken, Termine vereinbaren oder dringende Dokumente weiterleiten der Arbeitsalltag verlagert sich immer mehr in die mobile Welt. Doch die rasante technologische Entwicklung… First seen…
Mobile Cybersecurity Trends for 2025: Key Predictions and Preparations

Jan 20, 2025 11:22 PM

Tags: cybersecurity, mobile
HPE’s sensitive data exposed in alleged IntelBroker hack

Jan 20, 2025 1:22 PM

Tags: access, api, apple, breach, cisco, data, data-breach, docker, email, github, hacker, leak, marketplace, mobile, open-source, sap, service, software, threat

IntelBroker has struck again. This time, the notorious BreachForums bigwig, which has a long list of high-profile victims, including Europol, Cisco, and GE, has claimed to have breached IT giant Hewlett Packard Enterprise (HPE).The suspected Serbian-origin hacker is offering to sell on BreachForums, sensitive data allegedly stolen from HPE including product source codes and personally…