Tag: mobile

Russian cyberspies target Android users with new spyware

Dec 13, 2024 7:05 PM

Tags: android, data, mobile, russia, spy, spyware

Russian cyberspies Gamaredon has been discovered using two Android spyware families named ‘BoneSpy’ and ‘PlainGnome’ to spy on and steal data from mobile devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-gamaredon-cyberspies-target-android-users-with-new-spyware/
‘Dubai Police’ Lures Anchor Wave of UAE Mobile Attacks

Dec 13, 2024 5:05 PM

Tags: attack, cybercrime, finance, mobile, social-engineering

A sophisticated social engineering cybercrime campaign bent on financial gain was observed being run from Tencent servers in Singapore. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/dubai-police-lures-uae-mobile-attacks
API Security is Not a Problem You Can Solve at the Edge

Dec 13, 2024 4:07 PM

Tags: access, ai, api, attack, compliance, control, corporate, credentials, data, data-breach, defense, detection, endpoint, finance, firewall, governance, hacker, healthcare, HIPAA, infrastructure, intelligence, mobile, monitoring, network, regulation, risk, service, strategy, threat, tool, unauthorized, vulnerability, waf

In today’s interconnected digital ecosystems, traditional security mechanisms like Web Application Firewalls (WAFs), API gateways, and Content Delivery Networks (CDNs) act as enforcement points. Think of them as bouncers at the entrance of a high-profile nightclub”, they decide who gets in and who doesn’t. However, relying solely on these edge solutions to secure APIs is…
Experts discovered the first mobile malware families linked to Russia’s Gamaredon

Dec 13, 2024 10:07 AM

Tags: android, apt, cyberespionage, group, malware, mobile, russia, spyware, tool

The Russia-linked APT Gamaredon used two new Android spyware tools called BoneSpy and PlainGnome against former Soviet states. Lookout researchers linked the BoneSpy and PlainGnome Android surveillance families to the Russian APT group Gamaredon (a.k.a. Armageddon, Primitive Bear, and ACTINIUM). These are the first known mobile malware families linked to the Russian APT. The cyberespionage group is behind a…
Chinese Cops Caught Using Android Spyware to Track Mobile Devices

Dec 13, 2024 12:05 AM

Tags: android, china, data, law, mobile, spyware, tool

Law enforcement across mainland China have been using EagleMsgSpy surveillance tool to collect mobile device data since at least 2017, new research shows. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/chinese-cops-using-android-spyware-track-mobile-devices
Die wichtigsten Cybersecurity-Prognosen für 2025

Dec 12, 2024 5:05 PM

Tags: access, ai, apple, apt, cloud, cyberattack, cybercrime, cybersecurity, cyersecurity, data, deep-fake, governance, incident response, jobs, kritis, malware, military, mobile, nis-2, ransomware, service, software, stuxnet, supply-chain
Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

Dec 12, 2024 5:05 PM

Tags: access, android, china, data, law, malware, mobile, spy, threat, tool

Chinese law enforcement uses the mobile surveillance tool EagleMsgSpy to gather data from Android devices, as detailed by Lookout. Researchers at the Lookout Threat Lab discovered a surveillance tool, dubbed EagleMsgSpy, used by Chinese law enforcement to spy on mobile devices. The researchers analyzed multiple samples of the malware and gained access to internal documents obtained from…
Gamaredon Deploys Android Spyware “BoneSpy” and “PlainGnome” in Former Soviet States

Dec 12, 2024 4:05 PM

Tags: android, attack, malware, mobile, russia, spyware, threat, tool

The Russia-linked state-sponsored threat actor tracked as Gamaredon has been attributed to two new Android spyware tools called BoneSpy and PlainGnome, marking the first time the adversary has been discovered using mobile-only malware families in its attack campaigns.”BoneSpy and PlainGnome target former Soviet states and focus on Russian-speaking victims,” Lookout said in an analysis. “Both…
Mobile Surveillance Tool EagleMsgSpy Used by Chinese Law Enforcement

Dec 12, 2024 3:05 PM

Tags: android, china, data, law, mobile, tool

Lookout details EagleMsgSpy, a surveillance tool used by Chinese law enforcement to collect data from Android devices. The post Mobile Surveillance Tool EagleMsgSpy Used by Chinese Law Enforcement appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/mobile-surveillance-tool-eaglemsgspy-used-by-chinese-law-enforcement/
Antidot Malware Attacking Employees Android Devices To Inject Malicious Payloads

Dec 12, 2024 3:05 PM

Tags: android, banking, cyber, jobs, malicious, malware, mobile, phishing, social-engineering, tactics

Researchers discovered a new variant of the AntiDot banking trojan targeting Android mobile devices through a mobile-phishing (mishing) campaign, where this variant builds upon the version identified by Cyble in May 2024. The attackers leverage social engineering tactics, posing as recruiters offering job opportunities to lure victims. Once a user clicks on a malicious link…
New EagleMsgSpy Android spyware used by Chinese police, researchers say

Dec 11, 2024 11:05 PM

Tags: android, china, law, mobile, spyware

A previously undocumented Android spyware called ‘EagleMsgSpy’ has been discovered and is believed to be used by law enforcement agencies in China to monitor mobile devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-eaglemsgspy-android-spyware-used-by-chinese-police-researchers-say/
iOS vuln leaves user data dangerously exposed

Dec 10, 2024 11:07 PM

Tags: data, data-breach, exploit, mobile, threat, vulnerability

Jamf threat researchers detail an exploit chain for a recently patched iOS vulnerability that enables a threat actor to steal sensitive data, warning that many organisations are still neglecting mobile updates. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366616985/iOS-vuln-leaves-user-data-dangerously-exposed
AppLite: A New AntiDot Variant Targeting Mobile Employee Devices

Dec 10, 2024 4:07 PM

Tags: android, banking, credentials, crypto, malicious, malware, mobile, theft

Our zLabs team has identified an extremely sophisticated mishing (mobile-targeted phishing) campaign that delivers malware to the user’s Android mobile device enabling a broad set of malicious actions including credential theft of banking, cryptocurrency and other critical applications. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/applite-a-new-antidot-variant-targeting-mobile-employee-devices/
Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam

Dec 10, 2024 4:07 PM

Tags: banking, cybersecurity, jobs, malicious, mobile, phishing, scam

Cybersecurity researchers have shed light on a sophisticated mobile phishing (aka mishing) campaign that’s designed to distribute an updated version of the Antidot banking trojan.”The attackers presented themselves as recruiters, luring unsuspecting victims with job offers,” Zimperium zLabs Vishnu Pratapagiri researcher said in a new report.”As part of their fraudulent hiring process, the First seen…
Enhancing Mobile App API Security: Closing Gaps with a Robust SDK

Dec 10, 2024 2:07 PM

Tags: api, application-security, mobile, programming, software, threat
Cybersecurity Snapshot: Study Raises Open Source Security Red Flags, as Cyber Agencies Offer Prevention Tips Against Telecom Spying Attacks

Dec 6, 2024 6:49 PM

Tags: access, advisory, ai, attack, authentication, best-practice, breach, business, china, cisa, cloud, communications, compliance, computing, control, credentials, cyber, cybercrime, cybersecurity, data, data-breach, defense, detection, espionage, exploit, finance, firewall, fraud, government, group, guide, hacker, hacking, identity, infrastructure, insurance, international, Internet, interpol, iot, korea, law, least-privilege, linux, lockbit, login, malware, mfa, mitigation, mobile, network, open-source, password, phishing, privacy, ransomware, RedTeam, resilience, risk, router, scam, service, software, strategy, supply-chain, technology, theft, threat, tool, unauthorized, usa, vpn, vulnerability, windows

Don’t miss the Linux Foundation’s deep dive into open source software security. Plus, cyber agencies warn about China-backed cyber espionage campaign targeting telecom data. Meanwhile, a study shows the weight of security considerations in generative AI projects. And get the latest on ransomware trends, financial cybercrime and critical infrastructure security. Dive into six things that…
Multiple SonicWall Vulnerabilities Let Attackers Execute Remote Code

Dec 6, 2024 1:48 PM

Tags: access, authentication, cyber, firmware, mobile, vpn, vulnerability

SonicWall has issued a critical alert regarding multiple vulnerabilities in its Secure Mobile Access (SMA) 100 series SSL-VPN appliances. These vulnerabilities could allow attackers to execute remote code, bypass authentication, or compromise system integrity. SonicWall urges users to take immediate action by updating their devices to the latest firmware to mitigate these risks. These issues…
Salt Typhoon Campaign: A Wake-Up Call for U.S. Telecoms and National Security

Dec 5, 2024 7:48 PM

Tags: breach, china, cybersecurity, hacking, mobile, network

A disturbing new cybersecurity incident has raised alarms across U.S. telecoms, with revelations this week about a large-scale Chinese hacking campaign known as Salt Typhoon. The sophisticated breach targeted at least eight major U.S. telecom providers, including Verizon, AT&T, and T-Mobile, with attackers successfully infiltrating the networks and siphoning off sensitive metadata”, potentially compromising millions…
T-Mobile undeterred as telecom sector reels from attack campaign

Dec 5, 2024 6:50 PM

Tags: attack, cybersecurity, group, mobile, threat

Cybersecurity Dive spoke with CSO Jeff Simon about how the carrier says it thwarted a threat group resembling Salt Typhoon despite its past security failures. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/tmobile-salt-typhoon-telecom-attack-campaign/734729/
US may plan legislation to contain Chinese cyber espionage

Dec 5, 2024 1:48 PM

Tags: advisory, ai, at&t, breach, ceo, china, cisa, cloud, cyber, cybersecurity, data, defense, espionage, finance, government, hacker, hacking, intelligence, mobile, network, phone, risk, technology, theft, threat, vulnerability

US senators were briefed behind closed doors this week on the scale of “Salt Typhoon,” an alleged Chinese cyber-espionage campaign targeting the nation’s telecommunications networks.The FBI, CISA, and other key agencies, who were part of the briefing, revealed that the sophisticated operation compromised at least eight US telecom firms, stealing metadata and call intercepts, including…
Protecting Against Bot-Enabled API Abuse

Dec 5, 2024 12:50 AM

Tags: api, exploit, malicious, mobile, vulnerability

APIs have become the backbone of modern digital ecosystems, powering everything from mobile apps to e-commerce platforms. However, as APIs grow in importance, they also become prime targets for malicious actors. Increasingly, bots are being weaponized to exploit vulnerabilities, overwhelm systems, and siphon sensitive data”, all without triggering alarms until it’s too late. The rise…
Pegasus Spyware Infections Proliferate Across iOS, Android Devices

Dec 4, 2024 10:48 PM

Tags: android, corporate, government, group, infection, mobile, spyware, threat

The notorious spyware from Israel’s NSO Group has been found targeting journalists, government officials, and corporate executives in multiple variants discovered in a threat scan of 3,500 mobile phones. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/pegasus-spyware-infections-ios-android-devices
Security teams should act now to counter Chinese threat, says CISA

Dec 4, 2024 7:48 PM

Tags: 5G, access, apple, at&t, attack, authentication, china, cisa, cisco, communications, control, cyber, cybersecurity, data, encryption, espionage, exploit, google, government, hacker, infrastructure, linux, microsoft, mitigation, mobile, monitoring, network, nist, password, risk, service, siem, technology, theft, threat, vpn, vulnerability

Security teams and individuals across the US need to take immediate precautions to counter the surveillance threat posed by Chinese ‘Salt Typhoon’ hackers, who have burrowed deep into telecoms infrastructure, according to the US Cybersecurity and Infrastructure Security Agency (CISA).CISA issued an official alert recommending defensive measures on December 3, as federal officials briefed journalists…
Poor mobile security practices rife at SMEs, CyberSmart survey finds

Dec 4, 2024 5:50 PM

Tags: business, cybersecurity, mobile

New research conducted by CyberSmart, a leading provider of SME security solutions, indicates that mobile cybersecurity incidents at small businesses are widespread. The research, conducted by OnePoll in Autumn 2024, polled 250 small-medium enterprise (SME) business owners or leaders in the UK, found that over a third (35%) of small business employees or owners The…
Business leaders among Pegasus spyware victims, says security firm

Dec 4, 2024 3:48 PM

Tags: attack, business, government, iphone, mobile, spyware

The mobile security company said it detected Pegasus spyware attacks on seven iPhone owners, including government officials and a business leader. First seen on techcrunch.com Jump to article: techcrunch.com/2024/12/04/business-leaders-among-pegasus-spyware-victims-says-security-firm/
How widespread is mercenary spyware? More than you think

Dec 4, 2024 3:48 PM

Tags: mobile, spyware

A targeted hunt on 2,500 mobile devices for indicators of compromise associated with mercenary spyware has revealed that its use is not as rare as one would hope. The results … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/04/detect-mercenary-spyware/
A New Phone Scanner That Detects Spyware Has Already Found 7 Pegasus Infections

Dec 4, 2024 3:48 PM

Tags: infection, mobile, phone, spyware, tool

The mobile device security firm iVerify has been offering a tool since May that makes spyware scanning accessible to anyone”, and it’s already turning up victims. First seen on wired.com Jump to article: www.wired.com/story/iverify-spyware-detection-tool-nso-group-pegasus/
From Phishing to Passwords: How Azercell is Educating Seniors About Cyber Threats

Dec 4, 2024 2:48 PM

Tags: cyber, cybersecurity, mobile, password, phishing, service, threat, tool, training

Azercell, the leading mobile operator in Azerbaijan, is offering cybersecurity training to its customers, particularly the elderly. As part of its ongoing efforts, Azercell cybersecurity training for residents of a social service institution for the elderly. The training aimed to equip this senior generation with the knowledge and tools necessary to understand digital life and…
MobSF XSS Vulnerability Let Attackers Inject Malicious Scripts

Dec 4, 2024 8:48 AM

Tags: cve, cyber, flaw, framework, malicious, mobile, vulnerability, xss

A critical vulnerability has been identified in the Mobile Security Framework (MobSF) that allows attackers to inject malicious scripts into the system. This vulnerability, CVE-2024-53999 is a Stored Cross-Site Scripting (XSS) flaw found in the >>Diff or Compare
BlackBerry Highlights Rising Software Supply Chain Risks in Malaysia

Dec 4, 2024 5:49 AM

Tags: access, ai, attack, breach, ceo, ciso, communications, compliance, cyber, cyberattack, cybersecurity, data, detection, espionage, finance, framework, government, infrastructure, intelligence, international, Internet, iot, malware, mobile, monitoring, phishing, ransomware, regulation, resilience, risk, skills, software, strategy, supply-chain, threat, tool, training, vulnerability

In 2024, BlackBerry unveiled new proprietary research, underscoring the vulnerability of software supply chains in Malaysia and around the world.According to the study, 79% of Malaysian organizations reported cyberattacks or vulnerabilities in their software supply chains during the past 12 months, slightly exceeding the global average of 76%. Alarmingly, 81% of respondents revealed they had…