Tag: mobile
-
Apple’s first iOS 26 security update fixes memory corruption flaw
Apple issues an update for its brand new iOS 26 mobile operating system, fixing a potentially dangerous vulnerability affecting iPhones, iPads and other Mac devices First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366632180/Apples-first-iOS-26-security-update-fixes-memory-corruption-flaw
-
Afghanistan plunged into nationwide internet blackout, disrupting air travel, medical care
The shutdown, confirmed by internet monitoring groups NetBlocks, Kentik and Proton VPN, began late Monday and continued into Tuesday, affecting both mobile and fixed-line services. Telephone networks were also disrupted. First seen on therecord.media Jump to article: therecord.media/afghanistan-plunged-into-nationwide-internet-blackout
-
New Smish: New York Department of Revenue
As I was visiting SmishTank to report the most recent SMish that I had received (an iMessage from a +27 South African telephone number claiming to be from ParkMobile) I noticed there had been many recent submissions from the New York Department of Revenue. SmishTank is operated by Professor Muhammad Lutfor Rahman, a colleague of mine…
-
New Android Trojan “Datzbro” Tricking Elderly with AI-Generated Facebook Travel Events
Cybersecurity researchers have flagged a previously undocumented Android banking trojan called Datzbro that can conduct device takeover (DTO) attacks and perform fraudulent transactions by preying on the elderly.Dutch mobile security company ThreatFabric said it discovered the campaign in August 2025 after users in Australia reported scammers managing Facebook groups promoting “active senior First seen on…
-
When ‘Oprah’ Smished Me: Smishing and AI-Driven Phishing Risks
An “Oprah” smishing scam shows how AI makes phishing smarter. Learn how to spot, stop, and protect yourself from evolving mobile threats. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/smished-by-oprah/
-
When ‘Oprah’ Smished Me: Smishing and AI-Driven Phishing Risks
An “Oprah” smishing scam shows how AI makes phishing smarter. Learn how to spot, stop, and protect yourself from evolving mobile threats. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/smished-by-oprah/
-
Case Study: Penetration Testing for a Technology-Focused Environmental Solutions Provider
Overview The client is a technology-driven provider of environmental monitoring solutions, focused on developing analytical tools used in industrial settings. Their product portfolio includes both mobile and stationary devices designed to support complex operational environments, such as renewable energy facilities, water treatment systems, and other infrastructure-intensive industries. With a strong commitment to innovation and […]…
-
Case Study: Penetration Testing for a Technology-Focused Environmental Solutions Provider
Overview The client is a technology-driven provider of environmental monitoring solutions, focused on developing analytical tools used in industrial settings. Their product portfolio includes both mobile and stationary devices designed to support complex operational environments, such as renewable energy facilities, water treatment systems, and other infrastructure-intensive industries. With a strong commitment to innovation and […]…
-
SMS Pools and what the US Secret Service Really Found Around New York
Tags: apple, authentication, business, china, conference, control, country, credit-card, crime, crypto, data, email, exploit, finance, fraud, google, group, Hardware, infrastructure, iphone, jobs, korea, law, linux, mfa, mobile, phishing, phone, scam, service, smishing, software, theft, usa, windowsLast week the United Nations General Assembly kicked off in New York City. On the first day, a strange US Secret Service press conference revealed that they had seized 300 SIM Servers with 100,000 SIM cards. Various media outlets jumped on the idea that this was some state-sponsored sleeper cell waiting to destroy telecommunication services…
-
Okta introduces Identity Security Fabric to secure AI agents
Tags: ai, backup, control, credentials, data, deep-fake, government, identity, infrastructure, malicious, mobile, okta, privacy, vulnerabilityDigital credentials round out the platform: The third fabric component is digital credentials capabilities through the Okta Verifiable Digital Credentials (VDC) platform, scheduled for fiscal 2027 release.The system would allow organizations to issue cryptographically secure versions of government IDs, employment records, and professional certifications.”Built on open standards for maximum control and future interoperability, VDCs will…
-
Okta introduces Identity Security Fabric to secure AI agents
Tags: ai, backup, control, credentials, data, deep-fake, government, identity, infrastructure, malicious, mobile, okta, privacy, vulnerabilityDigital credentials round out the platform: The third fabric component is digital credentials capabilities through the Okta Verifiable Digital Credentials (VDC) platform, scheduled for fiscal 2027 release.The system would allow organizations to issue cryptographically secure versions of government IDs, employment records, and professional certifications.”Built on open standards for maximum control and future interoperability, VDCs will…
-
Kali Linux 2025.3 Launches With Fresh Features and 10 New Pentesting Tools
Kali Linux 2025.3 has arrived, bringing a wave of improvements, updated firmware support, and a suite of ten new security tools. This release builds on the June 2025.2 update by refining core workflows, extending wireless capabilities, and preparing the distribution for emerging architectures. Whether you rely on virtual machines, Raspberry Pi devices, or mobile pentesting…
-
SonicWall Issues Emergency Patch to Remove ‘OVERSTEP’ Rootkit Malware on SMA Devices
SonicWall has released an urgent software update for its Secure Mobile Access (SMA) 100 Series appliances to remove a dangerous rootkit known as ‘OVERSTEP.’ This backdoor malware was discovered in older SMA firmware versions and can give attackers persistent access to affected devices. The new build, version 10.2.2.2-92sv, adds additional file checking to detect and…
-
SonicWall Issues Emergency Patch to Remove ‘OVERSTEP’ Rootkit Malware on SMA Devices
SonicWall has released an urgent software update for its Secure Mobile Access (SMA) 100 Series appliances to remove a dangerous rootkit known as ‘OVERSTEP.’ This backdoor malware was discovered in older SMA firmware versions and can give attackers persistent access to affected devices. The new build, version 10.2.2.2-92sv, adds additional file checking to detect and…
-
SonicWall adds rootkit removal capabilities to the SMA 100 series
SonicWall has released new firmware for its Secure Mobile Access (SMA) 100 series appliances, adding file-checking capabilities that help users remove known rootkit malware. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/23/sonicwall-adds-rootkit-removal-capabilities-to-the-sma-100-series/
-
DEF CON 33: Mobile Hacking Community
Creators, Authors and Presenters: d3dbot, Mobile Hacking Community Our sincere appreciation to DEF CON, and the Creators/Presenters/Authors for publishing their timely DEF CON 33 outstanding content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/def-con-33-mobile-hacking-community/
-
CISA warns of malware deployed through Ivanti EPMM flaws
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) disclosed two malware strains found in a network compromised via Ivanti EPMM flaws. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published technical details of two malware families that were discovered in the network of an unnamed organization following the compromise of Ivanti Endpoint Manager Mobile (EPMM).…
-
CISA exposes malware kits deployed in Ivanti EPMM attacks
Tags: attack, cisa, cybersecurity, endpoint, exploit, infrastructure, ivanti, malware, mobile, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis of the malware deployed in attacks exploiting vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-exposes-malware-kits-deployed-in-ivanti-epmm-attacks/
-
CISA Alerts of Hackers Targeting Ivanti Endpoint Manager Mobile Vulnerabilities to Distribute Malware
Cyber threat actors have weaponized two critical Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities”, CVE-2025-4427 and CVE-2025-4428″, to deploy sophisticated malicious loaders and listeners on compromised servers. The malware consists of two sets of components: Loader 1 (web-install.jar, ReflectUtil.class, SecurityHandlerWanListener.class) and Loader 2 (web-install.jar, WebAndroidAppInstaller.class), both designed to inject arbitrary code and maintain persistence on Apache…
-
CISA Warns of New Malware Campaign Exploiting Ivanti EPMM Vulnerabilities
Tags: attack, cisa, cybersecurity, endpoint, exploit, infrastructure, ivanti, malware, mobile, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) released a Malware Analysis Report (MAR), highlighting a new attack trend targeting Ivanti Endpoint Manager Mobile (EPMM) systems. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cisa-mar-cve-2025-4427-28/
-
CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of two sets of malware that were discovered in an unnamed organization’s network following the exploitation of security flaws in Ivanti Endpoint Manager Mobile (EPMM).”Each set contains loaders for malicious listeners that enable cyber threat actors to run arbitrary code on the compromised…
-
WatchGuard patches ‘critical’ VPN flaw in firewalls that could lead to compromise
Who is affected?: A list of the nearly three dozen firewall models affected by CVE-2025-9242 is available from WatchGuard’s website. The vulnerable versions of the Fireware OS are 2025.1, 12.x, 12.5.x (T15 & T35 models), 12.3.1 (FIPS-certified release), and 11.x (end of life). These are addressed (in the same order) by updating to versions 2025.1.1,…
-
SonicWall says attackers compromised some firewall configuration backup files
Between attackers exploiting 0-day and n-day vulnerabilities in the company’s firewalls and Secure Mobile Access appliances, SonicWall and its customers have had a tough … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/18/sonicwall-attackers-firewall-configuration-backup-files/
-
How to Set Up and Use a Burner Phone
Obtaining and using a true burner phone is hard”, but not impossible. Here are the steps you need to take to protect your mobile communications based on the risks you face. First seen on wired.com Jump to article: www.wired.com/story/how-to-set-up-use-burner-phone/
-
‘SlopAds’ Fraud Campaign Uses Novel Obfuscation Techniques
Steganography, Mobile Marketing Attribution, Code Obfuscation Deployed for Ad Fraud. A cybercrime crew using Android mobile apps to conduct advertising fraud took unusual pains to hide its activity, concealing malicious code in downloadable digital images and holding off from infecting the subset of users who organically found their apps through the Google Play store. First…
-
Sidewinder Hackers Weaponize Nepal Protests to Spread Cross-Platform Malware
Sidewinder, a well-known advanced persistent threat (APT) group, has adapted its tactics to exploit the ongoing protests in Nepal, deploying a coordinated campaign of mobile and Windows malware alongside credential phishing. By masquerading as respected national institutions and figures, the group seeks to harvest sensitive data from users tracking the nation’s political turmoil. The protests,…
-
Chinese Guarantee Syndicates and the Fruit Machine
When I was speaking to a group of Bank Security people in New York City yesterday, I mentioned “machine rooms” — which are rooms full of Apple iPhones that are used to send iMessage phishing spam. Someone in the audience asked “Where would they get that many phones?” The kids like to use the acronym…
-
How Everyday Apps Leak More Data Than You Realize
Most mobile apps silently leak personal data to third parties, even trusted ones. From trackers in Google Play apps to high-profile breaches like Strava and British Airways, app data leakage is a growing privacy risk. Learn why apps leak data and how to protect yourself. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/how-everyday-apps-leak-more-data-than-you-realize/
-
Black Box Testing vs. White Box: The Hidden Risks of Choosing Wrong
With attacks on applications growing rapidly, regular testing of web and mobile platforms has become critical. In fact, statistics show that web applications are involved in 26% of breaches, ranking as the second most exploited attack pattern. There are multiple testing types, like black box testing, white box, gray box, etc., that can help organizations……
-
12 digital forensics certifications to accelerate your cyber career
Tags: access, apt, attack, browser, chrome, cloud, computer, corporate, cyber, cybercrime, cybersecurity, data, defense, detection, email, endpoint, exploit, google, government, group, hacker, hacking, Hardware, incident response, international, jobs, law, malicious, malware, microsoft, mobile, network, phone, service, skills, soc, technology, threat, tool, training, windowsCellebrite Certified Mobile Examiner (CCME)Certified Computer Examiner (CCE)CyberSecurity Forensic Analyst (CSFA)EC-Council Computer Hacking Forensic Investigator (CHFI)EnCase Certified Examiner (EnCE)Exterro AccessData Certified Examiner (ACE)GIAC Advanced Smartphone Forensics Certification (GASF)GIAC Certified Forensics Analyst (GCFA)GIAC Certified Forensic Examiner (GCFE)GIAC Cloud Forensic Responder (GCFR)GIAC Network Forensic Analysis (GNFA)Magnet Certified Forensics Examiner (MCFE) Cellebrite Certified Mobile Examiner (CCME) Out of…