Tag: mobile

Black Friday Fraud: The Hidden Threat in Mobile Commerce

Nov 20, 2025 6:49 AM

Tags: cybersecurity, email, exploit, fraud, mobile, phishing, threat
The Security Landscape of Mobile Apps in Africa

Nov 20, 2025 6:49 AM

Tags: access, android, api, breach, data, data-breach, finance, leak, mobile, network, service, skills, threat, unauthorized, vulnerability
Black Friday Fraud: The Hidden Threat in Mobile Commerce

Nov 20, 2025 6:49 AM

Tags: cybersecurity, email, exploit, fraud, mobile, phishing, threat
NDSS 2025 Understanding Miniapp Malware: Identification, Dissection, And Characterization

Nov 19, 2025 11:49 PM

Tags: computing, detection, finance, Internet, malicious, malware, mobile, network, privacy, risk, service, threat, unauthorized

———– SESSION Session 3C: Mobile Security ———– ———– Authors, Creators & Presenters: Yuqing Yang (The Ohio State University), Yue Zhang (Drexel University), Zhiqiang Lin (The Ohio State University) ———– PAPER Understanding Miniapp Malware: Identification, Dissection, and Characterization Super apps, serving as centralized platforms that manage user information and integrate third-party miniapps, have revolutionized mobile computing…
WhatsApp flaw allowed discovery of the 3.5 billion mobile numbers registered to the platform

Nov 19, 2025 11:49 PM

Tags: api, attack, bug-bounty, business, china, cloud, dark-web, data, data-breach, encryption, flaw, government, mobile, phishing, phone, privacy, spam, technology, vulnerability, windows

Hey there You are using WhatsApp, marks this as one of the most embarrassing weaknesses yet in the world’s most widely-used communication app.The vulnerability was in WhatsApp’s contact discovery mechanism, the foundation of how this and many similar apps work. When WhatsApp is installed, it asks for permission to match mobile numbers in a user’s…
WhatsApp flaw allowed discovery of the 3.5 billion mobile numbers registered to the platform

Nov 19, 2025 11:49 PM

Tags: api, attack, bug-bounty, business, china, cloud, dark-web, data, data-breach, encryption, flaw, government, mobile, phishing, phone, privacy, spam, technology, vulnerability, windows

Hey there You are using WhatsApp, marks this as one of the most embarrassing weaknesses yet in the world’s most widely-used communication app.The vulnerability was in WhatsApp’s contact discovery mechanism, the foundation of how this and many similar apps work. When WhatsApp is installed, it asks for permission to match mobile numbers in a user’s…
NDSS 2025 The Skeleton Keys: A Large Scale Analysis Of Credential Leakage In Mini-Apps

Nov 19, 2025 6:49 PM

Tags: access, authentication, credentials, cve, Internet, leak, malicious, mobile, network, service, threat, tool, vulnerability

———– SESSION Session 3C: Mobile Security ———– ———– Authors, Creators & Presenters: Yizhe Shi (Fudan University), Zhemin Yang (Fudan University), Kangwei Zhong (Fudan University), Guangliang Yang (Fudan University), Yifan Yang (Fudan University), Xiaohan Zhang (Fudan University), Min Yang (Fudan University) PAPER The Skeleton Keys: A Large Scale Analysis of Credential Leakage in Mini-apps In recent…
Major Russian insurer facing widespread outages after cyberattack

Nov 19, 2025 4:49 PM

Tags: cyberattack, mobile, russia, service

Russian insurer VSK is trying to restore services after a major cyberattack damaged its systems, knocking offline its website, mobile app and other services used by millions of customers. First seen on therecord.media Jump to article: therecord.media/russia-vsk-cyberattack-outages
Major Russian insurer facing widespread outages after cyberattack

Nov 19, 2025 4:49 PM

Tags: cyberattack, mobile, russia, service

Russian insurer VSK is trying to restore services after a major cyberattack damaged its systems, knocking offline its website, mobile app and other services used by millions of customers. First seen on therecord.media Jump to article: therecord.media/russia-vsk-cyberattack-outages
NDSS 2025 EvoCrawl: Exploring Web Application Code And State Using Evolutionary Search

Nov 18, 2025 11:49 PM

Tags: Internet, mobile, network, service, vulnerability, wordpress, xss, zero-day

SESSION Session 3C: Mobile Security ———– ———– Authors, Creators & Presenters: Xiangyu Guo (University of Toronto), Akshay Kawlay (University of Toronto), Eric Liu (University of Toronto), David Lie (University of Toronto) ———– PAPER EvoCrawl: Exploring Web Application Code and State using Evolutionary Search As more critical services move onto the web, it has become increasingly…
NDSS 2025 EvoCrawl: Exploring Web Application Code And State Using Evolutionary Search

Nov 18, 2025 11:49 PM

Tags: Internet, mobile, network, service, vulnerability, wordpress, xss, zero-day

SESSION Session 3C: Mobile Security ———– ———– Authors, Creators & Presenters: Xiangyu Guo (University of Toronto), Akshay Kawlay (University of Toronto), Eric Liu (University of Toronto), David Lie (University of Toronto) ———– PAPER EvoCrawl: Exploring Web Application Code and State using Evolutionary Search As more critical services move onto the web, it has become increasingly…
NDSS 2025 Detecting IMSI-Catchers By Characterizing Identity Exposing Messages In Cellular Traffic

Nov 17, 2025 11:50 PM

Tags: identity, Internet, mobile, network, tool

SESSION Session 3B: Wireless, Cellular & Satellite Security ———– ———– Authors, Creators & Presenters: Tyler Tucker (University of Florida), Nathaniel Bennett (University of Florida), Martin Kotuliak (ETH Zurich), Simon Erni (ETH Zurich), Srdjan Capkun (ETH Zuerich), Kevin Butler (University of Florida), Patrick Traynor (University of Florida) ———– PAPER ———– Detecting IMSI-Catchers By Characterizing Identity Exposing…
A Single Bug in Mobile Apps Can Cost You Millions! Protect with Secure Code Review!

Nov 15, 2025 8:49 PM

Tags: access, banking, exploit, flaw, mobile

A leading banking app was forced into a three-day shutdown after attackers exploited a small coding oversight that granted access to customer accounts. The flaw had quietly existed in the codebase for months, completely slipping past the development team. What made the incident even more frustrating was that a simple peer review could have identified……
How shadow IT leaves every industry in the dark

Nov 15, 2025 12:49 AM

Tags: access, ai, breach, cloud, compliance, computer, control, data, data-breach, fintech, group, healthcare, infrastructure, insurance, Internet, mobile, network, privacy, regulation, risk, saas, service, technology, tool, unauthorized, vulnerability

Industry Examples of Shadow IT and Shadow AI Healthcare Consumer messaging, unapproved storage of medical imaging files, certificate challenges due to specialized portals for specific healthcare groups, department-run electronic health record (EHR) environments, unapproved telehealth platforms, AI for note summarization Insurance Custom applications for new insurance policy introductions, certificate challenges, maintenance issues, unsanctioned SaaS for…
How shadow IT leaves every industry in the dark

Nov 15, 2025 12:49 AM

Tags: access, ai, breach, cloud, compliance, computer, control, data, data-breach, fintech, group, healthcare, infrastructure, insurance, Internet, mobile, network, privacy, regulation, risk, saas, service, technology, tool, unauthorized, vulnerability

Industry Examples of Shadow IT and Shadow AI Healthcare Consumer messaging, unapproved storage of medical imaging files, certificate challenges due to specialized portals for specific healthcare groups, department-run electronic health record (EHR) environments, unapproved telehealth platforms, AI for note summarization Insurance Custom applications for new insurance policy introductions, certificate challenges, maintenance issues, unsanctioned SaaS for…
Protecting mobile privacy in real time with predictive adversarial defense

Nov 14, 2025 7:49 AM

Tags: data, defense, mobile, privacy

Mobile sensors are everywhere, quietly recording how users move, tilt, or hold their phones. The same data that powers step counters and activity trackers can also expose … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/14/research-real-time-mobile-privacy-protection/
NDSS 2025 Power-Related Side-Channel Attacks Using The Android Sensor Framework

Nov 13, 2025 5:49 PM

Tags: access, android, attack, browser, chrome, computer, conference, data-breach, exploit, framework, google, Internet, mobile, network, side-channel, threat

SESSION Session 2D: Android Security 1 Authors, Creators & Presenters: Mathias Oberhuber (Graz University of Technology), Martin Unterguggenberger (Graz University of Technology), Lukas Maar (Graz University of Technology), Andreas Kogler (Graz University of Technology), Stefan Mangard (Graz University of Technology) PAPER Power-Related Side-Channel Attacks using the Android Sensor Framework Software-based power side-channel attacks are a…
NDSS 2025 Power-Related Side-Channel Attacks Using The Android Sensor Framework

Nov 13, 2025 5:49 PM

Tags: access, android, attack, browser, chrome, computer, conference, data-breach, exploit, framework, google, Internet, mobile, network, side-channel, threat

SESSION Session 2D: Android Security 1 Authors, Creators & Presenters: Mathias Oberhuber (Graz University of Technology), Martin Unterguggenberger (Graz University of Technology), Lukas Maar (Graz University of Technology), Andreas Kogler (Graz University of Technology), Stefan Mangard (Graz University of Technology) PAPER Power-Related Side-Channel Attacks using the Android Sensor Framework Software-based power side-channel attacks are a…
Building checksec without boundaries with Checksec Anywhere

Nov 13, 2025 3:49 PM

Tags: access, android, apple, attack, control, data, exploit, firmware, infrastructure, mitigation, mobile, open-source, privacy, rust, software, threat, tool

Since its original release in 2009, checksec has become widely used in the software security community, proving useful in CTF challenges, security posturing, and general binary analysis. The tool inspects executables to determine which exploit mitigations (e.g., ASLR, DEP, stack canaries, etc.) are enabled, rapidly gauging a program’s defensive hardening. This success inspired numerous spinoffs:…
Russia imposes 24-hour mobile internet blackout for travelers returning home

Nov 12, 2025 8:49 PM

Tags: Internet, mobile, russia, ukraine

Concerns about domestic SIM card use in Ukrainian drones have led the Kremlin to impose a mobile internet “cooling-off period” for anyone returning home to Russia from abroad. First seen on therecord.media Jump to article: therecord.media/russia-24-hour-traveler-mobile-internet-blackouts-ukraine-drones
Russia imposes 24-hour mobile internet blackout for travelers returning home

Nov 12, 2025 8:49 PM

Tags: Internet, mobile, russia, ukraine

Concerns about domestic SIM card use in Ukrainian drones have led the Kremlin to impose a mobile internet “cooling-off period” for anyone returning home to Russia from abroad. First seen on therecord.media Jump to article: therecord.media/russia-24-hour-traveler-mobile-internet-blackouts-ukraine-drones
Data broker Kochava agrees to change business practices to settle lawsuit

Nov 12, 2025 6:49 PM

Tags: business, data, mobile

Mobile device users who sued the data broker Kochava are asking for final approval of a deal to force the company to no longer share or sell data revealing sensitive locations. First seen on therecord.media Jump to article: therecord.media/data-broker-kochava-business-change
Data broker Kochava agrees to change business practices to settle lawsuit

Nov 12, 2025 6:49 PM

Tags: business, data, mobile

Mobile device users who sued the data broker Kochava are asking for final approval of a deal to force the company to no longer share or sell data revealing sensitive locations. First seen on therecord.media Jump to article: therecord.media/data-broker-kochava-business-change
The Limitations of Google Play Integrity API (ex SafetyNet)

Nov 11, 2025 11:20 PM

Tags: api, google, mobile
The Limitations of Google Play Integrity API (ex SafetyNet)

Nov 11, 2025 11:20 PM

Tags: api, google, mobile
Patch Samsung flaw exploited to deliver spyware (CVE-2025-21042)

Nov 11, 2025 5:20 PM

Tags: cisa, cve, exploit, flaw, kev, mobile, spyware, update, vulnerability

CISA has added CVE-2025-21042, a vulnerability affecting Samsung mobile devices, to its Known Exploited Vulnerabilities (KEV) catalog, and has ordered US federal civilian … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/11/samsung-spyware-cve-2025-21042/
U.S. CISA adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog

Nov 11, 2025 11:20 AM

Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, mobile, vulnerability, zero-day

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Samsung mobile devices flaw, tracked as CVE-2025-21042 (CVSS score of 8.8), to its Known Exploited Vulnerabilities (KEV) catalog. The now-patched Samsung Galaxy flaw CVE-2025-21042 was exploited as a zero-day…
CISA Issues Alert on Samsung 0-Day RCE Flaw Actively Exploited in Attacks

Nov 11, 2025 8:19 AM

Tags: attack, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, mobile, rce, remote-code-execution, vulnerability, zero-day

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical remote code execution vulnerability affecting Samsung mobile devices to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. Tracked as CVE-2025-21042, this zero-day flaw resides in Samsung’s libimagecodec library. It could allow attackers to bypass security protections and execute arbitrary code…
CISA Issues Alert on Samsung 0-Day RCE Flaw Actively Exploited in Attacks

Nov 11, 2025 8:19 AM

Tags: attack, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, mobile, rce, remote-code-execution, vulnerability, zero-day

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical remote code execution vulnerability affecting Samsung mobile devices to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. Tracked as CVE-2025-21042, this zero-day flaw resides in Samsung’s libimagecodec library. It could allow attackers to bypass security protections and execute arbitrary code…
LANDFALL: Advanced Commercial-Grade Spyware Targeting Samsung Devices

Nov 10, 2025 5:20 PM

Tags: cybersecurity, defense, mobile, spyware

The discovery of LANDFALL highlights the need for stronger mobile defenses and proactive cybersecurity against advanced spyware. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/landfall-advanced-commercial-grade-spyware-targeting-samsung-devices/