Tag: mobile
-
Top 10 Best Mobile Application Penetration Testing Services in 2025
Mobile Application Penetration Testing is a critical cybersecurity service in 2025, focusing on a unique and rapidly evolving attack surface. These tests go beyond static code analysis to assess an app’s runtime behavior, server-side interactions, and how it handles sensitive data. The top companies in this field offer a blend of automated platforms for continuous…
-
California legislature passes bill forcing web browsers to let consumers automatically opt out of data sharing
Gov. Gavin Newsom vetoed an earlier version of the bill which would also have applied to mobile operating systems last year. First seen on therecord.media Jump to article: therecord.media/california-legislature-passes-bill-data-sharing-opt-out
-
Imperva API Security: Authentication Risk Report”, Key Findings Fixes
An in-depth analysis of common JSON Web Token (JWT) mistakes, basic auth, long-lived tokens, and quick, high-impact fixes to secure your APIs. Introduction APIs are the backbone of modern digital services”, from mobile apps and e-commerce to banking and IoT. That scale and utility also make them prime targets. In our recent study of authentication-related…
-
Data from Police Body Camera Apps Routed to Chinese Cloud Servers Over TLS Port 9091
The security and integrity of police body camera footage underpin the validity of evidence presented in court proceedings. However, a recent investigation into a budget-friendly body camera system revealed that its companion mobile application”, Viidure”, transmits sensitive device identifiers and user data to cloud servers based in China over a nonstandard TLS port. Such behavior…
-
Data from Police Body Camera Apps Routed to Chinese Cloud Servers Over TLS Port 9091
The security and integrity of police body camera footage underpin the validity of evidence presented in court proceedings. However, a recent investigation into a budget-friendly body camera system revealed that its companion mobile application”, Viidure”, transmits sensitive device identifiers and user data to cloud servers based in China over a nonstandard TLS port. Such behavior…
-
RatOn Android Malware Detected With NFC Relay and ATS Banking Fraud Capabilities
A new Android malware called RatOn evolved from a basic tool capable of conducting Near Field Communication (NFC) attacks to a sophisticated remote access trojan with Automated Transfer System (ATS) capabilities to conduct device fraud.”RatOn merges traditional overlay attacks with automatic money transfers and NFC relay functionality making it a uniquely powerful threat,” the Dutch…
-
RatOn Hijacks Bank Account to Launch Automated Money Transfers
Dubbed RatOn, that combines traditional overlay attacks with NFC relay tactics to hijack bank accounts and initiate automated money transfers. Developed from scratch by a threat actor group observed since July 2025, RatOn represents a significant evolution in mobile fraud capabilities. Security researchers have uncovered a new Android banking trojan Unlike standalone NFC relay tools…
-
RatOn Hijacks Bank Account to Launch Automated Money Transfers
Dubbed RatOn, that combines traditional overlay attacks with NFC relay tactics to hijack bank accounts and initiate automated money transfers. Developed from scratch by a threat actor group observed since July 2025, RatOn represents a significant evolution in mobile fraud capabilities. Security researchers have uncovered a new Android banking trojan Unlike standalone NFC relay tools…
-
Over 143,000 Malware Files Target Android and iOS Users in Q2 2025
In the second quarter of 2025, users of Android and iOS devices faced relentless cyberthreats, with Kaspersky Security Network reporting nearly 143,000 malicious installation packages detected across its mobile security products. Although the overall number of mobile attacks”, including malware, adware, and potentially unwanted software”, dropped to 10.71 million in Q2, Trojans remained the predominant…
-
Unified Security Visibility
Cybersecurity today is more complex than ever before. Organizations operate in hybrid and multi-cloud environments, manage remote and mobile workforces, and depend on countless third-party applications and integrations. This interconnectedness drives innovation”, but it also creates fragmented security silos that adversaries exploit. Most businesses still rely on multiple point solutions for monitoring endpoints, networks, cloud,…
-
California Tax Refund Mobile Phish
A new round of mobile phish is imitating the State of California’s “Franchise Tax Board” in a round of phishing sites that are gaining prominence in the past few days. I visited ftb.ca-gov-sg[.]top/notice from a burner phone to see how the scheme works (the page doesn’t load from the Windows browsers I tested.) After harvesting…
-
Indirect Prompt Injection Attacks Against LLM Assistants
Tags: attack, automation, control, data, disinformation, email, framework, google, injection, LLM, malicious, mitigation, mobile, phishing, risk, risk-assessment, threat, toolReally good research on practical attacks against LLM agents. “Invitation Is All You Need! Promptware Attacks Against LLM-Powered Assistants in Production Are Practical and Dangerous” Abstract: The growing integration of LLMs into applications has introduced new security risks, notably known as Promptware”, maliciously engineered prompts designed to manipulate LLMs to compromise the CIA triad of…
-
Microsoft-backed boffins show mega speed boost with hollow-core fiber
Could dramatically reduce latency between datacenters and on mobile nets First seen on theregister.com Jump to article: www.theregister.com/2025/09/01/hollowcore_optical_fiber_research/
-
MobSF Vulnerability Allows Attackers to Upload Malicious Files
Tags: application-security, cyber, exploit, flaw, framework, malicious, mobile, open-source, vulnerabilityCritical security flaws discovered in Mobile Security Framework (MobSF) version 4.4.0 enable authenticated attackers to exploit path traversal and arbitrary file write vulnerabilities, potentially compromising system integrity and exposing sensitive data. Two significant vulnerabilities have been identified in the popular Mobile Security Framework (MobSF), a widely-used open-source mobile application security testing platform. The flaws, tracked…
-
Threat Actors Use Facebook Ads to Deliver Android Malware
Cybercriminals are increasingly turning their sights from desktop to mobile, exploiting Meta’s advertising platform to distribute a sophisticated Android banking trojan disguised as a free TradingView Premium app. Bitdefender Labs warns that these threat actors have shifted tactics after months of targeting Windows users with fake trading and cryptocurrency ads, now focusing worldwide on smartphone…
-
Spotify Launches Direct Messaging Feature Amid Security Concerns
Spotify this week unveiled a newDirect Messagingfeature, enabling users to share songs, podcasts and audiobooks within the app. While the move promises streamlined recommendations and deeper engagement among friends, it also raises fresh security and privacy considerations. Rolling out to Free and Premium users aged 16 and older in select markets on mobile devices, the…
-
Social media apps that aggressively harvest user data
Both domestic and foreign technology companies collect vast amounts of Americans’ personal data through mobile applications, according to Incogni. Some apps leverage data for … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/27/social-media-apps-data-privacy/
-
TDL003 – Breaking Barriers: IPv6 Adoption and DNS Transformation with Tommy Jensen
Tags: access, ai, apple, attack, backup, banking, browser, business, ceo, chrome, ciso, compliance, computer, computing, control, country, credentials, cybersecurity, data, data-breach, ddos, dns, encryption, endpoint, google, government, group, international, Internet, jobs, law, microsoft, mobile, network, phishing, phone, privacy, programming, radius, risk, service, smishing, strategy, switch, technology, threat, update, vpn, windows, zero-trustSummary This episode of the Defender’s Log features special guest Tommy Jensen, an internet technologist specializing in IPv6, Zero Trust, and standards. Jensen’s career path, from an AppleCare contractor to a key figure in advancing internet technologies, is explored. The discussion highlights the critical importance and challenges of migrating to IPv6 and the necessity of…
-
New Hook Android Banking Malware Emerges with Advanced Features and 107 Remote Commands
Zimperium’s zLabs research team has identified a sophisticated new variant of the Hook Android banking trojan, marking a significant escalation in mobile threat sophistication. This iteration incorporates ransomware-style overlays that display extortion messages, demanding payments via dynamically fetched wallet addresses from the command-and-control (C2) server. Activated by the >>ransome
-
Google Introduces Enhanced Developer Verification for Play Store App Distribution
Google has announced that all Android apps installed on approved devices will soon need to be able to be traced back to a verified developer identity in an effort to combat the growing wave of financial fraud operations and mobile viruses. The policy, scheduled to roll out in select high-risk regions in 2025 before global…
-
Beware! Fake Google Play Store Sites Used to Spread Android Malware
Cybersecurity researchers have identified a resurgence of SpyNote malware campaigns targeting Android users through sophisticated fake Google Play Store websites. The malicious actor behind these attacks has implemented new anti-analysis techniques and expanded their deceptive tactics since previous reports, demonstrating a persistent threat to mobile device security. Deceptive Campaign Hits Popular Apps The threat actor…
-
0-Click Zendesk Flaw Lets Hackers Hijack Accounts and View All Tickets
A critical zero-click vulnerability in Zendesk’s Android SDK has been uncovered, enabling attackers to hijack support accounts and harvest every ticket without any user interaction. Discovered during a private bug bounty program, the flaw stems from weak token generation and storage mechanisms within Zendesk’s mobile application. Vulnerability Overview Zendesk’s Android client generates authentication tokens by…
-
Microsoft working on fix for ongoing Outlook email issues
Microsoft is working to resolve an Exchange Online issue causing email access problems for Outlook mobile users who use Hybrid Modern Authentication (HMA). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-working-on-fix-for-ongoing-outlook-email-issues/
-
Microsoft working on fix for ongoing Outlook email issues
Microsoft is working to resolve an Exchange Online issue causing email access problems for Outlook mobile users who use Hybrid Modern Authentication (HMA). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-working-on-fix-for-ongoing-outlook-email-issues/
-
»Wallet-Pflicht« Grund zur Sorge oder Chance?
Unternehmen aus verschiedenen Branchen müssen bis spätestens Ende 2027 eine Schnittstelle zu den European-Digital-Identity-Wallets (EUDI) der EU anbieten. Bringt das nur noch mehr Bürokratie aus Brüssel oder können Unternehmen davon sogar profitieren? Christian Gericke, Geschäftsführer der d.velop mobile services und Vorstand des AK Vertrauensdienstes im Branchenverband Bitkom, analysiert das Business-Potenzial der digitalen Brieftaschen. Basierend auf……
-
10 Best Endpoint Detection And Response (EDR) Companies in 2025
In 2025, the endpoint remains the primary battleground for cyber attackers, making the implementation of EDR solutions a critical necessity for robust cybersecurity defenses. Laptops, desktops, servers, mobile devices, and cloud workloads are critical entry points and data repositories, making them prime targets for sophisticated cyber threats. While traditional antivirus (AV) software offers a baseline…
-
Scraping At Carrier Scale: Why Mobile IPs Outperform Datacenter IPs
Tags: mobileLearn why mobile IPs outperform datacenter IPs for large-scale scraping, reducing bans and boosting success with natural traffic patterns. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/scraping-at-carrier-scale-why-mobile-ips-outperform-datacenter-ips/