Authentication, Internet and Mobile - Cyber Security Informer

Experts Flag Security, Privacy Risks in DeepSeek AI App

Krebs on Security

FEBRUARY 6, 2025

New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three “free” downloads for Apple and Google devices since their debut on Jan. “Since this protection is disabled, the app can (and does) send unencrypted data over the internet.”

Risk

Risk Artificial Intelligence Mobile Encryption

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Krebs on Security

JANUARY 16, 2025

Those who fall for the scam are asked to provide payment card data, and eventually will be asked to supply a one-time password sent via SMS or a mobile authentication app. Notably, none of the phishing pages will even load unless the website detects that the visitor is coming from a mobile device.

Phishing

Phishing Scams Mobile Passwords

Internet Archive is Attacked and 31 Million Files Stolen

Security Boulevard

OCTOBER 10, 2024

A user authentication database was stolen from the nonprofit , which also was been beset by a series of DDoS attacks, and a pro-Palestinian threat group has taken credit for the attacks and the data breach. The post Internet Archive is Attacked and 31 Million Files Stolen appeared first on Security Boulevard.

Internet

Internet Internet DDOS Data breaches

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

According to the market share website statista.com , booking.com is by far the Internet’s busiest travel service, with nearly 550 million visits in September. Booking.com said it now requires 2FA , which forces partners to provide a one-time passcode from a mobile authentication app (Pulse) in addition to a username and password.

Phishing

Phishing Accountability Artificial Intelligence Cybercrime

Cell Phone Location Privacy

Schneier on Security

JANUARY 15, 2021

We all know that our cell phones constantly give our location away to our mobile network operators; that’s how they work. The players are the user, a traditional mobile network operator (MNO) like AT&T or Verizon, and a new mobile virtual network operator (MVNO). A group of researchers has figured out a way to fix that.

Surveillance

Surveillance Mobile Authentication VPN

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

The Last Watchdog

AUGUST 19, 2021

At the start of this week, word got out that hackers claimed to have seized personal data for as many as 100 million T-Mobile patrons. According to the attackers, this was a configuration issue on an access point T-Mobile used for testing. The configuration issue made this access point publicly available on the Internet.

Mobile

Mobile Data breaches Authentication Accountability

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. The targeted SMS scams asked employees to click a link and log in at a website that mimicked their employer’s Okta authentication page. Image: Amitai Cohen twitter.com/amitaico.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

Are You One of the 533M People Who Got Facebooked?

Krebs on Security

APRIL 6, 2021

To my mind, this just reinforces the need to remove mobile phone numbers from all of your online accounts wherever feasible. Many people may not consider their mobile phone number to be private information, but there is a world of misery that bad guys, stalkers and creeps can visit on your life just by knowing your mobile number.

Mobile

Mobile Accountability Passwords Authentication

RSAC Fireside Chat: Deploying Hollywood-tested content protection to improve mobile app security

The Last Watchdog

MAY 18, 2023

Your go-to mobile apps aren’t nearly has hackproof as you might like to believe. Related: Fallout of T-Mobile hack Hackers of modest skill routinely bypass legacy security measures, even two-factor authentication, with techniques such as overlay attacks. And hard data shows instances of such breaches on the rise.

Mobile

Mobile Authentication Internet Internet

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

Krebs on Security

SEPTEMBER 4, 2018

Less than a week ago, security researcher Nitish Shah directed KrebsOnSecurity to an open database on the Web that allowed anyone to query up-to-the-minute mSpy records for both customer transactions at mSpy’s site and for mobile phone data collected by mSpy’s software. The database required no authentication. WHO IS MSPY?

Spyware

Spyware Mobile Advertising Software

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. In an Aug.

Mobile

Mobile Phishing Authentication Accountability

Can We Stop Pretending SMS Is Secure Now?

Krebs on Security

MARCH 16, 2021

SMS text messages were already the weakest link securing just about anything online, mainly because there are tens of thousands of employees at mobile stores who can be tricked or bribed into swapping control over a mobile phone number to someone else. “It’s an industry-wide thing.

Telecommunications

Telecommunications Mobile Accountability Wireless

Ubiquiti: Change Your Password, Enable 2FA

Krebs on Security

JANUARY 11, 2021

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication.

Passwords

Passwords Authentication Firmware Accountability

A New Standard for Mobile App Security

Google Security

APRIL 15, 2021

Posted by Brooke Davis and Eugene Liderman, Android Security and Privacy Team With all of the challenges from this past year, users have become increasingly dependent on their mobile devices to create fitness routines, stay connected with loved ones, work remotely, and order things like groceries with ease.

Mobile

Mobile VPN IoT Internet

Robocall Legal Advocate Leaks Customer Data

Krebs on Security

AUGUST 3, 2020

A California company that helps telemarketing firms avoid getting sued for violating a federal law that seeks to curb robocalls has leaked the phone numbers, email addresses and passwords of all its customers, as well as the mobile phone numbers and other data on people who have hired lawyers to go after telemarketers.

Mobile

Mobile Marketing Consumer Protection Wireless

FBI, CISA Echo Warnings on ‘Vishing’ Threat

Krebs on Security

AUGUST 21, 2020

From the alert: “Actors first began using unattributed Voice over Internet Protocol (VoIP) numbers to call targeted employees on their personal cellphones, and later began incorporating spoofed numbers of other offices and employees in the victim company. authenticate the phone call before sensitive information can be discussed.

VPN

VPN Social Engineering Authentication Engineering

Best Internet Security Suites & Software for 2022

eSecurity Planet

FEBRUARY 4, 2022

Malware is one of the biggest threats businesses face, and with nearly a third of all malware coming through the internet and email, businesses and consumers alike need ways to protect themselves. This guide covers the major categories of internet security suites and includes a few of the top options for each. Antivirus Software.

Internet

Internet Internet Software Antivirus

Mobile security threats: reality or myth?

Hot for Security

JUNE 14, 2021

While some security experts might seem over-zealous shouting about the dangers, the vast majority of warnings about mobile security threats are indeed justified. Stalkerware is another big issue on mobile platforms. Mobile threats are in no way a myth. Stay protected with Bitdefender Mobile Security.

Mobile

Mobile Malware Media Spyware

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

eSecurity Planet

NOVEMBER 6, 2024

Despite efforts by Columbus officials to thwart the attack by disconnecting the city’s systems from the internet, it became evident later that substantial data had been stolen and circulated on the dark web. Implement regular training sessions to keep employees informed on the latest attack techniques and how to report suspicious activity.

Ransomware

Ransomware Authentication Identity Theft Penetration Testing

Bad Consumer Security Advice

Schneier on Security

DECEMBER 4, 2018

To remain anonymous and secure on the Internet, invest in a Virtual Private Network account, but remember, the bad guys are very smart, so by the time this column runs, they may have figured out a way to hack into a VPN. And while you're at it, do it for your mobile phone provider and your Internet service provider.

Accountability

Accountability Passwords VPN Mobile

Why & Where You Should You Plant Your Flag

Krebs on Security

AUGUST 12, 2020

As KrebsOnSecurity observed back in 2018 , many people — particularly older folks — proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including everything from utilities and mobile phones to retirement benefits and online banking services. YOUR CREDIT FILES.

Accountability

Accountability Mobile Banking Passwords

NEW TECH: DigiCert Document Signing Manager leverages PKI to advance electronic signatures

The Last Watchdog

JULY 21, 2021

Related: Why PKI will endure as the Internet’s secure core. And PKI , of course, is the behind-the-scenes authentication and encryption framework on which the Internet is built. Most of us, by now, take electronic signatures for granted. Yet electronic signatures do have their security limitations.

Computers and Electronics

Computers and Electronics Authentication Digital transformation Internet

Americans urged to use encrypted messaging after large, ongoing cyberattack

Malwarebytes

DECEMBER 5, 2024

During transit the message remains encrypted the entire time it is moving across the internet. What that means is only the person sending it and the person receiving it can read it. To achieve this, a message gets encrypted on your device before it is sent out. You don’t need an expensive app to achieve this.

Encryption

Encryption Identity Theft Media Telecommunications

Your Phone May Soon Replace Many of Your Passwords

Krebs on Security

MAY 7, 2022

Apple , Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. “I worry about forgotten password recovery for cloud accounts.”

Passwords

Passwords Authentication Accountability Mobile

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

FEBRUARY 8, 2021

Brad Marden , superintendent of cybercrime operations for the Australian Federal Police (AFP), said their investigation into who was behind U-Admin began in late 2018, after Australian citizens began getting deluged with phishing attacks via mobile text messages that leveraged the software.

Phishing

Phishing Scams Banking Mobile

Passkeys and The Beginning of Stronger Authentication

Thales Cloud Protection & Licensing

FEBRUARY 1, 2024

Passkeys and The Beginning of Stronger Authentication madhav Fri, 02/02/2024 - 05:23 How passkeys are rewriting the current threat landscape Lillian, an experienced CISO, surveyed the threat landscape. Lillian knew that a shift in authentication couldn't wait. FIDO is an overarching framework for secure and passwordless authentication.

Authentication

Authentication Passwords CISO Password Management

Local Networks Go Global When Domain Names Collide

Krebs on Security

AUGUST 23, 2024

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. SSL/TLS certs). ” Caturegli said setting up an email server record for memrtcc.ad

DNS

DNS Internet Internet Authentication

Vital Tips & Resources to Improve Your Internet Safety

CyberSecurity Insiders

DECEMBER 18, 2021

Online shopping, mobile banking, even accessing your e-mails — all these can expose you to cyber threats. Everything connected to the internet is vulnerable to cyber attacks. Use Strong Passwords & Two-Factor Authentication. Other Tips for Internet Safety in a Nutshell. Keep All Your Devices Up to Date.

Internet

Internet Internet Passwords Banking

MY TAKE: Why IoT systems won’t be secure until each and every microservice is reliably authenticated

The Last Watchdog

MARCH 4, 2020

Wider use of Internet of Things systems that can make daily living safer, healthier and more convenient is on the immediate horizon. I’m referring to the Public Key Infrastructure, or PKI, and the underlying TLS/SSL authentication and encryption protocols. What we’re seeing is pretty basic things around authentication.

IoT

IoT Authentication Internet Internet

Sprint Exposed Customer Support Site to Web

Krebs on Security

JANUARY 29, 2020

leaked internal customer support data to the Internet, mobile provider Sprint has addressed a mix-up in which posts to a private customer support community were exposed to the Web. Fresh on the heels of a disclosure that Microsoft Corp. A redacted screen shot of one Sprint customer support thread exposed to the Web.

Social Engineering

Social Engineering Telecommunications Data privacy Engineering

SHARED INTEL: IT pros gravitate to ‘passwordless’ authentication to improve security, boost agility

The Last Watchdog

APRIL 7, 2021

Passwordless authentication as a default parameter can’t arrive too soon. That’s the upshot of a new report, The State of Passwordless Security 2021 , put out by HYPR , a New York City-based supplier of advanced authentication systems. Related: Top execs call for facial recognition to be regulated. 1 use case is remote access.”.

Authentication

Authentication Digital transformation Passwords Password Management

Busting SIM Swappers and SIM Swap Myths

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. In early July 2018, Ferri was traveling in Europe when he discovered his T-Mobile phone no longer had service.

Mobile

Mobile Cryptocurrency Accountability Passwords

What Is Two-Factor Authentication (2FA) and Why Should You Use It?

IT Security Guru

OCTOBER 26, 2023

Ah, the Internet: a treasure trove of memes, cat videos, and—let’s be honest—some stuff you’d rather keep under wraps. Enter Two-Factor Authentication, or 2FA for short. Different Flavors of 2FA Ah, variety is the spice of life, and when it comes to Two-Factor Authentication, the flavors abound. The advantage?

Authentication

Authentication Passwords Mobile VPN

MY TAKE: A few reasons to believe RSAC 2023’s ‘stronger together’ theme is gaining traction

The Last Watchdog

APRIL 30, 2023

Multi-factor authentication ( MFA ) has raised the bar, but MFA alone is not enough to slow, much less stop, moderately-skilled bad actors. about the role of advanced wearable authentication devices, going forward. Our mobile devices, and the mobile apps on them, have become our digital appendages.

Mobile

Mobile Cloud Migration Penetration Testing Authentication

Best Enterprise Mobility Management (EMM) Solutions for 2022

eSecurity Planet

MARCH 15, 2022

Managing mobile apps and devices is a challenge faced by all organizations these days. One technology that’s evolved to address mobile security, access management , and control is enterprise mobility management (EMM). Mobile application management (MAM) also appeared to control data and applications on mobile devices.

Mobile

Mobile Technology Risk Marketing

Californian IT company DNA Micro leaks private mobile phone data

Security Affairs

OCTOBER 18, 2023

Once the instance is exposed to the internet – without being secured by authentication – it’s accessible to anyone. IMEI is a unique number assigned to each mobile device and is used to identify a device on a mobile network. If that happens, it can cause disruptions to the mobile service of the device.

Mobile

Mobile Phishing Manufacturing Risk

March Madness Meets Cyber Mayhem: How Cybercriminals Are Playing Offense this Season

SecureWorld News

MARCH 20, 2025

Mobile madness: the sneaky side of cyber scams With fans constantly checking scores, streaming games, and logging into betting apps, mobile devices are a major attack surface. Enterprises must take a mobile-first approach to security, ensuring threats are detected in real-time before they impact users or corporate networks."

Scams

Scams Social Engineering Mobile Phishing

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

In each attack, the victims saw their email and financial accounts compromised after suffering an unauthorized SIM-swap, wherein attackers transferred each victim’s mobile phone number to a new device that they controlled. Prosecutors say Noah Michael Urban of Palm Coast, Fla.,

Social Engineering

Social Engineering Mobile Passwords Cybercrime

GUEST ESSAY – A primer on ‘WAAP’ – an approach to securing APIs at the web app layer

The Last Watchdog

FEBRUARY 28, 2022

This has resulted in astounding innovations in cloud services, mobile computing, IoT systems and agile software development. Whether it’s IoT (Internet of Things) devices, desktop applications, web applications native to the web browsers, or mobile applications – all these types of software rely on APIs in one way or another.

Mobile

Mobile Penetration Testing IoT Digital transformation

GUEST ESSAY: Consumers, institutions continue to shoulder burden for making mobile banking secure

The Last Watchdog

JULY 17, 2024

The rapid adoption of mobile banking has revolutionized how we manage our finances. Related: Deepfakes aimed at mobile banking apps With millions of users worldwide relying on mobile apps for their banking needs, the convenience is undeniable. Surging attacks Mobile banking has become a prime target for cybercriminals.

Banking

Banking Mobile Cyber Attacks Encryption

Internet safety tips for kids and teens: A comprehensive guide for the modern parent

Malwarebytes

SEPTEMBER 21, 2021

Today’s generation of kids and teens consider their devices and the Internet as extensions of their lives. So without further ado, let’s dive into what we should be teaching our kids about Internet safety and what we can do to enforce these teachings. 7 Internet safety tips. Enable multi-factor authentication (MFA).

Internet

Internet Internet Passwords Password Management

Voice Phishers Targeting Corporate VPNs

Krebs on Security

AUGUST 19, 2020

Time is of the essence in these attacks because many companies that rely on VPNs for remote employee access also require employees to supply some type of multi-factor authentication in addition to a username and password — such as a one-time numeric code generated by a mobile app or text message. Image: urlscan.io.

Phishing

Phishing VPN Social Engineering Media

10 Behaviors That Will Reduce Your Risk Online

Daniel Miessler

MAY 14, 2020

In that piece I wanted to link to some safe internet practices—which some used to call Safe Hex—but I couldn’t find anything newer than nine years old. Enable two-factor authentication on all critical accounts. don’t install software from random places on the internet. Everything. Setting up Google 2FA.

Risk

Risk Passwords Password Management Accountability

MY TAKE: RSAC 2023 roundup – evidence of ‘stronger together’ innovation takes shape

The Last Watchdog

APRIL 28, 2023

Multi-factor authentication ( MFA ) has raised the bar, but MFA alone is not enough to slow, much less stop, moderately-skilled bad actors. about the role of advanced wearable authentication devices, going forward. Our mobile devices, and the mobile apps on them, have become our digital appendages.

Mobile

Mobile Cloud Migration Penetration Testing Authentication

Experts Flag Security, Privacy Risks in DeepSeek AI App

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Webinars

Trending Sources

Internet Archive is Attacked and 31 Million Files Stolen

Webinars

Booking.com Phishers May Leave You With Reservations

Cell Phone Location Privacy

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Are You One of the 533M People Who Got Facebooked?

RSAC Fireside Chat: Deploying Hollywood-tested content protection to improve mobile app security

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

How 1-Time Passcodes Became a Corporate Liability

Can We Stop Pretending SMS Is Secure Now?

Ubiquiti: Change Your Password, Enable 2FA

A New Standard for Mobile App Security

Robocall Legal Advocate Leaks Customer Data

FBI, CISA Echo Warnings on ‘Vishing’ Threat

Best Internet Security Suites & Software for 2022

Mobile security threats: reality or myth?

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

Bad Consumer Security Advice

Why & Where You Should You Plant Your Flag

NEW TECH: DigiCert Document Signing Manager leverages PKI to advance electronic signatures

Americans urged to use encrypted messaging after large, ongoing cyberattack

Your Phone May Soon Replace Many of Your Passwords

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Passkeys and The Beginning of Stronger Authentication

Local Networks Go Global When Domain Names Collide

Vital Tips & Resources to Improve Your Internet Safety

MY TAKE: Why IoT systems won’t be secure until each and every microservice is reliably authenticated

Sprint Exposed Customer Support Site to Web

SHARED INTEL: IT pros gravitate to ‘passwordless’ authentication to improve security, boost agility

Busting SIM Swappers and SIM Swap Myths

What Is Two-Factor Authentication (2FA) and Why Should You Use It?

MY TAKE: A few reasons to believe RSAC 2023’s ‘stronger together’ theme is gaining traction

Best Enterprise Mobility Management (EMM) Solutions for 2022

Californian IT company DNA Micro leaks private mobile phone data

March Madness Meets Cyber Mayhem: How Cybercriminals Are Playing Offense this Season

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

GUEST ESSAY – A primer on ‘WAAP’ – an approach to securing APIs at the web app layer

GUEST ESSAY: Consumers, institutions continue to shoulder burden for making mobile banking secure

Internet safety tips for kids and teens: A comprehensive guide for the modern parent

Voice Phishers Targeting Corporate VPNs

10 Behaviors That Will Reduce Your Risk Online

MY TAKE: RSAC 2023 roundup – evidence of ‘stronger together’ innovation takes shape

Stay Connected