Internet and Mobile - Cyber Security Informer

Experts Flag Security, Privacy Risks in DeepSeek AI App

Krebs on Security

FEBRUARY 6, 2025

New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three “free” downloads for Apple and Google devices since their debut on Jan. “Since this protection is disabled, the app can (and does) send unencrypted data over the internet.”

Risk

Risk Artificial Intelligence Mobile Encryption

T-Mobile Investigating Claims of Massive Data Breach

Krebs on Security

AUGUST 16, 2021

On Sunday, Vice.com broke the news that someone was selling data on 100 million people, and that the data came from T-Mobile. On Sunday, Vice.com broke the news that someone was selling data on 100 million people, and that the data came from T-Mobile. A sales thread tied to the allegedly stolen T-Mobile customer data.

Mobile

Mobile Data breaches Accountability Wireless

Why Phishers Love New TLDs Like.shop,top and.xyz

Krebs on Security

DECEMBER 3, 2024

Interisle sources data about cybercrime domains from anti-spam organizations, including the Anti-Phishing Working Group (APWG), the Coalition Against Unsolicited Commercial Email (CAUCE), and the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG). By comparison, the cheapest price identified for a.com domain was $5.91.

Cybercrime

Cybercrime Phishing Accountability Internet

Internet Backbone Giant Lumen Shuns.RU

Krebs on Security

MARCH 8, 2022

Lumen Technologies , an American company that operates one of the largest Internet backbones and carries a significant percentage of the world’s Internet traffic, said today it will stop routing traffic for organizations based in Russia. ru) from the Internet. More information can help, even as disinformation circulates.

Internet

Internet Internet Government Technology

T-Mobile detected network intrusion attempts and blocked them

Security Affairs

NOVEMBER 28, 2024

T-Mobile reported recent infiltration attempts but pointed out that threat actors had no access to its systems and no sensitive data was compromised. T-Mobile detected recent infiltration attempts but confirmed no unauthorized system access occurred, and no sensitive data was compromised. This is not the case at T-Mobile.”

Mobile

Mobile Telecommunications Government Internet

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies. T-Mobile confirms it was hacked as part of a long-running cyber espionage campaign targeting Telco companies. The bad news is that this isn’t the first incident suffered by T-Mobile.

Mobile

Mobile Telecommunications Data breaches Hacking

When Your Used Car is a Little Too ‘Mobile’

Krebs on Security

FEBRUARY 5, 2020

Many modern vehicles let owners use the Internet or a mobile device to control the car’s locks, track location and performance data, and start the engine. “A master reset cleans phone data and removes previous Ford Pass and My Ford Mobile connections,” the company said in a statement released to KrebsOnSecurity.

Mobile

Mobile Engineering Internet Internet

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Krebs on Security

JANUARY 16, 2025

Those who fall for the scam are asked to provide payment card data, and eventually will be asked to supply a one-time password sent via SMS or a mobile authentication app. Notably, none of the phishing pages will even load unless the website detects that the visitor is coming from a mobile device.

Phishing

Phishing Scams Mobile Passwords

MyBook Users Urged to Unplug Devices from Internet

Krebs on Security

JUNE 25, 2021

Hard drive giant Western Digital is urging users of its MyBook Live brand of network storage drives to disconnect them from the Internet, warning that malicious hackers are remotely wiping the drives using a critical flaw that can be triggered by anyone who knows the Internet address of an affected device.

Internet

Internet Internet Backups Small Business

Why You Should Opt Out of Sharing Data With Your Mobile Provider

Krebs on Security

MARCH 20, 2023

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection.

Mobile

Mobile Wireless Advertising Telecommunications

Voatz Internet Voting App Is Insecure

Schneier on Security

FEBRUARY 17, 2020

This paper describes the flaws in the Voatz Internet voting app: " The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. to allow select voters to cast their ballot on a mobile phone via a proprietary app called "Voatz." Federal Elections.". News articles.

Internet

Internet Internet Mobile Engineering

Arrests in Tap-to-Pay Scheme Powered by Phishing

Krebs on Security

MARCH 21, 2025

states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. If you own a mobile phone, the chances are excellent that at some point in the past two years it has received at least one phishing message that spoofs the U.S. Image: WLVT-8.

Phishing

Phishing Mobile Scams Banking

China-based SMS Phishing Triad Pivots to Banks

Krebs on Security

APRIL 10, 2025

China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. If the visitor supplies that one-time code, their payment card is then added to a new mobile wallet on an Apple or Google device that is physically controlled by the phishers.

Phishing

Phishing Banking Mobile Retail

Internet Archive is Attacked and 31 Million Files Stolen

Security Boulevard

OCTOBER 10, 2024

The post Internet Archive is Attacked and 31 Million Files Stolen appeared first on Security Boulevard. A user authentication database was stolen from the nonprofit , which also was been beset by a series of DDoS attacks, and a pro-Palestinian threat group has taken credit for the attacks and the data breach.

Internet

Internet Internet DDOS Data breaches

Collecting and Selling Mobile Phone Location Data

Schneier on Security

AUGUST 11, 2020

The Wall Street Journal has an article about a company called Anomaly Six LLC that has an SDK that's used by "more than 500 mobile applications." mobile phone movement data only to nongovernmental, private-sector clients. [.]. Just one of the many Internet companies spying on our every move for profit.

Mobile

Mobile Government Internet Internet

IT threat evolution in Q3 2024. Non-mobile statistics

SecureList

NOVEMBER 29, 2024

Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. IT threat evolution in Q3 2024 IT threat evolution in Q3 2024. Country/territory* %** 1 Qatar 11.95

Mobile

Mobile Adware Ransomware Malware

Sudanese Brothers Arrested in ‘AnonSudan’ Takedown

Krebs on Security

OCTOBER 17, 2024

Prosecutors say Anonymous Sudan offered a “Limited Internet Shutdown Package,” which would enable customers to shut down internet service providers in specified countries for $500 (USD) an hour. An indictment in the Central District of California notes the duo even swamped the websites of the FBI and the Department of State.

DDOS

DDOS Government Internet Internet

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

Krebs on Security

NOVEMBER 28, 2022

A recent scoop by Reuters revealed that mobile apps for the U.S. But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan , malware designed to surreptitiously intercept and forward text messages from Android mobile devices. “Pushwoosh Inc.

Mobile

Mobile Malware Technology Government

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Krebs on Security

FEBRUARY 28, 2025

A fake browser update page pushing mobile malware. BEARHOST prides itself on the ability to evade blocking by Spamhaus , an organization that many Internet service providers around the world rely on to help identify and block sources of malware and spam. Image: Intrinsec. Image: cidr-report.org.

Malware

Malware Antivirus Software DDOS

Popular VPNs are routing traffic via Chinese companies, including one with link to military

Malwarebytes

APRIL 3, 2025

Up to one in five of the most popular mobile VPNs for iOS last year are owned by Chinese companies that do their best to hide the fact. Mobile VPNs are apps that connect your smartphone to the internet via different computers around the world. The company developed several mobile apps for Innovative Connecting Pte.

VPN

VPN Mobile Government Technology

Differences in App Security/Privacy Based on Country

Schneier on Security

SEPTEMBER 30, 2022

One hundred twenty-seven apps varied in what the apps were allowed to access on users’ mobile phones, 49 of which had additional permissions deemed “dangerous” by Google. We present the first large-scale measurement study of geodifferences in the mobile app ecosystem.

Mobile

Mobile Internet Internet VPN

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

The Last Watchdog

AUGUST 19, 2021

At the start of this week, word got out that hackers claimed to have seized personal data for as many as 100 million T-Mobile patrons. According to the attackers, this was a configuration issue on an access point T-Mobile used for testing. The configuration issue made this access point publicly available on the Internet.

Mobile

Mobile Data breaches Authentication Accountability

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

According to the market share website statista.com , booking.com is by far the Internet’s busiest travel service, with nearly 550 million visits in September. Booking.com said it now requires 2FA , which forces partners to provide a one-time passcode from a mobile authentication app (Pulse) in addition to a username and password.

Phishing

Phishing Accountability Artificial Intelligence Cybercrime

RSAC Fireside Chat: Deploying Hollywood-tested content protection to improve mobile app security

The Last Watchdog

MAY 18, 2023

Your go-to mobile apps aren’t nearly has hackproof as you might like to believe. Related: Fallout of T-Mobile hack Hackers of modest skill routinely bypass legacy security measures, even two-factor authentication, with techniques such as overlay attacks. And hard data shows instances of such breaches on the rise.

Mobile

Mobile Authentication Internet Internet

RSAC Fireside Chat: How a well-placed ‘NGWAF’ can staunch the flow of web, mobile app attacks

The Last Watchdog

MAY 16, 2023

Related: The role of legacy security tools Yet the heaviest volume of routine, daily cyber attacks continue to target a very familiar vector: web and mobile apps. A10 has a birds eye view of the flow of maliciousness directed at web and mobile apps — via deployments of its Thunder Application Delivery Controller (ADC.)

Mobile

Mobile Cloud Migration Marketing Firewall

Zscaler Report: Mobile, IoT, and OT Cyber Threats Surge in 2024

Tech Republic Security

OCTOBER 16, 2024

Zscaler ThreatLabz report reveals a 2024 surge in mobile, IoT, and OT cyberattacks, highlighting key trends and the need for zero trust security.

IoT

IoT Mobile Cyber threats Internet

SHARED INTEL: How attacks on web, mobile apps are being fueled by rising API vulnerabilities

The Last Watchdog

APRIL 7, 2020

Zoosk’s core service is delivered via a mobile app that has 20 different registration and/or login pages – all are API driven. Here’s how Keil breaks down what happened: Keil “The attackers deconstructed the mobile app and found all of these login and mobile app registration APIs, and so they started using them for attack purposes.

Mobile

Mobile Digital transformation Scams Accountability

Identifying a Person Based on a Photo, LinkedIn and Etsy Profiles, and Other Internet Bread Crumbs

Schneier on Security

JUNE 22, 2020

A Google search of that handle led agents to an account on Poshmark, the mobile fashion marketplace, with a user handle "lore-elisabeth." There are many other forums on the Internet to discuss that. Another article did a more detailed analysis, and concludes that the Etsy review was the linchpin.

Internet

Internet Internet Mobile Accountability

RSAC Fireside Chat: The need to stop mobile apps from exposing API keys, user credentials in runtime

The Last Watchdog

MAY 23, 2023

As digital transformation accelerates, Application Programming Interfaces (APIs) have become integral to software development – especially when it comes to adding cool new functionalities to our go-to mobile apps. Approov recently did a deep dive study of 650 financial services mobile apps of financial institutions across Europe and the US.

Mobile

Mobile Digital transformation Financial Services Software

Microsoft outage affects Bing, Copilot, DuckDuckGo and ChatGPT internet search

Bleeping Computer

MAY 23, 2024

A massive Microsoft outage in some regions affects Bing.com, Copilot for web and mobile, Copilot in Windows, ChatGPT internet search and DuckDuckGo. [.]

Internet

Internet Internet Mobile Software

MY TAKE: Why the Matter smart home standard portends the coming of the Internet of Everything

The Last Watchdog

OCTOBER 19, 2022

Matter is intended to be the lingua franca for the Internet of Things. The Internet of Things is a huge new platform for amazing innovation,” Hanna observes. Notably, they’ll connect to the Internet – and to each other – via an advanced type of mesh network. . It’s only a first step and there’s a long way to go.

Internet

Internet Internet Manufacturing Technology

Report: Recent 10x Increase in Cyberattacks on Ukraine

Krebs on Security

MARCH 11, 2022

As their cities suffered more intense bombardment by Russian military forces this week, Ukrainian Internet users came under renewed cyberattacks, with one Internet company providing service there saying they blocked ten times the normal number of phishing and malware attacks targeting Ukrainians.

DNS

DNS Internet Internet Phishing

France’s second-largest telecoms provider Free suffered a cyber attack

Security Affairs

OCTOBER 28, 2024

French internet service provider (ISP) Free disclosed a cyber attack, threat actors allegedly had access to customer personal information. that provides voice, video, data, and Internet telecommunications to consumers in France. million mobile and fixed subscribers. million mobile and fixed subscribers. Free S.A.S.

Cyber Attacks

Cyber Attacks Telecommunications Data breaches Banking

Happy 15th Anniversary, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2024

Easily the longest story this year was an investigation into Stark Industries Solutions , a large, mysterious new Internet hosting firm that materialized when Russia invaded Ukraine. Fittingly, Radaris now pimps OneRep as a service when consumers request that their personal information be removed from the data broker’s website.

Scams

Scams Cybercrime Cryptocurrency Social Engineering

Are You One of the 533M People Who Got Facebooked?

Krebs on Security

APRIL 6, 2021

To my mind, this just reinforces the need to remove mobile phone numbers from all of your online accounts wherever feasible. Many people may not consider their mobile phone number to be private information, but there is a world of misery that bad guys, stalkers and creeps can visit on your life just by knowing your mobile number.

Mobile

Mobile Accountability Passwords Authentication

South African telecom provider Cell C disclosed a data breach following a cyberattack

Security Affairs

APRIL 13, 2025

Cell C is the fourth-largest mobile network operator in South Africa, , after Vodacom, MTN, and Telkom. The company founded in 2001 offers prepaid and postpaid mobile plans, data bundles and internet services, fiber broadband, roaming and international calling, SIM-only plans and device deals.

Data breaches

Data breaches Unstructured Data Identity Theft Healthcare

Cell Phone Location Privacy

Schneier on Security

JANUARY 15, 2021

We all know that our cell phones constantly give our location away to our mobile network operators; that’s how they work. The players are the user, a traditional mobile network operator (MNO) like AT&T or Verizon, and a new mobile virtual network operator (MVNO). A group of researchers has figured out a way to fix that.

Surveillance

Surveillance Mobile Authentication VPN

Black Hat Fireside Chat: Consumers demand secure mobile apps; it’s high time for brands to deliver

The Last Watchdog

AUGUST 1, 2024

Two-plus decades of enduring wave after wave of mobile app malware and fraud has finally taken its toll on users. I recently visited with Appdome CEO Tom Tovar to discuss clear signals that consumers are now insisting upon mobile apps that are private and secure, as well as convenient. . I’ll keep watch and keep reporting.

Mobile

Mobile Internet Internet Technology

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. Image: Amitai Cohen twitter.com/amitaico.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Security Affairs

NOVEMBER 10, 2024

US CFPB warns employees to avoid work-related mobile calls and texts following China-linked Salt Typhoon hack over security concerns. Do NOT conduct CFPB work using mobile voice calls or text messages,” reads the email sent to the employees referencing a recent government statement acknowledging the telecommunications infrastructure attack.

Hacking

Hacking Internet Internet Government

Robocall Legal Advocate Leaks Customer Data

Krebs on Security

AUGUST 3, 2020

A California company that helps telemarketing firms avoid getting sued for violating a federal law that seeks to curb robocalls has leaked the phone numbers, email addresses and passwords of all its customers, as well as the mobile phone numbers and other data on people who have hired lawyers to go after telemarketers.

Mobile

Mobile Marketing Consumer Protection Wireless

Tracing the Supply Chain Attack on Android

Krebs on Security

JUNE 25, 2019

” What follows is a deep dive into the identity of that Chinese vendor, which appears to have a long and storied history of pushing the envelope on mobile malware. cn who advertises a mobile game called “Xiaojun Junji,” and says the game is available at blazefire[.]com. “Yehuo” ( ? ? ) com and rurimeter[.]com

Mobile

Mobile Technology Manufacturing Malware

‘Tis the Season for the Wayward Package Phish

Krebs on Security

NOVEMBER 4, 2021

Louis Morton , a security professional based in Fort Worth, Texas, forwarded an SMS phishing or “smishing” message sent to his wife’s mobile device that indicated a package couldn’t be delivered. One of dozens of FedEx-themed phishing sites currently being advertised via SMS spam. com — stopped resolving.

Phishing

Phishing Scams Mobile DNS

Kyivstar, Ukraine’s largest mobile carrier brought down by a cyber attack

Security Affairs

DECEMBER 12, 2023

The Ukrainian telecommunications company provides communication services and data transmission based on a broad range of fixed and mobile technologies, including 4G (LTE) in Ukraine. The Kyivstar mobile network serves about 26 million mobile customers and more than 1 million broadband fixed internet customers in the country.

Cyber Attacks

Cyber Attacks Mobile Internet Internet

Experts Flag Security, Privacy Risks in DeepSeek AI App

T-Mobile Investigating Claims of Massive Data Breach

Trending Sources

Why Phishers Love New TLDs Like.shop,top and.xyz

Internet Backbone Giant Lumen Shuns.RU

T-Mobile detected network intrusion attempts and blocked them

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

When Your Used Car is a Little Too ‘Mobile’

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

MyBook Users Urged to Unplug Devices from Internet

Why You Should Opt Out of Sharing Data With Your Mobile Provider

Voatz Internet Voting App Is Insecure

Arrests in Tap-to-Pay Scheme Powered by Phishing

China-based SMS Phishing Triad Pivots to Banks

Internet Archive is Attacked and 31 Million Files Stolen

Collecting and Selling Mobile Phone Location Data

IT threat evolution in Q3 2024. Non-mobile statistics

Sudanese Brothers Arrested in ‘AnonSudan’ Takedown

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Popular VPNs are routing traffic via Chinese companies, including one with link to military

Differences in App Security/Privacy Based on Country

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

Booking.com Phishers May Leave You With Reservations

RSAC Fireside Chat: Deploying Hollywood-tested content protection to improve mobile app security

RSAC Fireside Chat: How a well-placed ‘NGWAF’ can staunch the flow of web, mobile app attacks

Zscaler Report: Mobile, IoT, and OT Cyber Threats Surge in 2024

SHARED INTEL: How attacks on web, mobile apps are being fueled by rising API vulnerabilities

Identifying a Person Based on a Photo, LinkedIn and Etsy Profiles, and Other Internet Bread Crumbs

RSAC Fireside Chat: The need to stop mobile apps from exposing API keys, user credentials in runtime

Microsoft outage affects Bing, Copilot, DuckDuckGo and ChatGPT internet search

MY TAKE: Why the Matter smart home standard portends the coming of the Internet of Everything

Report: Recent 10x Increase in Cyberattacks on Ukraine

France’s second-largest telecoms provider Free suffered a cyber attack

Happy 15th Anniversary, KrebsOnSecurity!

Are You One of the 533M People Who Got Facebooked?

South African telecom provider Cell C disclosed a data breach following a cyberattack

Cell Phone Location Privacy

Black Hat Fireside Chat: Consumers demand secure mobile apps; it’s high time for brands to deliver

Feds Charge Five Men in ‘Scattered Spider’ Roundup

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Robocall Legal Advocate Leaks Customer Data

Tracing the Supply Chain Attack on Android

‘Tis the Season for the Wayward Package Phish

Kyivstar, Ukraine’s largest mobile carrier brought down by a cyber attack

Stay Connected