Internet and Mobile - Cyber Security Informer

T-Mobile Investigating Claims of Massive Data Breach

Krebs on Security

AUGUST 16, 2021

On Sunday, Vice.com broke the news that someone was selling data on 100 million people, and that the data came from T-Mobile. On Sunday, Vice.com broke the news that someone was selling data on 100 million people, and that the data came from T-Mobile. A sales thread tied to the allegedly stolen T-Mobile customer data.

Mobile

Mobile Data breaches Accountability Wireless

Why Phishers Love New TLDs Like.shop,top and.xyz

Krebs on Security

DECEMBER 3, 2024

Interisle sources data about cybercrime domains from anti-spam organizations, including the Anti-Phishing Working Group (APWG), the Coalition Against Unsolicited Commercial Email (CAUCE), and the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG). By comparison, the cheapest price identified for a.com domain was $5.91.

Cybercrime

Cybercrime Phishing Accountability Internet

Internet Backbone Giant Lumen Shuns.RU

Krebs on Security

MARCH 8, 2022

Lumen Technologies , an American company that operates one of the largest Internet backbones and carries a significant percentage of the world’s Internet traffic, said today it will stop routing traffic for organizations based in Russia. ru) from the Internet. More information can help, even as disinformation circulates.

Internet

Internet Internet Government Technology

T-Mobile detected network intrusion attempts and blocked them

Security Affairs

NOVEMBER 28, 2024

T-Mobile reported recent infiltration attempts but pointed out that threat actors had no access to its systems and no sensitive data was compromised. T-Mobile detected recent infiltration attempts but confirmed no unauthorized system access occurred, and no sensitive data was compromised. This is not the case at T-Mobile.”

Mobile

Mobile Telecommunications Government Internet

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies. T-Mobile confirms it was hacked as part of a long-running cyber espionage campaign targeting Telco companies. The bad news is that this isn’t the first incident suffered by T-Mobile.

Mobile

Mobile Telecommunications Data breaches Hacking

When Your Used Car is a Little Too ‘Mobile’

Krebs on Security

FEBRUARY 5, 2020

Many modern vehicles let owners use the Internet or a mobile device to control the car’s locks, track location and performance data, and start the engine. “A master reset cleans phone data and removes previous Ford Pass and My Ford Mobile connections,” the company said in a statement released to KrebsOnSecurity.

Mobile

Mobile Engineering Internet Internet

How Phished Data Turns into Apple & Google Wallets

Krebs on Security

FEBRUARY 18, 2025

But a flurry of innovation from cybercrime groups in China is breathing new life into the carding industry, by turning phished card data into mobile wallets that can be used online and at main street stores. And they are not traditional SMS phishing or “ smishing ” messages, as they bypass the mobile networks entirely.

Phishing

Phishing Mobile Scams Retail

Voatz Internet Voting App Is Insecure

Schneier on Security

FEBRUARY 17, 2020

This paper describes the flaws in the Voatz Internet voting app: " The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. to allow select voters to cast their ballot on a mobile phone via a proprietary app called "Voatz." Federal Elections.". News articles.

Internet

Internet Internet Mobile Engineering

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Krebs on Security

JANUARY 16, 2025

Those who fall for the scam are asked to provide payment card data, and eventually will be asked to supply a one-time password sent via SMS or a mobile authentication app. Notably, none of the phishing pages will even load unless the website detects that the visitor is coming from a mobile device.

Phishing

Phishing Scams Mobile Passwords

MyBook Users Urged to Unplug Devices from Internet

Krebs on Security

JUNE 25, 2021

Hard drive giant Western Digital is urging users of its MyBook Live brand of network storage drives to disconnect them from the Internet, warning that malicious hackers are remotely wiping the drives using a critical flaw that can be triggered by anyone who knows the Internet address of an affected device.

Internet

Internet Internet Backups Small Business

Why You Should Opt Out of Sharing Data With Your Mobile Provider

Krebs on Security

MARCH 20, 2023

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection.

Mobile

Mobile Wireless Advertising Telecommunications

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Krebs on Security

FEBRUARY 28, 2023

Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. Each advertises their claimed access to T-Mobile systems in a similar way. ” or “ Tmo up!

Mobile

Mobile Phishing Authentication Advertising

Internet Archive is Attacked and 31 Million Files Stolen

Security Boulevard

OCTOBER 10, 2024

The post Internet Archive is Attacked and 31 Million Files Stolen appeared first on Security Boulevard. A user authentication database was stolen from the nonprofit , which also was been beset by a series of DDoS attacks, and a pro-Palestinian threat group has taken credit for the attacks and the data breach.

Internet

Internet Internet DDOS Data breaches

Arrests in Tap-to-Pay Scheme Powered by Phishing

Krebs on Security

MARCH 21, 2025

states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. If you own a mobile phone, the chances are excellent that at some point in the past two years it has received at least one phishing message that spoofs the U.S. Image: WLVT-8.

Phishing

Phishing Mobile Scams Banking

Collecting and Selling Mobile Phone Location Data

Schneier on Security

AUGUST 11, 2020

The Wall Street Journal has an article about a company called Anomaly Six LLC that has an SDK that's used by "more than 500 mobile applications." mobile phone movement data only to nongovernmental, private-sector clients. [.]. Just one of the many Internet companies spying on our every move for profit.

Mobile

Mobile Government Internet Internet

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Krebs on Security

FEBRUARY 28, 2025

A fake browser update page pushing mobile malware. BEARHOST prides itself on the ability to evade blocking by Spamhaus , an organization that many Internet service providers around the world rely on to help identify and block sources of malware and spam. Image: Intrinsec. Image: cidr-report.org.

Malware

Malware Antivirus Software DDOS

IT threat evolution in Q3 2024. Non-mobile statistics

SecureList

NOVEMBER 29, 2024

Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. IT threat evolution in Q3 2024 IT threat evolution in Q3 2024. Country/territory* %** 1 Qatar 11.95

Mobile

Mobile Adware Ransomware Malware

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

Krebs on Security

NOVEMBER 28, 2022

A recent scoop by Reuters revealed that mobile apps for the U.S. But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan , malware designed to surreptitiously intercept and forward text messages from Android mobile devices. “Pushwoosh Inc.

Mobile

Mobile Malware Technology Government

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

The Last Watchdog

AUGUST 19, 2021

At the start of this week, word got out that hackers claimed to have seized personal data for as many as 100 million T-Mobile patrons. According to the attackers, this was a configuration issue on an access point T-Mobile used for testing. The configuration issue made this access point publicly available on the Internet.

Mobile

Mobile Data breaches Authentication Accountability

RSAC Fireside Chat: Deploying Hollywood-tested content protection to improve mobile app security

The Last Watchdog

MAY 18, 2023

Your go-to mobile apps aren’t nearly has hackproof as you might like to believe. Related: Fallout of T-Mobile hack Hackers of modest skill routinely bypass legacy security measures, even two-factor authentication, with techniques such as overlay attacks. And hard data shows instances of such breaches on the rise.

Mobile

Mobile Authentication Internet Internet

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

According to the market share website statista.com , booking.com is by far the Internet’s busiest travel service, with nearly 550 million visits in September. Booking.com said it now requires 2FA , which forces partners to provide a one-time passcode from a mobile authentication app (Pulse) in addition to a username and password.

Phishing

Phishing Accountability Artificial Intelligence Cybercrime

RSAC Fireside Chat: How a well-placed ‘NGWAF’ can staunch the flow of web, mobile app attacks

The Last Watchdog

MAY 16, 2023

Related: The role of legacy security tools Yet the heaviest volume of routine, daily cyber attacks continue to target a very familiar vector: web and mobile apps. A10 has a birds eye view of the flow of maliciousness directed at web and mobile apps — via deployments of its Thunder Application Delivery Controller (ADC.)

Mobile

Mobile Cloud Migration Marketing Firewall

Identifying a Person Based on a Photo, LinkedIn and Etsy Profiles, and Other Internet Bread Crumbs

Schneier on Security

JUNE 22, 2020

A Google search of that handle led agents to an account on Poshmark, the mobile fashion marketplace, with a user handle "lore-elisabeth." There are many other forums on the Internet to discuss that. Another article did a more detailed analysis, and concludes that the Etsy review was the linchpin.

Internet

Internet Internet Mobile Accountability

SHARED INTEL: How attacks on web, mobile apps are being fueled by rising API vulnerabilities

The Last Watchdog

APRIL 7, 2020

Zoosk’s core service is delivered via a mobile app that has 20 different registration and/or login pages – all are API driven. Here’s how Keil breaks down what happened: Keil “The attackers deconstructed the mobile app and found all of these login and mobile app registration APIs, and so they started using them for attack purposes.

Mobile

Mobile Digital transformation Scams Accountability

RSAC Fireside Chat: The need to stop mobile apps from exposing API keys, user credentials in runtime

The Last Watchdog

MAY 23, 2023

As digital transformation accelerates, Application Programming Interfaces (APIs) have become integral to software development – especially when it comes to adding cool new functionalities to our go-to mobile apps. Approov recently did a deep dive study of 650 financial services mobile apps of financial institutions across Europe and the US.

Mobile

Mobile Digital transformation Financial Services Software

Zscaler Report: Mobile, IoT, and OT Cyber Threats Surge in 2024

Tech Republic Security

OCTOBER 16, 2024

Zscaler ThreatLabz report reveals a 2024 surge in mobile, IoT, and OT cyberattacks, highlighting key trends and the need for zero trust security.

IoT

IoT Mobile Cyber threats Internet

Microsoft outage affects Bing, Copilot, DuckDuckGo and ChatGPT internet search

Bleeping Computer

MAY 23, 2024

A massive Microsoft outage in some regions affects Bing.com, Copilot for web and mobile, Copilot in Windows, ChatGPT internet search and DuckDuckGo. [.]

Internet

Internet Internet Mobile Software

MY TAKE: Why the Matter smart home standard portends the coming of the Internet of Everything

The Last Watchdog

OCTOBER 19, 2022

Matter is intended to be the lingua franca for the Internet of Things. The Internet of Things is a huge new platform for amazing innovation,” Hanna observes. Notably, they’ll connect to the Internet – and to each other – via an advanced type of mesh network. . It’s only a first step and there’s a long way to go.

Internet

Internet Internet Manufacturing Technology

Report: Recent 10x Increase in Cyberattacks on Ukraine

Krebs on Security

MARCH 11, 2022

As their cities suffered more intense bombardment by Russian military forces this week, Ukrainian Internet users came under renewed cyberattacks, with one Internet company providing service there saying they blocked ten times the normal number of phishing and malware attacks targeting Ukrainians.

DNS

DNS Internet Internet Phishing

France’s second-largest telecoms provider Free suffered a cyber attack

Security Affairs

OCTOBER 28, 2024

French internet service provider (ISP) Free disclosed a cyber attack, threat actors allegedly had access to customer personal information. that provides voice, video, data, and Internet telecommunications to consumers in France. million mobile and fixed subscribers. million mobile and fixed subscribers. Free S.A.S.

Cyber Attacks

Cyber Attacks Telecommunications Data breaches Banking

Cell Phone Location Privacy

Schneier on Security

JANUARY 15, 2021

We all know that our cell phones constantly give our location away to our mobile network operators; that’s how they work. The players are the user, a traditional mobile network operator (MNO) like AT&T or Verizon, and a new mobile virtual network operator (MVNO). A group of researchers has figured out a way to fix that.

Surveillance

Surveillance Mobile Authentication VPN

Are You One of the 533M People Who Got Facebooked?

Krebs on Security

APRIL 6, 2021

To my mind, this just reinforces the need to remove mobile phone numbers from all of your online accounts wherever feasible. Many people may not consider their mobile phone number to be private information, but there is a world of misery that bad guys, stalkers and creeps can visit on your life just by knowing your mobile number.

Mobile

Mobile Accountability Passwords Authentication

Black Hat Fireside Chat: Consumers demand secure mobile apps; it’s high time for brands to deliver

The Last Watchdog

AUGUST 1, 2024

Two-plus decades of enduring wave after wave of mobile app malware and fraud has finally taken its toll on users. I recently visited with Appdome CEO Tom Tovar to discuss clear signals that consumers are now insisting upon mobile apps that are private and secure, as well as convenient. . I’ll keep watch and keep reporting.

Mobile

Mobile Internet Internet Technology

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Security Affairs

NOVEMBER 10, 2024

US CFPB warns employees to avoid work-related mobile calls and texts following China-linked Salt Typhoon hack over security concerns. Do NOT conduct CFPB work using mobile voice calls or text messages,” reads the email sent to the employees referencing a recent government statement acknowledging the telecommunications infrastructure attack.

Hacking

Hacking Internet Internet Government

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. Image: Amitai Cohen twitter.com/amitaico.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

Robocall Legal Advocate Leaks Customer Data

Krebs on Security

AUGUST 3, 2020

A California company that helps telemarketing firms avoid getting sued for violating a federal law that seeks to curb robocalls has leaked the phone numbers, email addresses and passwords of all its customers, as well as the mobile phone numbers and other data on people who have hired lawyers to go after telemarketers.

Mobile

Mobile Marketing Consumer Protection Wireless

Millions of stalkerware users exposed again

Malwarebytes

FEBRUARY 28, 2025

By definition, stalkerware is a term used to describe the toolssoftware programs and mobile appsthat enable someone to secretly spy on another persons private life via their mobile device. In the past we have written about similar problems with: mSpy , a mobile monitoring app which suffered multiple data breaches.

Mobile

Mobile Data breaches Marketing Internet

Tracing the Supply Chain Attack on Android

Krebs on Security

JUNE 25, 2019

” What follows is a deep dive into the identity of that Chinese vendor, which appears to have a long and storied history of pushing the envelope on mobile malware. cn who advertises a mobile game called “Xiaojun Junji,” and says the game is available at blazefire[.]com. “Yehuo” ( ? ? ) com and rurimeter[.]com

Mobile

Mobile Technology Manufacturing Malware

Kyivstar, Ukraine’s largest mobile carrier brought down by a cyber attack

Security Affairs

DECEMBER 12, 2023

The Ukrainian telecommunications company provides communication services and data transmission based on a broad range of fixed and mobile technologies, including 4G (LTE) in Ukraine. The Kyivstar mobile network serves about 26 million mobile customers and more than 1 million broadband fixed internet customers in the country.

Cyber Attacks

Cyber Attacks Mobile Internet Internet

Can We Stop Pretending SMS Is Secure Now?

Krebs on Security

MARCH 16, 2021

SMS text messages were already the weakest link securing just about anything online, mainly because there are tens of thousands of employees at mobile stores who can be tricked or bribed into swapping control over a mobile phone number to someone else. “It’s an industry-wide thing. ” WHAT CAN YOU DO?

Telecommunications

Telecommunications Mobile Accountability Wireless

‘Tis the Season for the Wayward Package Phish

Krebs on Security

NOVEMBER 4, 2021

Louis Morton , a security professional based in Fort Worth, Texas, forwarded an SMS phishing or “smishing” message sent to his wife’s mobile device that indicated a package couldn’t be delivered. One of dozens of FedEx-themed phishing sites currently being advertised via SMS spam. com — stopped resolving.

Phishing

Phishing Scams Mobile DNS

White House Wants to Tighten Internet Routing Security

Security Boulevard

SEPTEMBER 4, 2024

The White House is urging internet network providers to take steps outlined in its roadmap to better secure the Border Gateway Protocol, a set of rule that are not widely known but are crucial to routing traffic around the internet. The post White House Wants to Tighten Internet Routing Security appeared first on Security Boulevard.

Internet

Internet Internet Data privacy Mobile

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. In an Aug.

Mobile

Mobile Phishing Authentication Accountability

German Police Raid DDoS-Friendly Host ‘FlyHosting’

Krebs on Security

MARCH 31, 2023

Authorities in Germany this week seized Internet servers that powered FlyHosting , a dark web offering that catered to cybercriminals operating DDoS-for-hire services, KrebsOnSecurity has learned. The German authorities did not name the suspects or the Internet service in question.

DDOS

DDOS Internet Internet Cybercrime

T-Mobile Investigating Claims of Massive Data Breach

Why Phishers Love New TLDs Like.shop,top and.xyz

Trending Sources

Internet Backbone Giant Lumen Shuns.RU

T-Mobile detected network intrusion attempts and blocked them

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

When Your Used Car is a Little Too ‘Mobile’

How Phished Data Turns into Apple & Google Wallets

Voatz Internet Voting App Is Insecure

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

MyBook Users Urged to Unplug Devices from Internet

Why You Should Opt Out of Sharing Data With Your Mobile Provider

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Internet Archive is Attacked and 31 Million Files Stolen

Arrests in Tap-to-Pay Scheme Powered by Phishing

Collecting and Selling Mobile Phone Location Data

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

IT threat evolution in Q3 2024. Non-mobile statistics

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

RSAC Fireside Chat: Deploying Hollywood-tested content protection to improve mobile app security

Booking.com Phishers May Leave You With Reservations

RSAC Fireside Chat: How a well-placed ‘NGWAF’ can staunch the flow of web, mobile app attacks

Identifying a Person Based on a Photo, LinkedIn and Etsy Profiles, and Other Internet Bread Crumbs

SHARED INTEL: How attacks on web, mobile apps are being fueled by rising API vulnerabilities

RSAC Fireside Chat: The need to stop mobile apps from exposing API keys, user credentials in runtime

Zscaler Report: Mobile, IoT, and OT Cyber Threats Surge in 2024

Microsoft outage affects Bing, Copilot, DuckDuckGo and ChatGPT internet search

MY TAKE: Why the Matter smart home standard portends the coming of the Internet of Everything

Report: Recent 10x Increase in Cyberattacks on Ukraine

France’s second-largest telecoms provider Free suffered a cyber attack

Cell Phone Location Privacy

Are You One of the 533M People Who Got Facebooked?

Black Hat Fireside Chat: Consumers demand secure mobile apps; it’s high time for brands to deliver

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Robocall Legal Advocate Leaks Customer Data

Millions of stalkerware users exposed again

Tracing the Supply Chain Attack on Android

Kyivstar, Ukraine’s largest mobile carrier brought down by a cyber attack

Can We Stop Pretending SMS Is Secure Now?

‘Tis the Season for the Wayward Package Phish

White House Wants to Tighten Internet Routing Security

How 1-Time Passcodes Became a Corporate Liability

German Police Raid DDoS-Friendly Host ‘FlyHosting’

Stay Connected