Krebs on Security

FEBRUARY 28, 2023

Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. Each advertises their claimed access to T-Mobile systems in a similar way. ” or “ Tmo up!

Mobile 336

Mobile Phishing Authentication Advertising 336

Security Affairs

NOVEMBER 18, 2024

T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies. T-Mobile confirms it was hacked as part of a long-running cyber espionage campaign targeting Telco companies. The bad news is that this isn’t the first incident suffered by T-Mobile.

Mobile 112

Mobile Telecommunications Data breaches Hacking 112

Krebs on Security

FEBRUARY 18, 2025

But a flurry of innovation from cybercrime groups in China is breathing new life into the carding industry, by turning phished card data into mobile wallets that can be used online and at main street stores. And they are not traditional SMS phishing or “ smishing ” messages, as they bypass the mobile networks entirely.

Phishing 274

Phishing Mobile Scams Retail 274

Security Affairs

NOVEMBER 28, 2024

T-Mobile reported recent infiltration attempts but pointed out that threat actors had no access to its systems and no sensitive data was compromised. T-Mobile detected recent infiltration attempts but confirmed no unauthorized system access occurred, and no sensitive data was compromised. This is not the case at T-Mobile.”

Mobile 115

Mobile Telecommunications Government Internet 115

Krebs on Security

MARCH 20, 2023

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection.

Mobile 312

Mobile Wireless Advertising Telecommunications 312

Schneier on Security

NOVEMBER 27, 2024

Legal documents released in ongoing US litigation between NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons maker ­ and not its government customers ­ is the party that “installs and extracts” information from mobile phones targeted by the company’s hacking software.

Government 316

Government Spyware Mobile Hacking 316

Krebs on Security

JANUARY 16, 2025

Those who fall for the scam are asked to provide payment card data, and eventually will be asked to supply a one-time password sent via SMS or a mobile authentication app. Notably, none of the phishing pages will even load unless the website detects that the visitor is coming from a mobile device.

Phishing 295

Phishing Scams Mobile Passwords 295

Krebs on Security

MARCH 21, 2025

states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. If you own a mobile phone, the chances are excellent that at some point in the past two years it has received at least one phishing message that spoofs the U.S. Image: WLVT-8.

Phishing 174

Phishing Mobile Scams Banking 174

SecureList

NOVEMBER 29, 2024

Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. IT threat evolution in Q3 2024 IT threat evolution in Q3 2024.

Mobile 105

Mobile Adware Ransomware Malware 105

Schneier on Security

NOVEMBER 26, 2024

which are two recently released versions of Apple’s mobile operating system, according to documents describing the tool’s capabilities in granular detail obtained by 404 Media. The documents do not appear to contain information about what Graykey can access from the public release of iOS 18.1, which was released on October 28.

Media 283

Media Manufacturing Mobile Hacking 283

Tech Republic Security

OCTOBER 16, 2024

Zscaler ThreatLabz report reveals a 2024 surge in mobile, IoT, and OT cyberattacks, highlighting key trends and the need for zero trust security.

IoT 179

IoT Mobile Cyber threats Internet 179

Krebs on Security

DECEMBER 3, 2024

Interisle sources data about cybercrime domains from anti-spam organizations, including the Anti-Phishing Working Group (APWG), the Coalition Against Unsolicited Commercial Email (CAUCE), and the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG).

Cybercrime 276

Cybercrime Phishing Accountability Internet 276

eSecurity Planet

FEBRUARY 26, 2025

Cybercriminals are shifting their focus from emails to text messages, using mishing a more deceptive form of phishing to target mobile users and infiltrate corporate networks, according to new security research by Zimperium. Zimperium found that mishing activity peaked in August 2024, with over 1,000 daily attacks recorded. What is mishing?

Phishing 89

Phishing Mobile Social Engineering Data breaches 89

Krebs on Security

APRIL 29, 2024

Federal Communications Commission (FCC) today levied fines totaling nearly $200 million against the four major carriers — including AT&T , Sprint , T-Mobile and Verizon — for illegally sharing access to customers’ location information without consent.

Wireless 319

Wireless Mobile Technology 319

Schneier on Security

JANUARY 11, 2022

Some European cell phone carriers , and now T-Mobile , are blocking Apple’s Private Relay anonymous browsing feature. This could be an interesting battle to watch. Slashdot thread.

Mobile 345

Mobile VPN Encryption 345

Security Affairs

NOVEMBER 25, 2024

” An SMS blaster attack is a cyberattack where a large number of malicious or fraudulent SMS messages are sent to mobile devices within a specific area or to a targeted group. SMS blaster attacks can exploit vulnerabilities in mobile networks and typically require proximity to the targeted devices for localized attacks.

Mobile 123

Mobile Scams Technology Telecommunications 123

Krebs on Security

NOVEMBER 1, 2024

KrebsOnSecurity last week heard from a reader whose close friend received a targeted phishing message within the Booking mobile app just minutes after making a reservation at a California. ” The phony booking.com website generated by visiting the link in the text message.

Phishing 255

Phishing Accountability Artificial Intelligence Cybercrime 255

Security Affairs

OCTOBER 22, 2024

A vulnerability resides in Samsung mobile processors and according to the experts, it has been chained with other vulnerabilities to achieve arbitrary code execution on vulnerable devices. The vulnerability is a use-after-free issue, attackers could exploit the flaw to escalate privileges on a vulnerable Android device.

Firmware 144

Firmware Mobile Spyware Media 144

Security Affairs

OCTOBER 17, 2024

VMWare warns to address a remote code execution vulnerability, tracked as CVE-2024-38814 (CVSS score of 8.8), in its HCX application mobility platform. ” VMware HCX (Hybrid Cloud Extension) is a workload mobility platform designed to simplify the migration, rebalancing, and continuity of workloads across data centers and clouds.

Authentication 130

Authentication Mobile Hacking Information Security 130

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. In an Aug.

Mobile 334

Mobile Phishing Authentication Accountability 334

Schneier on Security

NOVEMBER 13, 2024

The mobile scanners on cars are not mapped. DeFlock is a crowd-sourced project to map license plate scanners. It only records the fixed scanners, of course. The post Mapping License Plate Scanners in the US appeared first on Schneier on Security.

Mobile 293

Mobile Surveillance 293

NSTIC

NOVEMBER 13, 2024

If you are interested in the world of digital identities, you have probably heard some of the buzzwords that have been floating around for a few years now… “verifiable credential,” “digital wallet,” “mobile driver’s license” or “mDL.” But what exactly is a verifiable digital credential?

Insurance 133

Insurance Mobile 133

Malwarebytes

FEBRUARY 27, 2025

Combining official-looking Google search ads with specially-crafted PayPal pay links, makes this scheme particularly dangerous on mobile devices due to their screen size limitation and likelihood of not having security software. There are also security solutions that can block ads and malicious links, such as Malwarebytes for mobile devices.

Scams 115

Scams Mobile Small Business Advertising 115

Krebs on Security

DECEMBER 16, 2021

Nicholas Truglia was part of a group alleged to have stolen more than $100 million from cryptocurrency investors using fraudulent “SIM swaps,” scams in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s online identities. Nicholas Truglia, holding bottle.

Cryptocurrency 363

Cryptocurrency Mobile Accountability Scams 363

Schneier on Security

MARCH 7, 2025

It runs on a $20 mobile hotspot. The EFF has created an open-source hardware tool to detect IMSI catchers: fake cell phone towers that are used for mass surveillance of an area.

Surveillance 243

Surveillance Mobile 243

Malwarebytes

FEBRUARY 28, 2025

By definition, stalkerware is a term used to describe the toolssoftware programs and mobile appsthat enable someone to secretly spy on another persons private life via their mobile device. In the past we have written about similar problems with: mSpy , a mobile monitoring app which suffered multiple data breaches.

Mobile 101

Mobile Data breaches Marketing Internet 101

Malwarebytes

FEBRUARY 11, 2025

They started developing entire mobile apps on Android that could provide the same level of theft. These decoy apps are often hosted on less popular mobile app stores, as the protections of the Google Play store often flag and remove these apps, should they ever sneak onto the marketplace. A low number of reviews may signal a decoy app.

Phishing 129

Phishing Passwords Mobile Authentication 129

Schneier on Security

JULY 28, 2021

Mobile carriers sold­ — and still sell — ­location data to brokers who aggregate it and sell it to a range of buyers, including advertisers, law enforcement , roadside services, and even bounty hunters. The data that resulted in Burrill’s ouster was reportedly obtained through legal means.

Mobile 363

Mobile Advertising Data collection Surveillance 363

Schneier on Security

JULY 21, 2022

One flaw is the use of unencrypted HTTP communications that makes it possible for remote hackers to conduct adversary-in-the-middle attacks that intercept or change requests sent between the mobile application and supporting servers.

Manufacturing 330

Manufacturing Surveillance Mobile Authentication 330

Schneier on Security

MARCH 22, 2024

For Android, the world’s most popular and widely used mobile operating system, the program awarded over $3.4 The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the program’s launch in 2010 has reached $59 million.

Mobile 325

Mobile Software 325

Krebs on Security

NOVEMBER 21, 2024

technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. Image: Amitai Cohen twitter.com/amitaico.

Identity Theft 245

Identity Theft Phishing Cryptocurrency Accountability 245

Security Affairs

OCTOBER 28, 2024

million mobile and fixed subscribers. “This suspected data breach reportedly affects Free Mobile and Freebox customers, with the data leak dating back to October 17, 2024, according to the cybercriminals.” Free S.A.S. is a French telecommunications company, subsidiary of Iliad S.A. ” wrote the cyber evangelist SaxX.

Cyber Attacks 124

Cyber Attacks Telecommunications Data breaches Banking 124

SecureWorld News

MARCH 20, 2025

Mobile madness: the sneaky side of cyber scams With fans constantly checking scores, streaming games, and logging into betting apps, mobile devices are a major attack surface. Enterprises must take a mobile-first approach to security, ensuring threats are detected in real-time before they impact users or corporate networks."

Scams 77

Scams Social Engineering Mobile Phishing 77

IT Security Guru

JANUARY 22, 2025

The Evolving Web Landscape Before we dive into the plugins, let’s look at some website basics that are so crucial in 2025: Mobile-First Indexing: Google loves mobile-friendly websites. Equal attention should be given to both desktop and mobile experiences. Your site needs to be responsive and perform well on all devices.

Artificial Intelligence 116

Artificial Intelligence Backups Mobile Firewall 116

Schneier on Security

OCTOBER 22, 2021

The nature of the data targeted by the actor aligns with information likely to be of significant interest to signals intelligence organizations.

Telecommunications 362

Telecommunications Architecture Mobile Hacking 362

Krebs on Security

JANUARY 19, 2022

The agency says that by the summer of 2022, the only way to log in to irs.gov will be through ID.me , an online identity verification service that requires applicants to submit copies of bills and identity documents, as well as a live video feed of their faces via a mobile device. The IRS says it will require ID.me McLean, Va.-based

Mobile 363

Mobile Accountability Insurance Government 363

Schneier on Security

AUGUST 31, 2023

A used government surveillance van is for sale in Chicago: So how was this van turned into a mobile spying center? Well, let’s start with how it has more LCD monitors than a Counterstrike LAN party. They can be used to monitor any of six different video inputs including a videoscope camera.

Surveillance 335

Surveillance Government Mobile Media 335