Security Affairs

MARCH 5, 2020

New problems for the wireless carrier T-Mobile that disclosed a data breach that exposed some of the customers’ personal information. The wireless carrier T-Mobile was victims of a sophisticated cyber attack that targeted its email vendor. SecurityAffairs – hacking, T-mobile). ” continues the notice.

Mobile 145

Mobile Data breaches Telecommunications Wireless 145

Security Affairs

JULY 10, 2021

Mint Mobile discloses a data breach, an unauthorized attacker gained access to subscribers’ account information and ported phone numbers. Mint Mobile is an American telecommunications company which sells mobile phone services and operates as an MVNO on T-Mobile’s cellular network in the United States.

Mobile 144

Mobile Data breaches Telecommunications Passwords 144

Security Affairs

FEBRUARY 27, 2021

The telecommunications giant T-Mobile disclosed a data breach after some of its customers were apparently affected by SIM swap attacks. The telecommunications provider T-Mobile has disclosed a data breach after it became aware that some of its customers were allegedly victims of SIM swap attacks.

Mobile 135

Mobile Data breaches Telecommunications Accountability 135

Security Affairs

MARCH 29, 2025

Crocodilus steals OTP codes from Google Authenticator via Accessibility Logging, enabling account takeovers. “The emergence of the Crocodilus mobile banking Trojan marks a significant escalation in the sophistication and threat level posed by modern malware. ” ThreatFabric concludes.

Banking 69

Banking Mobile Identity Theft Malware 69

SecureWorld News

MARCH 20, 2025

Attackers are mimicking tournament brackets, betting promotions, and registration formstricking users into handing over credentials or linking bank accounts to fraudulent sites. A simple click on what seems like an innocent bracket challenge or promo offer can lead to compromised financial accounts before tipoff.

Scams 84

Scams Social Engineering Mobile Phishing 84

Security Affairs

JANUARY 20, 2023

Bad news for T-Mobile, the company disclosed a new data breach that resulted in the theft of data belonging to 37 customer accounts. T-Mobile suffered a new data breach, threat actor stole the personal information of 37 million current postpaid and prepaid customer accounts.

Data breaches 98

Data breaches Mobile Accountability Telecommunications 98

Security Affairs

DECEMBER 21, 2024

” Recently, The Federal Office for Information Security (BSI) announced it had blocked communication between the 30,000 devices infected with the BadBox malware and the C2. The BadBox malware, pre-installed on devices, creates email and messaging accounts for spreading disinformation.

Firmware 142

Firmware Malware Internet Internet 142

Security Affairs

DECEMBER 21, 2023

More than 22,000 users of Blink Mobility should take the necessary steps to protect themselves against the risk of identity theft. Los Angeles-based electric car-sharing provider Blink Mobility left a misconfigured MongoDB database open to the public. In the wrong hands, this data can be exploited for financial gain.

Mobile 136

Mobile Identity Theft Passwords Phishing 136

Security Affairs

MARCH 28, 2025

. “Preliminary findings indicate that the suspects developed malware called Mamont, which they distributed via Telegram channels under the guise of safe mobile applications and video files. Crooks typically disguise the malicious code as legitimate mobile apps or video files.

Banking 116

Banking Computers and Electronics Mobile Malware 116

Security Boulevard

APRIL 19, 2023

Most executives view mobile applications as a crucial component of their organization’s business strategy. Mobile apps help companies generate revenue, engage with customers and create new business opportunities. The post Rethinking the Status Quo of Mobile App Security appeared first on Security Boulevard.

Mobile 118

Mobile Accountability CISO Information Security 118

Security Affairs

JULY 31, 2024

BingoMod is a new Android malware that can wipe devices after stealing money from the victims’ bank accounts. Researchers at Cleafy discovered a new Android malware, called ‘BingoMod,’ that can wipe devices after successfully stealing money from the victims’ bank accounts.

Banking 142

Banking Accountability Malware Mobile 142

Security Affairs

AUGUST 22, 2021

T-Mobile data breach could be worse than initially thought, an update to the investigation reveals that over 54 million individuals were impacted. T-Mobile data breach could be worse than initially thought, according to an update to the investigation over 54 million customers had their data compromised. ” reads the update.

Data breaches 125

Data breaches Mobile Accountability Phishing 125

Security Affairs

MAY 30, 2022

Experts warn of a new ongoing WhatsApp OTP scam that could allow attackers to hijack users’ accounts through phone calls. Recently CloudSEK founder Rahul Sasi warned of an ongoing WhatsApp OTP scam that could allow threat actors to hijack users’ accounts through phone calls. Follow me on Twitter: @securityaffairs and Facebook.

Scams 145

Scams Accountability Mobile Hacking 145

Security Affairs

DECEMBER 28, 2020

Threat intelligence analyst discovered a threat actor that is selling a database of the Italian mobile service provider Ho mobile. Ho mobile is an Italian mobile telephone service offered by Vodafone Enabler Italia, an Italian virtual mobile telephone operator. ” Bank Security told me.

Mobile 142

Mobile Banking Data breaches Phishing 142

Security Affairs

APRIL 2, 2025

It can steal accounts, send messages, steal crypto, monitor browsing, intercept SMS, and more. ” To protect against malware, experts recommend buying smartphones from authorized distributors and installing security solutions like Kaspersky for Android immediately. 231 banking malware.

Malware 122

Malware Cryptocurrency Mobile Firmware 122

Security Affairs

FEBRUARY 10, 2022

Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims through SIM swapping attacks. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts.

Banking 126

Banking Accountability Mobile Cryptocurrency 126

Security Affairs

SEPTEMBER 15, 2021

Microsoft announced that users can access their consumer accounts without providing passwords and using more secure authentication methods. Microsoft says the feature will be rolled out over the coming weeks, it already provides passwordless methods to enterprise users since March 2021, and plans to roll out it for Azure AD accounts.

Authentication 126

Authentication Accountability Passwords Phishing 126

Security Affairs

DECEMBER 6, 2024

Atrium Health launched an investigation into the security breach and discovered that from January 2015 to July 2019, certain online tracking technologies were active on its MyAtriumHealth (formerly MyCarolinas) Patient Portal, accessible via web and mobile. added Atrium Health. Affected individuals were notified in September.

Data breaches 112

Data breaches Identity Theft Accountability Technology 112

Security Affairs

MARCH 3, 2021

A researcher received a $50,000 bug bounty by Microsoft for having reported a vulnerability that could’ve allowed to hijack any account. Microsoft has awarded the security researcher Laxman Muthiyah $50,000 for reporting a vulnerability that could have allowed anyone to hijack users’ accounts without consent.

Accountability 136

Accountability Passwords Encryption Mobile 136

Security Affairs

SEPTEMBER 6, 2021

Security researcher ValdikSS found malware preinstalled in four low-budget push-button mobile phones available for sale on Russian e-stores. A Russian security researcher that goes online with the name of ValdikSS has found malware preinstalled in four low-budget push-button mobile phones available for sale on Russian e-stores.

Mobile 142

Mobile Malware Firmware Manufacturing 142

Security Affairs

MAY 1, 2023

T-Mobile disclosed the second data breach of 2023, threat actors had access to the personal information of hundreds of customers since February. T-Mobile suffered the second data breach of 2023, threat actors had access to the personal information of hundreds of customers starting in late February 2023.

Data breaches 98

Data breaches Mobile Identity Theft Accountability 98

Security Affairs

MARCH 21, 2025

. — Operation Zero (@opzero_en) March 20, 2025 A zero-day broker like Operation Zero might be willing to pay millions for Telegram exploits for several reasons, including: Government and Intelligence Demand Telegram is widely used for secure communication, including by journalists, activists, dissidents, and political figures.

Government 144

Government Surveillance Mobile Hacking 144

Security Affairs

APRIL 26, 2025

Founded in 1994, it has grown to become Africa’s largest mobile network operator, serving over 290 million subscribers across 18 countries in Africa and the Middle East. The company is also expanding into areas like mobile money and digital entertainment, aiming to become Africas leading digital platform. .”

Data breaches 107

Data breaches Telecommunications Financial Services Mobile 107

Security Affairs

FEBRUARY 2, 2025

This is the latest example of why spyware companies must be held accountable for their unlawful actions. Will Cathcart of WhatsApp called the ruling a major privacy victory, emphasizing accountability for spyware firms after a five-year legal battle. Weve reached out directly to people who we believe were affected.

Spyware 109

Spyware Hacking Surveillance Malware 109

Security Affairs

AUGUST 9, 2021

Experts spotted a new Android trojan, dubbed FlyTrap, that compromised Facebook accounts of over 10,000 users in at least 144 countries since March 2021. Zimperium’s zLabs researchers spotted a new Android trojan, dubbed FlyTrap , that already compromised Facebook accounts of over 10,000 users in at least 144 countries since March 2021.

Accountability 137

Accountability Social Engineering Malware Media 137

Security Affairs

MAY 23, 2023

Google introduced Mobile VRP (vulnerability rewards program), a new bug bounty program for reporting vulnerabilities in its mobile applications. Google announced a new bug bounty program, named Mobile VRP (vulnerability rewards program), that covers its mobile applications.

Mobile 98

Mobile Hacking Accountability Cybersecurity 98

Security Affairs

MAY 10, 2021

WhatsApp will not deactivate the accounts of users who don’t accept the new privacy policy update that requires sharing data with other companies owned by Facebook. WhatsApp on Friday announced that it will not deactivate accounts of users who don’t accept its new privacy policy that will be rolled out on May 15.

Accountability 125

Accountability Mobile Hacking Information Security 125

Security Affairs

JANUARY 20, 2025

The DoNot APT group has been observed misusing the OneSignal platform, which typically provides tools for sending push notifications, in-app messages, emails, and SMS widely used in mobile and web applications. In this case, the group is leveraging OneSignal to deliver phishing links through notifications.

Malware 115

Malware Cyber Attacks Mobile Phishing 115

Daniel Miessler

MARCH 10, 2022

It might have been a text, or it could have been something “strong”, like a mobile authenticator app like Google Authenticator or Authy. Consider switching to FIDO2-based security tokens for securing your most important accounts, e.g., your email account, your banking, etc.

Authentication 364

Authentication Phishing Passwords Accountability 364

Security Affairs

JUNE 24, 2022

. “In some cases, we believe the actors worked with the target’s ISP to disable the target’s mobile data connectivity. “We believe this is the reason why most of the applications masqueraded as mobile carrier applications. ” reads the report published by Google. Follow me on Twitter: @securityaffairs and Facebook.

Surveillance 136

Surveillance Mobile Spyware Telecommunications 136

Security Affairs

DECEMBER 23, 2024

Will Cathcart of WhatsApp called the ruling a major privacy victory, emphasizing accountability for spyware firms after a five-year legal battle. We spent five years presenting our case because we firmly believe that spyware companies could not hide behind immunity or avoid accountability for their unlawful actions.

Spyware 109

Spyware Surveillance Software Hacking 109

Security Affairs

MARCH 10, 2025

“Working with dozens of victims, security researchers Nick Bax and Taylor Monahan found that none of the six-figure cyberheist victims appeared to have suffered the sorts of attacks that typically preface a high-dollar crypto theft, such as the compromise of ones email and/or mobile phone accounts, or SIM-swapping attacks.”

Password Management 88

Password Management Cryptocurrency Passwords Data breaches 88

Daniel Miessler

MAY 14, 2020

Good passwords are long, random, and unique to each account, which means it’s impossible for a human to manage them on their own. Pick either 1Password or LastPass , go through all your accounts, and for each one…reset the password to something created by (and stored in) your password manager. Automatic Logins Using Lastpass.

Risk 345

Risk Passwords Password Management Accountability 345

Security Affairs

NOVEMBER 1, 2024

These animations are widely used in web and mobile applications because they are scalable, smooth, and efficient, typically more compact than traditional image or video formats. The attackers took over an employee’s NPM account through a phishing attack and within an hour published the malicious package.

Cryptocurrency 108

Cryptocurrency Hacking Accountability Mobile 108

Security Affairs

FEBRUARY 20, 2025

The experts believe threat actors exploited the zero-dayCVE-2024-24919 in Check Point Security Gateways with Remote Access VPN or Mobile Access features. “On May 28, 2024 we discovered a vulnerability in Security Gateways with IPsec VPN in Remote Access VPN community and the Mobile Access software blade (CVE-2024-24919).

Healthcare 87

Healthcare Ransomware VPN Malware 87

Zero Day

JUNE 6, 2025

Collectively, they could easily put affected customers at risk for account takeovers and identity theft. million former account holders. This leak reportedly included full names, dates of birth email addresses, mailing addresses, phone numbers, social security numbers, and AT&T account numbers.

Password Management 98

Password Management Passwords Artificial Intelligence Software 98

Security Affairs

FEBRUARY 9, 2023

Researchers reported that the top-of-the-line Android mobile devices sold in China are shipped with malware. The apps were designed to exfiltrate user and device information in a stealthy way, including system info, geolocation, user profile, social relationships, and call history.

Mobile 98

Mobile Malware Surveillance Spyware 98