Security Affairs

NOVEMBER 25, 2024

” An SMS blaster attack is a cyberattack where a large number of malicious or fraudulent SMS messages are sent to mobile devices within a specific area or to a targeted group. SMS blaster attacks can exploit vulnerabilities in mobile networks and typically require proximity to the targeted devices for localized attacks.

Mobile 123

Mobile Scams Technology Telecommunications 123

Security Affairs

JULY 10, 2021

Mint Mobile discloses a data breach, an unauthorized attacker gained access to subscribers’ account information and ported phone numbers. Mint Mobile is an American telecommunications company which sells mobile phone services and operates as an MVNO on T-Mobile’s cellular network in the United States.

Mobile 143

Mobile Data breaches Telecommunications Passwords 143

Security Affairs

FEBRUARY 27, 2021

The telecommunications giant T-Mobile disclosed a data breach after some of its customers were apparently affected by SIM swap attacks. The telecommunications provider T-Mobile has disclosed a data breach after it became aware that some of its customers were allegedly victims of SIM swap attacks.

Mobile 133

Mobile Data breaches Telecommunications Accountability 133

Security Affairs

MARCH 29, 2025

Crocodilus steals OTP codes from Google Authenticator via Accessibility Logging, enabling account takeovers. “The emergence of the Crocodilus mobile banking Trojan marks a significant escalation in the sophistication and threat level posed by modern malware. ” ThreatFabric concludes.

Banking 67

Banking Mobile Identity Theft Malware 67

Security Affairs

JANUARY 20, 2023

Bad news for T-Mobile, the company disclosed a new data breach that resulted in the theft of data belonging to 37 customer accounts. T-Mobile suffered a new data breach, threat actor stole the personal information of 37 million current postpaid and prepaid customer accounts.

Data breaches 98

Data breaches Mobile Accountability Telecommunications 98

SecureWorld News

MARCH 20, 2025

Attackers are mimicking tournament brackets, betting promotions, and registration formstricking users into handing over credentials or linking bank accounts to fraudulent sites. A simple click on what seems like an innocent bracket challenge or promo offer can lead to compromised financial accounts before tipoff.

Scams 79

Scams Social Engineering Mobile Phishing 79

Security Affairs

DECEMBER 21, 2023

More than 22,000 users of Blink Mobility should take the necessary steps to protect themselves against the risk of identity theft. Los Angeles-based electric car-sharing provider Blink Mobility left a misconfigured MongoDB database open to the public. In the wrong hands, this data can be exploited for financial gain.

Mobile 134

Mobile Identity Theft Passwords Phishing 134

Security Boulevard

APRIL 19, 2023

Most executives view mobile applications as a crucial component of their organization’s business strategy. Mobile apps help companies generate revenue, engage with customers and create new business opportunities. The post Rethinking the Status Quo of Mobile App Security appeared first on Security Boulevard.

Mobile 118

Mobile Accountability CISO Information Security 118

Security Affairs

MARCH 28, 2025

. “Preliminary findings indicate that the suspects developed malware called Mamont, which they distributed via Telegram channels under the guise of safe mobile applications and video files. Crooks typically disguise the malicious code as legitimate mobile apps or video files.

Banking 113

Banking Computers and Electronics Mobile Malware 113

Security Affairs

JULY 31, 2024

BingoMod is a new Android malware that can wipe devices after stealing money from the victims’ bank accounts. Researchers at Cleafy discovered a new Android malware, called ‘BingoMod,’ that can wipe devices after successfully stealing money from the victims’ bank accounts.

Banking 141

Banking Accountability Malware Mobile 141

Security Affairs

MAY 30, 2022

Experts warn of a new ongoing WhatsApp OTP scam that could allow attackers to hijack users’ accounts through phone calls. Recently CloudSEK founder Rahul Sasi warned of an ongoing WhatsApp OTP scam that could allow threat actors to hijack users’ accounts through phone calls. Follow me on Twitter: @securityaffairs and Facebook.

Scams 145

Scams Accountability Mobile Hacking 145

Security Affairs

DECEMBER 28, 2020

Threat intelligence analyst discovered a threat actor that is selling a database of the Italian mobile service provider Ho mobile. Ho mobile is an Italian mobile telephone service offered by Vodafone Enabler Italia, an Italian virtual mobile telephone operator. ” Bank Security told me.

Mobile 140

Mobile Banking Data breaches Phishing 140

Security Affairs

AUGUST 22, 2021

T-Mobile data breach could be worse than initially thought, an update to the investigation reveals that over 54 million individuals were impacted. T-Mobile data breach could be worse than initially thought, according to an update to the investigation over 54 million customers had their data compromised. ” reads the update.

Data breaches 123

Data breaches Mobile Accountability Phishing 123

Security Affairs

APRIL 2, 2025

It can steal accounts, send messages, steal crypto, monitor browsing, intercept SMS, and more. ” To protect against malware, experts recommend buying smartphones from authorized distributors and installing security solutions like Kaspersky for Android immediately. 231 banking malware.

Malware 120

Malware Cryptocurrency Mobile Firmware 120

Security Affairs

FEBRUARY 10, 2022

Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims through SIM swapping attacks. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts.

Banking 124

Banking Accountability Mobile Cryptocurrency 124

Security Affairs

SEPTEMBER 15, 2021

Microsoft announced that users can access their consumer accounts without providing passwords and using more secure authentication methods. Microsoft says the feature will be rolled out over the coming weeks, it already provides passwordless methods to enterprise users since March 2021, and plans to roll out it for Azure AD accounts.

Authentication 124

Authentication Accountability Passwords Phishing 124

Security Affairs

DECEMBER 6, 2024

Atrium Health launched an investigation into the security breach and discovered that from January 2015 to July 2019, certain online tracking technologies were active on its MyAtriumHealth (formerly MyCarolinas) Patient Portal, accessible via web and mobile. added Atrium Health. Affected individuals were notified in September.

Data breaches 110

Data breaches Identity Theft Accountability Technology 110

Security Affairs

MARCH 3, 2021

A researcher received a $50,000 bug bounty by Microsoft for having reported a vulnerability that could’ve allowed to hijack any account. Microsoft has awarded the security researcher Laxman Muthiyah $50,000 for reporting a vulnerability that could have allowed anyone to hijack users’ accounts without consent.

Accountability 134

Accountability Passwords Encryption Mobile 134

Security Affairs

MAY 1, 2023

T-Mobile disclosed the second data breach of 2023, threat actors had access to the personal information of hundreds of customers since February. T-Mobile suffered the second data breach of 2023, threat actors had access to the personal information of hundreds of customers starting in late February 2023.

Data breaches 98

Data breaches Mobile Identity Theft Accountability 98

Security Affairs

SEPTEMBER 6, 2021

Security researcher ValdikSS found malware preinstalled in four low-budget push-button mobile phones available for sale on Russian e-stores. A Russian security researcher that goes online with the name of ValdikSS has found malware preinstalled in four low-budget push-button mobile phones available for sale on Russian e-stores.

Mobile 141

Mobile Malware Firmware Manufacturing 141

Security Affairs

MARCH 21, 2025

. — Operation Zero (@opzero_en) March 20, 2025 A zero-day broker like Operation Zero might be willing to pay millions for Telegram exploits for several reasons, including: Government and Intelligence Demand Telegram is widely used for secure communication, including by journalists, activists, dissidents, and political figures.

Government 144

Government Surveillance Mobile Hacking 144

Security Affairs

APRIL 26, 2025

Founded in 1994, it has grown to become Africa’s largest mobile network operator, serving over 290 million subscribers across 18 countries in Africa and the Middle East. The company is also expanding into areas like mobile money and digital entertainment, aiming to become Africas leading digital platform. .”

Data breaches 104

Data breaches Telecommunications Financial Services Mobile 104

Security Affairs

AUGUST 9, 2021

Experts spotted a new Android trojan, dubbed FlyTrap, that compromised Facebook accounts of over 10,000 users in at least 144 countries since March 2021. Zimperium’s zLabs researchers spotted a new Android trojan, dubbed FlyTrap , that already compromised Facebook accounts of over 10,000 users in at least 144 countries since March 2021.

Accountability 135

Accountability Social Engineering Malware Media 135

Security Affairs

MAY 23, 2023

Google introduced Mobile VRP (vulnerability rewards program), a new bug bounty program for reporting vulnerabilities in its mobile applications. Google announced a new bug bounty program, named Mobile VRP (vulnerability rewards program), that covers its mobile applications.

Mobile 98

Mobile Hacking Accountability Cybersecurity 98

Security Affairs

FEBRUARY 2, 2025

This is the latest example of why spyware companies must be held accountable for their unlawful actions. Will Cathcart of WhatsApp called the ruling a major privacy victory, emphasizing accountability for spyware firms after a five-year legal battle. Weve reached out directly to people who we believe were affected.

Spyware 107

Spyware Hacking Surveillance Malware 107

Security Affairs

MAY 10, 2021

WhatsApp will not deactivate the accounts of users who don’t accept the new privacy policy update that requires sharing data with other companies owned by Facebook. WhatsApp on Friday announced that it will not deactivate accounts of users who don’t accept its new privacy policy that will be rolled out on May 15.

Accountability 123

Accountability Mobile Hacking Information Security 123

Daniel Miessler

MARCH 10, 2022

It might have been a text, or it could have been something “strong”, like a mobile authenticator app like Google Authenticator or Authy. Consider switching to FIDO2-based security tokens for securing your most important accounts, e.g., your email account, your banking, etc.

Authentication 364

Authentication Phishing Passwords Accountability 364

Security Affairs

JANUARY 20, 2025

The DoNot APT group has been observed misusing the OneSignal platform, which typically provides tools for sending push notifications, in-app messages, emails, and SMS widely used in mobile and web applications. In this case, the group is leveraging OneSignal to deliver phishing links through notifications.

Malware 113

Malware Cyber Attacks Mobile Phishing 113

Security Affairs

JUNE 24, 2022

. “In some cases, we believe the actors worked with the target’s ISP to disable the target’s mobile data connectivity. “We believe this is the reason why most of the applications masqueraded as mobile carrier applications. ” reads the report published by Google. Follow me on Twitter: @securityaffairs and Facebook.

Surveillance 134

Surveillance Mobile Spyware Telecommunications 134

Security Affairs

DECEMBER 23, 2024

Will Cathcart of WhatsApp called the ruling a major privacy victory, emphasizing accountability for spyware firms after a five-year legal battle. We spent five years presenting our case because we firmly believe that spyware companies could not hide behind immunity or avoid accountability for their unlawful actions.

Spyware 108

Spyware Surveillance Software Hacking 108

Daniel Miessler

MAY 14, 2020

Good passwords are long, random, and unique to each account, which means it’s impossible for a human to manage them on their own. Pick either 1Password or LastPass , go through all your accounts, and for each one…reset the password to something created by (and stored in) your password manager. Automatic Logins Using Lastpass.

Risk 345

Risk Passwords Password Management Accountability 345

Security Affairs

MARCH 10, 2025

“Working with dozens of victims, security researchers Nick Bax and Taylor Monahan found that none of the six-figure cyberheist victims appeared to have suffered the sorts of attacks that typically preface a high-dollar crypto theft, such as the compromise of ones email and/or mobile phone accounts, or SIM-swapping attacks.”

Password Management 86

Password Management Cryptocurrency Passwords Data breaches 86

Security Affairs

FEBRUARY 9, 2023

Researchers reported that the top-of-the-line Android mobile devices sold in China are shipped with malware. The apps were designed to exfiltrate user and device information in a stealthy way, including system info, geolocation, user profile, social relationships, and call history.

Mobile 98

Mobile Malware Surveillance Spyware 98

Security Affairs

FEBRUARY 20, 2025

The experts believe threat actors exploited the zero-dayCVE-2024-24919 in Check Point Security Gateways with Remote Access VPN or Mobile Access features. “On May 28, 2024 we discovered a vulnerability in Security Gateways with IPsec VPN in Remote Access VPN community and the Mobile Access software blade (CVE-2024-24919).

Healthcare 84

Healthcare Ransomware VPN Malware 84

Security Affairs

SEPTEMBER 24, 2022

The cyber department of Ukraine ‘s Security Service (SSU) dismantled a gang that stole accounts of about 30 million individuals. The cyber department of Ukraine ‘s Security Service (SSU) has taken down a group of hackers that is behind the theft of about 30 million individuals. ” concludes the SSU.

Accountability 98

Accountability Computers and Electronics Hacking Mobile 98

Security Affairs

OCTOBER 30, 2024

The malware allows operators to steal bank users’ sensitive information and money from their bank accounts. FakeCall is a banking trojan that uses voice phishing by impersonating banks in fraudulent calls to obtain sensitive information from victims.

Banking 130

Banking Malware Accountability Phishing 130

Security Affairs

JANUARY 22, 2023

Roaming Mantis threat actors were observed using a new variant of their mobile malware Wroba to hijack DNS settings of Wi-Fi routers. Researchers from Kaspersky observed Roaming Mantis threat actors using an updated variant of their mobile malware Wroba to compromise Wi-Fi routers and hijack DNS settings. Agent.eq (a.k.a

DNS 98

DNS Mobile Malware Hacking 98