Pairwise Authentication of Humans
Schneier on Security
FEBRUARY 10, 2025
If the code matches what Alice has on her own phone, then Alice has more confidence that she is speaking with the real Bob.
Mobile Related Topics 
T-Mobile is one of the victims of the massive Chinese breach of telecom firms
Security Affairs
NOVEMBER 18, 2024
T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies. T-Mobile confirms it was hacked as part of a long-running cyber espionage campaign targeting Telco companies. The bad news is that this isn’t the first incident suffered by T-Mobile.
Join 28,000+
Insiders
Sign Up for our Newsletter
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Trending Sources
Mobile malware evolution in 2024
SecureList
MARCH 3, 2025
million attacks involving malware, adware or unwanted mobile software were prevented. Adware, the most common mobile threat, accounted for 35% of total detections. million malicious and potentially unwanted installation packages were detected, almost 69,000 of which associated with mobile banking Trojans. A total of 1.1
T-Mobile detected network intrusion attempts and blocked them
Security Affairs
NOVEMBER 28, 2024
T-Mobile reported recent infiltration attempts but pointed out that threat actors had no access to its systems and no sensitive data was compromised. T-Mobile detected recent infiltration attempts but confirmed no unauthorized system access occurred, and no sensitive data was compromised. This is not the case at T-Mobile.”
Experts Flag Security, Privacy Risks in DeepSeek AI App
Krebs on Security
FEBRUARY 6, 2025
New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three “free” downloads for Apple and Google devices since their debut on Jan.
China-based SMS Phishing Triad Pivots to Banks
Krebs on Security
APRIL 10, 2025
China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. If the visitor supplies that one-time code, their payment card is then added to a new mobile wallet on an Apple or Google device that is physically controlled by the phishers.
Hackers Use Malicious PDFs, pose as USPS in Mobile Phishing Scam
Security Boulevard
JANUARY 27, 2025
Postal Service, in phishing campaign targeting mobile device users in hope that victims will divulge credentials and personal information, Zimperium researchers say. The post Hackers Use Malicious PDFs, pose as USPS in Mobile Phishing Scam appeared first on Security Boulevard.
IT threat evolution in Q3 2024. Mobile statistics
SecureList
NOVEMBER 29, 2024
Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics Quarterly figures According to Kaspersky Security Network, in Q3 2024: As many as 6.7 million attacks involving malware, adware or potentially unwanted mobile apps were prevented. 1576 packages were mobile ransomware Trojans.
Detecting Pegasus Infections
Schneier on Security
DECEMBER 6, 2024
The company’s Mobile Threat Hunting feature uses a combination of malware signature-based detection, heuristics, and machine learning to look for anomalies in iOS and Android device activity or telltale signs of spyware infection. This tool seems to do a pretty good job. Free users can use the tool once a month.
Chinese Innovations Spawn Wave of Toll Phishing Via SMS
Krebs on Security
JANUARY 16, 2025
Those who fall for the scam are asked to provide payment card data, and eventually will be asked to supply a one-time password sent via SMS or a mobile authentication app. Notably, none of the phishing pages will even load unless the website detects that the visitor is coming from a mobile device.
NSO Group Spies on People on Behalf of Governments
Schneier on Security
NOVEMBER 27, 2024
Legal documents released in ongoing US litigation between NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons maker and not its government customers is the party that “installs and extracts” information from mobile phones targeted by the company’s hacking software.
IT threat evolution in Q3 2024. Non-mobile statistics
SecureList
NOVEMBER 29, 2024
Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. IT threat evolution in Q3 2024 IT threat evolution in Q3 2024.
Arrests in Tap-to-Pay Scheme Powered by Phishing
Krebs on Security
MARCH 21, 2025
states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. If you own a mobile phone, the chances are excellent that at some point in the past two years it has received at least one phishing message that spoofs the U.S. Image: WLVT-8.
Why Phishers Love New TLDs Like.shop,top and.xyz
Krebs on Security
DECEMBER 3, 2024
Interisle sources data about cybercrime domains from anti-spam organizations, including the Anti-Phishing Working Group (APWG), the Coalition Against Unsolicited Commercial Email (CAUCE), and the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG).
Mobile security matters: Protecting your phone from text scams
Webroot
MAY 9, 2025
Photo credit: TextMagic Mobile security checklist Most of us use our phones for everything – banking, shopping, messaging, and storing personal information. Here are some tips to help you strengthen your mobile security against text scams and other types of fraud. Always take a moment to think critically before acting.
Malwarebytes earns MRG Effitas Android 360° Certificate for mobile threat detection
Malwarebytes
AUGUST 7, 2025
Our research showed that half of mobile users face scam attempts daily, and two-thirds admit it’s difficult to spot the difference between a scam and the real thing. There’s no doubt that people should be protecting their mobile devices in the same way they protect their computers. But we’re not stopping there.
What Graykey Can and Can’t Unlock
Schneier on Security
NOVEMBER 26, 2024
which are two recently released versions of Apple’s mobile operating system, according to documents describing the tool’s capabilities in granular detail obtained by 404 Media. The documents do not appear to contain information about what Graykey can access from the public release of iOS 18.1, which was released on October 28.
Experts warn of the new sophisticate Crocodilus mobile banking Trojan
Security Affairs
MARCH 29, 2025
“The emergence of the Crocodilus mobile banking Trojan marks a significant escalation in the sophistication and threat level posed by modern malware. Crocodilus tricks victims into revealing their seed phrase by displaying a fake warning, then logs the text via Accessibility features to steal and drain crypto wallets.
Booking.com Phishers May Leave You With Reservations
Krebs on Security
NOVEMBER 1, 2024
KrebsOnSecurity last week heard from a reader whose close friend received a targeted phishing message within the Booking mobile app just minutes after making a reservation at a California. ” The phony booking.com website generated by visiting the link in the text message.
How to Lose a Fortune with Just One Bad Click
Krebs on Security
DECEMBER 18, 2024
A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over the account by convincing him to click “yes” to a Google prompt on his mobile device.
Here's how to get a free iPhone 16 Pro from T-Mobile with no trade-in required
Zero Day
MAY 9, 2025
For the first time, T-Mobile is offering a free iPhone 16 Pro (no trade-in required) when you sign up for their Experience Beyond plan.
Thai police arrested Chinese hackers involved in SMS blaster attacks
Security Affairs
NOVEMBER 25, 2024
” An SMS blaster attack is a cyberattack where a large number of malicious or fraudulent SMS messages are sent to mobile devices within a specific area or to a targeted group. SMS blaster attacks can exploit vulnerabilities in mobile networks and typically require proximity to the targeted devices for localized attacks.
Sophos and SonicWall Patch Critical RCE Flaws Affecting Firewalls and SMA 100 Devices
The Hacker News
JULY 24, 2025
Sophos and SonicWall have alerted users of critical security flaws in Sophos Firewall and Secure Mobile Access (SMA) 100 Series appliances that could be exploited to achieve remote code execution.
Happy 15th Anniversary, KrebsOnSecurity!
Krebs on Security
DECEMBER 29, 2024
Much of my summer was spent reporting a story about how advertising and marketing firms have created a global free-for-all where anyone can track the daily movements and associations of hundreds of millions of mobile devices , thanks to the ubiquity of mobile location data that is broadly and cheaply available.
Feds Charge Five Men in ‘Scattered Spider’ Roundup
Krebs on Security
NOVEMBER 21, 2024
technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. Image: Amitai Cohen twitter.com/amitaico.
Sudanese Brothers Arrested in ‘AnonSudan’ Takedown
Krebs on Security
OCTOBER 17, 2024
At the same time, AnonSudan announced it was attacking the APIs that power Israel’s widely-used “red alert” mobile apps that warn residents about any incoming rocket attacks in their area. As Hamas fighters broke through the border fence and attacked Israel on Oct. 7, 2023, a wave of rockets was launched into Israel.
Samsung zero-day flaw actively exploited in the wild
Security Affairs
OCTOBER 22, 2024
A vulnerability resides in Samsung mobile processors and according to the experts, it has been chained with other vulnerabilities to achieve arbitrary code execution on vulnerable devices. The vulnerability is a use-after-free issue, attackers could exploit the flaw to escalate privileges on a vulnerable Android device.
SK Telecom revealed that malware breach began in 2022
Security Affairs
MAY 20, 2025
South Korean mobile network operator SK Telecom revealed that the security breach disclosed in April began in 2022. SK Telecom is South Koreas largest wireless telecom company, a major player in the countrys mobile and tech landscape. The telecom giant detected an infection of its systems at 11 PM on Saturday, April 19, 2025.
Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps
Security Affairs
APRIL 16, 2025
” In September, security researchers from G DATA discovered more than two dozen Android mobile phones from different manufacturers already infected by pre-installed malware. .” concludes the report that includes indicators of compromise (IoCs).
Attackers exploited SonicWall SMA appliances since January 2025
Security Affairs
APRIL 19, 2025
Threat actors are actively exploiting a remote code execution flaw in SonicWall Secure Mobile Access (SMA) appliances since January 2025. Arctic Wolf researchers warn that threat actors actively exploit a vulnerability, tracked as CVE-2021-20035 (CVSS score of 7.1), in SonicWall Secure Mobile Access (SMA) since at least January 2025.
Popular VPNs are routing traffic via Chinese companies, including one with link to military
Malwarebytes
APRIL 3, 2025
Up to one in five of the most popular mobile VPNs for iOS last year are owned by Chinese companies that do their best to hide the fact. Mobile VPNs are apps that connect your smartphone to the internet via different computers around the world. The company developed several mobile apps for Innovative Connecting Pte.
Malicious QR codes sent in the mail deliver malware
Malwarebytes
NOVEMBER 15, 2024
And QR codes get typically read by mobile devices, which—unfortunately—still get overlooked when it comes to installing security software. Use anti-malware protection on your devices Your mobile devices are in need of protection just as much as your computer. Using QR codes in snail mail offers the criminals a few advantages.
World Backup Day: A Clarion Call for Cyber Resilience
SecureWorld News
MARCH 31, 2025
Don't overlook mobile and shadow data Modern IT environments extend well beyond servers and cloud storage. Tim Roddy, VP of Product Advocacy at Zimperium, points to a growing blind spot, saying, "Cybercriminals now take on a mobile-first attack strategy targeting mobile devices with sophisticated threats."
U.S. Lawmakers Push to Ban DeepSeek from Government Devices
SecureWorld News
FEBRUARY 6, 2025
The move comes amid growing concerns that DeepSeek's generative AI capabilities pose a national security risk due to its direct links to the Chinese Communist Party (CCP) and China Mobile, a Chinese government-owned entity already banned by the U.S. Federal Communications Commission (FCC) for security concerns.
March Madness Meets Cyber Mayhem: How Cybercriminals Are Playing Offense this Season
SecureWorld News
MARCH 20, 2025
Mobile madness: the sneaky side of cyber scams With fans constantly checking scores, streaming games, and logging into betting apps, mobile devices are a major attack surface. Enterprises must take a mobile-first approach to security, ensuring threats are detected in real-time before they impact users or corporate networks."
Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware
Security Affairs
DECEMBER 16, 2024
. “While activists have long expressed concerns about spyware infections occurring during police interviews, Amnesty International believes that this report describes the first forensically documented spyware infections enabled by the use of Cellebrite mobile forensic technology.”
U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit
Security Affairs
DECEMBER 23, 2024
Court documents state that on October 29, 2019, plaintiffs filed this lawsuit, alleging that the defendants used WhatsApp to target approximately 1,400 mobile phones and devices to infect them with the surveillance software.
Unauthorized data access vulnerability in macOS is detailed by Microsoft
Malwarebytes
OCTOBER 18, 2024
It is important to note that this vulnerability would only impact Mobile Device Management (MDM) managed devices. MDM managed devices are typically subject to centralized management and security policies set by the organization’s IT department.
VMware fixes high-severity SQL injection flaw CVE-2024-38814 in HCX
Security Affairs
OCTOBER 17, 2024
VMWare warns to address a remote code execution vulnerability, tracked as CVE-2024-38814 (CVSS score of 8.8), in its HCX application mobility platform. ” VMware HCX (Hybrid Cloud Extension) is a workload mobility platform designed to simplify the migration, rebalancing, and continuity of workloads across data centers and clouds.
Russian authorities arrest three suspects behind Mamont Android banking trojan
Security Affairs
MARCH 28, 2025
. “Preliminary findings indicate that the suspects developed malware called Mamont, which they distributed via Telegram channels under the guise of safe mobile applications and video files. Crooks typically disguise the malicious code as legitimate mobile apps or video files.
France’s second-largest telecoms provider Free suffered a cyber attack
Security Affairs
OCTOBER 28, 2024
million mobile and fixed subscribers. “This suspected data breach reportedly affects Free Mobile and Freebox customers, with the data leak dating back to October 17, 2024, according to the cybercriminals.” Free S.A.S. is a French telecommunications company, subsidiary of Iliad S.A. ” wrote the cyber evangelist SaxX.
Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment
Security Affairs
OCTOBER 21, 2024
IntelBroker targeted many major organizations in past attacks, including AMD , AT&T, Bank of America, Microsoft, Europol , SAP, T-Mobile, Verizon, and others. The company has disabled public access to the site while we continue the investigation.
Future-Proof Your WordPress Site: Essential Plugins for 2025
IT Security Guru
JANUARY 22, 2025
The Evolving Web Landscape Before we dive into the plugins, let’s look at some website basics that are so crucial in 2025: Mobile-First Indexing: Google loves mobile-friendly websites. Equal attention should be given to both desktop and mobile experiences. Your site needs to be responsive and perform well on all devices.
New Triada Trojan comes preinstalled on Android devices
Security Affairs
APRIL 2, 2025
The Triada Trojan was spotted for the first time in 2016 by researchers at Kaspersky Lab who considered it the most advanced mobile threat seen to the date of the discovery. Researchers at Dr.Web discovered the Triada Trojan pre-installed on newly shipped devices of several minor brands, including Advan, Cherry Mobile, Doogee, and Leagoo.
Let's personalize your content