Pairwise Authentication of Humans
Schneier on Security
FEBRUARY 10, 2025
If the code matches what Alice has on her own phone, then Alice has more confidence that she is speaking with the real Bob.
This site uses cookies to improve your experience. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country, we will assume you are from the United States. Select your Cookie Settings or view our Privacy Policy and Terms of Use.
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Used for the proper function of the website
Used for monitoring website traffic and interactions
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Schneier on Security
FEBRUARY 10, 2025
If the code matches what Alice has on her own phone, then Alice has more confidence that she is speaking with the real Bob.
SecureList
MARCH 3, 2025
million attacks involving malware, adware or unwanted mobile software were prevented. Adware, the most common mobile threat, accounted for 35% of total detections. million malicious and potentially unwanted installation packages were detected, almost 69,000 of which associated with mobile banking Trojans. A total of 1.1
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
DECEMBER 6, 2024
The company’s Mobile Threat Hunting feature uses a combination of malware signature-based detection, heuristics, and machine learning to look for anomalies in iOS and Android device activity or telltale signs of spyware infection. This tool seems to do a pretty good job. Free users can use the tool once a month.
Security Boulevard
JANUARY 27, 2025
Postal Service, in phishing campaign targeting mobile device users in hope that victims will divulge credentials and personal information, Zimperium researchers say. The post Hackers Use Malicious PDFs, pose as USPS in Mobile Phishing Scam appeared first on Security Boulevard.
Security Affairs
NOVEMBER 18, 2024
T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies. T-Mobile confirms it was hacked as part of a long-running cyber espionage campaign targeting Telco companies. The bad news is that this isn’t the first incident suffered by T-Mobile.
Security Affairs
NOVEMBER 28, 2024
T-Mobile reported recent infiltration attempts but pointed out that threat actors had no access to its systems and no sensitive data was compromised. T-Mobile detected recent infiltration attempts but confirmed no unauthorized system access occurred, and no sensitive data was compromised. This is not the case at T-Mobile.”
Schneier on Security
NOVEMBER 27, 2024
Legal documents released in ongoing US litigation between NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons maker and not its government customers is the party that “installs and extracts” information from mobile phones targeted by the company’s hacking software.
Krebs on Security
FEBRUARY 6, 2025
New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three “free” downloads for Apple and Google devices since their debut on Jan.
Krebs on Security
JANUARY 16, 2025
Those who fall for the scam are asked to provide payment card data, and eventually will be asked to supply a one-time password sent via SMS or a mobile authentication app. Notably, none of the phishing pages will even load unless the website detects that the visitor is coming from a mobile device.
Krebs on Security
APRIL 10, 2025
China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. If the visitor supplies that one-time code, their payment card is then added to a new mobile wallet on an Apple or Google device that is physically controlled by the phishers.
Krebs on Security
MARCH 21, 2025
states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. If you own a mobile phone, the chances are excellent that at some point in the past two years it has received at least one phishing message that spoofs the U.S. Image: WLVT-8.
Security Boulevard
MAY 1, 2025
Zimperium, this week during the 2025 RSA Conference, shared an analysis of mobile computing environments that finds more than 60% of iOS and 34% of Android apps lack basic code protection, with nearly 60% of iOS and 43% of Android apps also vulnerable to leaking personally identifiable information (PII).
Cisco Security
APRIL 3, 2025
Cisco is the sole supplier of network services to Mobile World Congress, expanding into security and observability, with Splunk.
Webroot
MAY 9, 2025
Photo credit: TextMagic Mobile security checklist Most of us use our phones for everything – banking, shopping, messaging, and storing personal information. Here are some tips to help you strengthen your mobile security against text scams and other types of fraud. Always take a moment to think critically before acting.
SecureList
NOVEMBER 29, 2024
Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. IT threat evolution in Q3 2024 IT threat evolution in Q3 2024.
Zero Day
MAY 9, 2025
For the first time, T-Mobile is offering a free iPhone 16 Pro (no trade-in required) when you sign up for their Experience Beyond plan.
Schneier on Security
NOVEMBER 26, 2024
which are two recently released versions of Apple’s mobile operating system, according to documents describing the tool’s capabilities in granular detail obtained by 404 Media. The documents do not appear to contain information about what Graykey can access from the public release of iOS 18.1, which was released on October 28.
Krebs on Security
DECEMBER 3, 2024
Interisle sources data about cybercrime domains from anti-spam organizations, including the Anti-Phishing Working Group (APWG), the Coalition Against Unsolicited Commercial Email (CAUCE), and the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG).
Security Affairs
MARCH 29, 2025
“The emergence of the Crocodilus mobile banking Trojan marks a significant escalation in the sophistication and threat level posed by modern malware. Crocodilus tricks victims into revealing their seed phrase by displaying a fake warning, then logs the text via Accessibility features to steal and drain crypto wallets.
Malwarebytes
APRIL 3, 2025
Up to one in five of the most popular mobile VPNs for iOS last year are owned by Chinese companies that do their best to hide the fact. Mobile VPNs are apps that connect your smartphone to the internet via different computers around the world. The company developed several mobile apps for Innovative Connecting Pte.
Krebs on Security
NOVEMBER 1, 2024
KrebsOnSecurity last week heard from a reader whose close friend received a targeted phishing message within the Booking mobile app just minutes after making a reservation at a California. ” The phony booking.com website generated by visiting the link in the text message.
Security Affairs
NOVEMBER 25, 2024
” An SMS blaster attack is a cyberattack where a large number of malicious or fraudulent SMS messages are sent to mobile devices within a specific area or to a targeted group. SMS blaster attacks can exploit vulnerabilities in mobile networks and typically require proximity to the targeted devices for localized attacks.
The Last Watchdog
MAY 1, 2025
Approov: Securing cloud-mobile APIs Ted Miracco, CEO of Approov, painted a vivid picture of modern mobile risk: Your mobile app is under attack the moment it talks to the cloud especially over public Wi-Fi. The moment an intruder touches one, high-fidelity alerts are triggered. Approovs solution?
Krebs on Security
APRIL 29, 2024
Federal Communications Commission (FCC) today levied fines totaling nearly $200 million against the four major carriers — including AT&T , Sprint , T-Mobile and Verizon — for illegally sharing access to customers’ location information without consent.
Security Affairs
OCTOBER 22, 2024
A vulnerability resides in Samsung mobile processors and according to the experts, it has been chained with other vulnerabilities to achieve arbitrary code execution on vulnerable devices. The vulnerability is a use-after-free issue, attackers could exploit the flaw to escalate privileges on a vulnerable Android device.
eSecurity Planet
FEBRUARY 26, 2025
Cybercriminals are shifting their focus from emails to text messages, using mishing a more deceptive form of phishing to target mobile users and infiltrate corporate networks, according to new security research by Zimperium. Zimperium found that mishing activity peaked in August 2024, with over 1,000 daily attacks recorded. What is mishing?
Krebs on Security
DECEMBER 29, 2024
Much of my summer was spent reporting a story about how advertising and marketing firms have created a global free-for-all where anyone can track the daily movements and associations of hundreds of millions of mobile devices , thanks to the ubiquity of mobile location data that is broadly and cheaply available.
Security Affairs
OCTOBER 17, 2024
VMWare warns to address a remote code execution vulnerability, tracked as CVE-2024-38814 (CVSS score of 8.8), in its HCX application mobility platform. ” VMware HCX (Hybrid Cloud Extension) is a workload mobility platform designed to simplify the migration, rebalancing, and continuity of workloads across data centers and clouds.
Schneier on Security
NOVEMBER 13, 2024
The mobile scanners on cars are not mapped. DeFlock is a crowd-sourced project to map license plate scanners. It only records the fixed scanners, of course. The post Mapping License Plate Scanners in the US appeared first on Schneier on Security.
Malwarebytes
APRIL 3, 2025
Not one but several worried parents that tracked their children by using T-Mobile tracking devices suddenly found that they were looking at the location of random other children. T-Mobile sells a small GPS tracker called SyncUP , which can be used to track, among others, the locations of young children who dont have cell phones yet.
NSTIC
NOVEMBER 13, 2024
If you are interested in the world of digital identities, you have probably heard some of the buzzwords that have been floating around for a few years now… “verifiable credential,” “digital wallet,” “mobile driver’s license” or “mDL.” But what exactly is a verifiable digital credential?
Malwarebytes
FEBRUARY 11, 2025
They started developing entire mobile apps on Android that could provide the same level of theft. These decoy apps are often hosted on less popular mobile app stores, as the protections of the Google Play store often flag and remove these apps, should they ever sneak onto the marketplace. A low number of reviews may signal a decoy app.
Security Affairs
MARCH 28, 2025
. “Preliminary findings indicate that the suspects developed malware called Mamont, which they distributed via Telegram channels under the guise of safe mobile applications and video files. Crooks typically disguise the malicious code as legitimate mobile apps or video files.
Security Affairs
APRIL 19, 2025
Threat actors are actively exploiting a remote code execution flaw in SonicWall Secure Mobile Access (SMA) appliances since January 2025. Arctic Wolf researchers warn that threat actors actively exploit a vulnerability, tracked as CVE-2021-20035 (CVSS score of 7.1), in SonicWall Secure Mobile Access (SMA) since at least January 2025.
Zero Day
MAY 15, 2025
The Lenovo Tab M9 is a solid tablet for watching shows and movies. The best part? It's very affordable.
Krebs on Security
NOVEMBER 21, 2024
technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. Image: Amitai Cohen twitter.com/amitaico.
Malwarebytes
FEBRUARY 27, 2025
Combining official-looking Google search ads with specially-crafted PayPal pay links, makes this scheme particularly dangerous on mobile devices due to their screen size limitation and likelihood of not having security software. There are also security solutions that can block ads and malicious links, such as Malwarebytes for mobile devices.
Malwarebytes
MAY 1, 2025
Google said attackers are having less success targeting browsers and mobile operating systems. In particular, exploitation of browsers and mobile devices was far lower this year than last. In 2022, it found 63 zero-day exploits, and the year before that it was 95, but 2019 and 2020 both showed just 31 zero-day exploits each.
Security Affairs
APRIL 16, 2025
” In September, security researchers from G DATA discovered more than two dozen Android mobile phones from different manufacturers already infected by pre-installed malware. .” concludes the report that includes indicators of compromise (IoCs).
Malwarebytes
FEBRUARY 28, 2025
By definition, stalkerware is a term used to describe the toolssoftware programs and mobile appsthat enable someone to secretly spy on another persons private life via their mobile device. In the past we have written about similar problems with: mSpy , a mobile monitoring app which suffered multiple data breaches.
Krebs on Security
OCTOBER 17, 2024
At the same time, AnonSudan announced it was attacking the APIs that power Israel’s widely-used “red alert” mobile apps that warn residents about any incoming rocket attacks in their area. As Hamas fighters broke through the border fence and attacked Israel on Oct. 7, 2023, a wave of rockets was launched into Israel.
Security Affairs
OCTOBER 28, 2024
million mobile and fixed subscribers. “This suspected data breach reportedly affects Free Mobile and Freebox customers, with the data leak dating back to October 17, 2024, according to the cybercriminals.” Free S.A.S. is a French telecommunications company, subsidiary of Iliad S.A. ” wrote the cyber evangelist SaxX.
The Hacker News
MAY 8, 2025
SonicWall has released patches to address three security flaws affecting SMA 100 Secure Mobile Access (SMA) appliances that could be fashioned to result in remote code execution.
Schneier on Security
MARCH 7, 2025
It runs on a $20 mobile hotspot. The EFF has created an open-source hardware tool to detect IMSI catchers: fake cell phone towers that are used for mass surveillance of an area.
Expert insights. Personalized for you.
We have resent the email to
Are you sure you want to cancel your subscriptions?
Let's personalize your content