Mobile and Risk - Cyber Security Informer

Experts Flag Security, Privacy Risks in DeepSeek AI App

Krebs on Security

FEBRUARY 6, 2025

New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three “free” downloads for Apple and Google devices since their debut on Jan. “To mitigate these risks, the House has taken security measures to restrict DeepSeeks functionality on all House-issued devices.”

Risk

Risk Artificial Intelligence Mobile Encryption

Pairwise Authentication of Humans

Schneier on Security

FEBRUARY 10, 2025

To mitigate that risk, I have developed this simple solution where you can setup a unique time-based one-time passcode (TOTP) between any pair of persons. Here’s an easy system for two humans to remotely authenticate to each other, so they can be sure that neither are digital impersonations.

Authentication

Authentication Mobile Risk

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies. T-Mobile confirms it was hacked as part of a long-running cyber espionage campaign targeting Telco companies. The security breach poses a major national security risk. and international telecom firms.

Mobile

Mobile Telecommunications Data breaches Hacking

T-Mobile detected network intrusion attempts and blocked them

Security Affairs

NOVEMBER 28, 2024

T-Mobile reported recent infiltration attempts but pointed out that threat actors had no access to its systems and no sensitive data was compromised. T-Mobile detected recent infiltration attempts but confirmed no unauthorized system access occurred, and no sensitive data was compromised. This is not the case at T-Mobile.”

Mobile

Mobile Telecommunications Government Internet

IT threat evolution in Q3 2024. Non-mobile statistics

SecureList

NOVEMBER 29, 2024

Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. IT threat evolution in Q3 2024 IT threat evolution in Q3 2024.

Mobile

Mobile Adware Ransomware Malware

IBM Addresses AI, Quantum Security Risks with New Platform

Security Boulevard

OCTOBER 23, 2024

The post IBM Addresses AI, Quantum Security Risks with New Platform appeared first on Security Boulevard. IBM is rolling out Guardian Data Security Center, a framework designed to give enterprises the tools they need to address the emerging cyberthreats that come the ongoing development of generative AI and quantum computing.

Risk

Risk Data privacy Mobile Government

Flaw in Verizon call record requests put millions of Americans at risk

Malwarebytes

APRIL 4, 2025

For people in a domestic abuse situation, public figures, or those of interest to resourceful cyberattackers, a history of calls and frequent callers falling in the wrong hands can put people at physical risk or even compromise national security. Follow the steps to disable Call Filter.

Risk

Risk Wireless Mobile Telecommunications

Taiwan flags security risks in popular Chinese apps after official probe

Security Affairs

JULY 7, 2025

Taiwan warns Chinese apps like TikTok and WeChat pose security risks due to excessive data collection and data transfers to China. The public is advised to exercise caution when choosing mobile apps.” These apps pose cybersecurity risks beyond normal data practices. ” reads the NSB’s announcement. Using the v4.0

Risk

Risk Data collection InfoSec Mobile

U.S. Lawmakers Push to Ban DeepSeek from Government Devices

SecureWorld News

FEBRUARY 6, 2025

The move comes amid growing concerns that DeepSeek's generative AI capabilities pose a national security risk due to its direct links to the Chinese Communist Party (CCP) and China Mobile, a Chinese government-owned entity already banned by the U.S. Federal Communications Commission (FCC) for security concerns. What's next?

Government

Government Artificial Intelligence Data privacy Mobile

Popular VPNs are routing traffic via Chinese companies, including one with link to military

Malwarebytes

APRIL 3, 2025

Up to one in five of the most popular mobile VPNs for iOS last year are owned by Chinese companies that do their best to hide the fact. Mobile VPNs are apps that connect your smartphone to the internet via different computers around the world. The company developed several mobile apps for Innovative Connecting Pte.

VPN

VPN Mobile Government Technology

Apple AirPlay SDK devices at risk of takeover—make sure you update

Malwarebytes

MAY 1, 2025

Researchers found a set of vulnerabilities in Apples AirPlay SDK that put billions of users at risk of their devices being taking over. On top of that, these vulnerabilities may allow unauthorized access to sensitive data and local files, making them a serious risk that demands immediate attention.

Risk

Risk Wireless Software Mobile

44% of people encounter a mobile scam every single day, Malwarebytes finds

Malwarebytes

JUNE 10, 2025

Confusingly, even legitimate businesses now lean on outreach tactics that have long been favored by online scammers—asking people to scan QR codes, download mobile apps, and trade direct messages with, essentially, strangers. READ THE REPORT Here are some of the key findings: 77% of people worry about mobile scams and threats.

Scams

Scams Mobile Identity Theft Social Engineering

SK Telecom revealed that malware breach began in 2022

Security Affairs

MAY 20, 2025

South Korean mobile network operator SK Telecom revealed that the security breach disclosed in April began in 2022. SK Telecom is South Koreas largest wireless telecom company, a major player in the countrys mobile and tech landscape. The telecom giant detected an infection of its systems at 11 PM on Saturday, April 19, 2025.

Malware

Malware Mobile Data breaches Wireless

World Backup Day: A Clarion Call for Cyber Resilience

SecureWorld News

MARCH 31, 2025

Encryption and automation reduce the risk of human error and ensure consistency. Don't overlook mobile and shadow data Modern IT environments extend well beyond servers and cloud storage. He advocates for proactive mobile threat defense to protect data before it ever reaches backup systems.

Backups

Backups Encryption Mobile CISO

MY TAKE: RSAC 2025 – Conversing with vendors hanging out in the Marriott Marquis mezzanine

The Last Watchdog

MAY 1, 2025

Approov: Securing cloud-mobile APIs Ted Miracco, CEO of Approov, painted a vivid picture of modern mobile risk: Your mobile app is under attack the moment it talks to the cloud especially over public Wi-Fi. The moment an intruder touches one, high-fidelity alerts are triggered. Approovs solution? Bottom line?

Mobile

Mobile Government CISO Technology

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

eSecurity Planet

NOVEMBER 6, 2024

This breach has exposed residents to potential risks like identity theft and financial fraud, compounding the urgency for more robust cybersecurity measures in the public sector. Businesses that handle customer data or interact with city networks are now faced with heightened risks.

Ransomware

Ransomware Authentication Identity Theft Penetration Testing

Malicious QR codes sent in the mail deliver malware

Malwarebytes

NOVEMBER 15, 2024

And QR codes get typically read by mobile devices, which—unfortunately—still get overlooked when it comes to installing security software. Use anti-malware protection on your devices Your mobile devices are in need of protection just as much as your computer. Using QR codes in snail mail offers the criminals a few advantages.

Malware

Malware Banking Mobile Software

Android threats rise sharply, with mobile malware jumping by 151% since start of year

Malwarebytes

JUNE 30, 2025

Recent Malwarebytes threat research data reveals a sharp rise in mobile threats across the board, with malware targeting Android devices up 151%. Now attackers are amping up the volume and sophistication of mobile threats. Mobile security can’t be an afterthought. They’re building ecosystems. The takeaway?

Mobile

Mobile Malware Spyware Scams

99% of Organizations Expose Sensitive Data to AI Tools, Report Shows

SecureWorld News

MAY 23, 2025

According to the State of Data Security Report: Quantifying AI's Impact on Data Risk , 99% of organizations analyzed had sensitive data exposed to AI tools due to misconfigurations, permissive access controls, and a lack of visibility across cloud environments. Personnel seems to be a key inhibitor, and this pain will only grow."

Artificial Intelligence

Artificial Intelligence CISO Mobile Risk

March Madness Meets Cyber Mayhem: How Cybercriminals Are Playing Offense this Season

SecureWorld News

MARCH 20, 2025

Phishing plays straight out of the cybercrime playbook "March Madness brings heightened cybersecurity risks this year, especially with the expansion of sports gambling beyond traditional office pools creating new attack vectors for credential harvesting and financial fraud," warns J.

Scams

Scams Social Engineering Phishing Mobile

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

Security Affairs

DECEMBER 4, 2024

The security breach poses a major national security risk. requests for communications data, according to people familiar with the matter, which amounts to a major national security risk.” T-Mobile detected recent infiltration attempts but confirmed no unauthorized system access occurred, and no sensitive data was compromised.

Telecommunications

Telecommunications Government Mobile Cyber threats

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”

Krebs on Security

FEBRUARY 26, 2025

But in a response filed today (PDF), prosecutors in Seattle said Wagenius was a flight risk, partly because prior to his arrest he was searching online for how to defect to countries that do not extradite to the United States. government military which country will not hand me over” -“U.S. million customers. .”

Hacking

Hacking Government Identity Theft Accountability

How to Use Risk-Based Metrics in an Exposure Management Program

Security Boulevard

JUNE 9, 2025

In this post, Tenable security engineers Arnie Cabral and Jason Schavel share how you can use risk-based metrics. It's about understanding business risk and prioritizing actions that reduce the potential for attack. They offer an overview of quantifiable risk across different business units and asset groups.

Risk

Risk Mobile Engineering IoT

Millions of stalkerware users exposed again

Malwarebytes

FEBRUARY 28, 2025

There are many reasons not to use stalkerware, but the risk of getting exposed yourself seems to be a recurring deterrent, according to a new investigaton. By definition, stalkerware is a term used to describe the toolssoftware programs and mobile appsthat enable someone to secretly spy on another persons private life via their mobile device.

Mobile

Mobile Data breaches Marketing Internet

Why Most Mobile App Security Tools Miss Geo-Risk? How to Fix It?

Appknox

JULY 18, 2025

The risk that goes unseen Most mobile security conversations start with code: vulnerabilities, misconfigurations, tokens, and flaws. But few discussions focus on a critical dimension— location : not where an app is used, but where its data travels.

Mobile

Mobile Risk

Mishing Is the New Phishing — And It’s More Dangerous

eSecurity Planet

FEBRUARY 26, 2025

Cybercriminals are shifting their focus from emails to text messages, using mishing a more deceptive form of phishing to target mobile users and infiltrate corporate networks, according to new security research by Zimperium. Zimperium found that mishing activity peaked in August 2024, with over 1,000 daily attacks recorded. What is mishing?

Phishing

Phishing Mobile Social Engineering Data breaches

Toll fee scams are back and heading your way

Malwarebytes

APRIL 7, 2025

xin Did you know that Malwarebytes for mobile scans your texts for scams and blocks known malicious sites? We dont just report on phone securitywe provide it Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS , and Malwarebytes for Android today.

Scams

Scams Phishing Mobile Internet

Safer with Google: Advancing Memory Safety

Google Security

OCTOBER 15, 2024

We recognized the inherent risks associated with memory-unsafe languages and developed tools like sanitizers , which detect memory safety bugs dynamically, and fuzzers like AFL and libfuzzer , which proactively test the robustness and security of a software application by repeatedly feeding unexpected inputs.

Computers and Electronics

Computers and Electronics Software Risk Architecture

PayPal’s “no-code checkout” abused by scammers

Malwarebytes

FEBRUARY 27, 2025

Combining official-looking Google search ads with specially-crafted PayPal pay links, makes this scheme particularly dangerous on mobile devices due to their screen size limitation and likelihood of not having security software. There are also security solutions that can block ads and malicious links, such as Malwarebytes for mobile devices.

Scams

Scams Mobile Small Business Advertising

Increased GDPR Enforcement Highlights the Need for Data Security

Security Affairs

NOVEMBER 18, 2024

The Growing Risk: Why This Should Concern Global Enterprises As the regulatory environment tightens, global companies must realize that non-compliance with data protection laws can have dire consequences. For businesses operating internationally, staying ahead of regulatory changes is key to mitigating risk.

Data privacy

Data privacy Risk Surveillance Government

Location, name, and photos of random kids shown to parents in child tracker mix up

Malwarebytes

APRIL 3, 2025

Not one but several worried parents that tracked their children by using T-Mobile tracking devices suddenly found that they were looking at the location of random other children. T-Mobile sells a small GPS tracker called SyncUP , which can be used to track, among others, the locations of young children who dont have cell phones yet.

Mobile

Mobile Media Surveillance Technology

The U.S. House banned WhatsApp on government devices due to security concerns

Security Affairs

JUNE 24, 2025

House banned WhatsApp on official devices over security concerns, citing risks flagged by the Chief Administrative Officer. ” “House staff are NOT allowed to download or keep the WhatsApp application on any House device, including any mobile, desktop, or web browser versions of its products.”

Government

Government Spyware Mobile Encryption

Threat Modeling in Solar Power Infrastructure

SecureWorld News

JUNE 18, 2025

When renewable energy becomes a security risk Some people are concerned about whether solar panels will operate after periods of cloudy weather, others are more concerned about whether they can be remotely accessed. Remediation: Implement supply chain risk assessments for all solar components.

Firmware

Firmware IoT Manufacturing Mobile

Cybersecurity Snapshot: Tenable Highlights Risks of AI Use in the Cloud, as UK’s NCSC Offers Tips for Post-Quantum Cryptography Adoption

Security Boulevard

MARCH 21, 2025

Check out key findings and insights from the Tenable Cloud AI Risk Report 2025. 1 - Tenable: Orgs using AI in the cloud face thorny cyber risks Using AI tools in cloud environments? 1 - Tenable: Orgs using AI in the cloud face thorny cyber risks Using AI tools in cloud environments?

Risk

Risk IoT Cybersecurity Manufacturing

Phishing evolves beyond email to become latest Android app threat

Malwarebytes

FEBRUARY 11, 2025

They started developing entire mobile apps on Android that could provide the same level of theft. These decoy apps are often hosted on less popular mobile app stores, as the protections of the Google Play store often flag and remove these apps, should they ever sneak onto the marketplace. A low number of reviews may signal a decoy app.

Phishing

Phishing Passwords Authentication Mobile

U.S. CISA adds Linux kernel and VMware ESXi and Workstation flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

MARCH 4, 2025

Amnesty International revealed that the vulnerability CVE-2024-50302 was likelyused by Cellebrites mobile forensic tools to unlock the Android phone of a Serbian student activist. CVE-2024-53104 was patched in Androids February 2025 update, while CVE-2024-53197 and CVE-2024-50302 (CVSS score of 5.5)

Mobile

Mobile Hacking Cybersecurity Risk

Synthetic Sabotage: How AI Tools Are Fueling Tailored Phishing Campaigns at Scale

SecureWorld News

APRIL 28, 2025

Open on mobile? It shifts to a mobile-friendly layout. These tests must be constant, varied, and psychologically realistic; otherwise, security awareness training risks becoming obsolete. Security leaders need to treat generative AI as a foundational risk vector, not a niche concern. Click a link? Report the email?

Phishing

Phishing Social Engineering Engineering Data breaches

Update your Android: Google patches two zero-day vulnerabilities

Malwarebytes

NOVEMBER 6, 2024

We don’t just report on phone security—we provide it Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS , and Malwarebytes for Android today. The issue was patched by Qualcomm, which published a long list of affected chipsets.

Encryption

Encryption Mobile Technology Risk

U.S. CISA adds SonicWall SMA1000 flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

JANUARY 24, 2025

This week, SonicWall warned customers of a critical security vulnerability, tracked as CVE-2025-23006 (CVSS score of 9,8) impacting its Secure Mobile Access (SMA) 1000 Series appliances.

Authentication

Authentication Mobile Hacking Cybersecurity

iMessage text gets recipient to disable phishing protection so they can be phished

Malwarebytes

JANUARY 13, 2025

Your mobile device may already have some form of safe message ID enabled without you knowing. We dont just report on threatswe remove them Cybersecurity risks should never spread beyond a headline. If it turns out to be a fake, you should be able to report it to them, there and then. Report bogus messages and numbers.

Phishing

Phishing Social Engineering Scams Mobile

Apple users: Update your devices now to patch zero-day vulnerability

Malwarebytes

JANUARY 28, 2025

We dont just report on phone securitywe provide it Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS , and Malwarebytes for Android today.

Media

Media Mobile Software Risk

Zero-Click Flaw in Microsoft Copilot Illustrates AI Agent, RAG Risks

Security Boulevard

JUNE 13, 2025

The post Zero-Click Flaw in Microsoft Copilot Illustrates AI Agent, RAG Risks appeared first on Security Boulevard. Microsoft fixed the security flaw.

Risk

Risk Data privacy Security Awareness Mobile

Zero-day attacks on browsers and smartphones drop, says Google

Malwarebytes

MAY 1, 2025

Google said attackers are having less success targeting browsers and mobile operating systems. In particular, exploitation of browsers and mobile devices was far lower this year than last. We dont just report on threatswe remove them Cybersecurity risks should never spread beyond a headline.

Spyware

Spyware Mobile Technology Government

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Security Affairs

NOVEMBER 10, 2024

US CFPB warns employees to avoid work-related mobile calls and texts following China-linked Salt Typhoon hack over security concerns. Do NOT conduct CFPB work using mobile voice calls or text messages,” reads the email sent to the employees referencing a recent government statement acknowledging the telecommunications infrastructure attack.

Hacking

Hacking Internet Internet Government

Experts Flag Security, Privacy Risks in DeepSeek AI App

Pairwise Authentication of Humans

Trending Sources

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

T-Mobile detected network intrusion attempts and blocked them

IT threat evolution in Q3 2024. Non-mobile statistics

IBM Addresses AI, Quantum Security Risks with New Platform

Flaw in Verizon call record requests put millions of Americans at risk

Taiwan flags security risks in popular Chinese apps after official probe

U.S. Lawmakers Push to Ban DeepSeek from Government Devices

Popular VPNs are routing traffic via Chinese companies, including one with link to military

Apple AirPlay SDK devices at risk of takeover—make sure you update

44% of people encounter a mobile scam every single day, Malwarebytes finds

SK Telecom revealed that malware breach began in 2022

World Backup Day: A Clarion Call for Cyber Resilience

MY TAKE: RSAC 2025 – Conversing with vendors hanging out in the Marriott Marquis mezzanine

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

Malicious QR codes sent in the mail deliver malware

Android threats rise sharply, with mobile malware jumping by 151% since start of year

99% of Organizations Expose Sensitive Data to AI Tools, Report Shows

March Madness Meets Cyber Mayhem: How Cybercriminals Are Playing Offense this Season

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”

How to Use Risk-Based Metrics in an Exposure Management Program

Millions of stalkerware users exposed again

Why Most Mobile App Security Tools Miss Geo-Risk? How to Fix It?

Mishing Is the New Phishing — And It’s More Dangerous

Toll fee scams are back and heading your way

Safer with Google: Advancing Memory Safety

PayPal’s “no-code checkout” abused by scammers

Increased GDPR Enforcement Highlights the Need for Data Security

Location, name, and photos of random kids shown to parents in child tracker mix up

The U.S. House banned WhatsApp on government devices due to security concerns

Threat Modeling in Solar Power Infrastructure

Cybersecurity Snapshot: Tenable Highlights Risks of AI Use in the Cloud, as UK’s NCSC Offers Tips for Post-Quantum Cryptography Adoption

Phishing evolves beyond email to become latest Android app threat

U.S. CISA adds Linux kernel and VMware ESXi and Workstation flaws to its Known Exploited Vulnerabilities catalog

Synthetic Sabotage: How AI Tools Are Fueling Tailored Phishing Campaigns at Scale

Update your Android: Google patches two zero-day vulnerabilities

U.S. CISA adds SonicWall SMA1000 flaw to its Known Exploited Vulnerabilities catalog

iMessage text gets recipient to disable phishing protection so they can be phished

Apple users: Update your devices now to patch zero-day vulnerability

Zero-Click Flaw in Microsoft Copilot Illustrates AI Agent, RAG Risks

Zero-day attacks on browsers and smartphones drop, says Google

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Stay Connected