A recently discovered iPhone Wi-Fi bug that could crash the WiFi connectivity could be exploited by attackers to achieve remote code execution. In June, the researcher Carl Schou discovered a new bug in iPhone that can permanently break users’ WiFi by disabling it, the issue could be triggered by simply connecting to a rogue hotspot. Once an […]
The post WiFiDemon – Recently discovered iPhone Wi-Fi bug could also allow RCE appeared first on Security Affairs.
Read More WiFiDemon – Recently discovered iPhone Wi-Fi bug could also allow RCE
The Joker malware is back, experts spotted multiple malicious apps on the official Google Play store that were able to evade scanners. Experts reported an uptick in malicious Android apps on the official Google Play store laced with the Joker mobile trojan. The Joker malware is a malicious code camouflaged as a system app and […]
The post New enhanced Joker Malware samples appear in the threat landscape appeared first on Security Affairs.
Read More New enhanced Joker Malware samples appear in the threat landscape
The FBI has sounded an alert amongst owners of cryptocurrency, digital currency exchanges, and cryptocurrency payment platforms that their virtual riches are being actively targeted by malicious hackers.
Read more in my article on the Hot for Securi…
Read More FBI warns hackers are targeting cryptocurrency wallets and exchanges
Mint Mobile has disclosed a data breach after an unauthorized person gained access to subscribers’ account information and ported phone numbers to another carrier. […]
Read More Mint Mobile hit by a data breach after numbers ported, data accessed
There’s a major gap in security capability among mobile operators, which in many cases is not yet being filled by industry partnerships, Trend Micro reveals. In the 5G era, and a rapidly changing digital landscape, operators could broaden their s…
Read More How mobile operators view security in the 5G era
Police in the UK are warning WhatsApp users of a surge they have seen in attempts made by fraudsters to steal accounts.
Read more in my article on the Hot for Security blog.
Read More Received a WhatsApp verification code without requesting it? Beware – you might be about to have your account stolen
Ericsson projects that 5G mobile subscriptions will exceed 580 million by the end of 2021, driven by an estimated one million new 5G mobile subscriptions every day. 5G mobile subscriptions The forecast enhances the expectation that 5G will become the f…
Read More 5G mobile subscriptions to exceed 580 million by the end of 2021
A new trend has emerged on dating apps like Tinder with spammers sneaking in handwritten NSFW links within profile images. Multiple such Tinder spam profiles reviewed by BleepingComputer shared some common characteristics. […]
Read More Tinder spam campaign hides “handwritten” links in profile images
The Australian Federal Police (AFP) has revealed that it was able to decrypt and snoop on the private messages sent via a supposedly secure messaging app used by criminals… because the app was actually the brainchild of the FBI.
Read more in my arti…
Read More Criminal networks smashed after using “secure” chat app secretly run by cops
Read More The Future of PCI SSC Mobile Standards
The Council is currently working on the next evolution of its mobile security standards. To date, PCI SSC has two mobile standards: PCI Software-based PIN Entry on COTS (SPoC) Standard, which provides a software-based approach for p…
Read More Just published: SPoC Unsupported Operating Systems Annex
The PCI Security Standards Council (PCI SSC) has published a new, optional, Software-based PIN Entry on COTS (SPoC)™ Annex for Unsupported Operating Systems (“Unsupported OS Annex”) version 1.0. The purpose of this Annex is to provi…
Read More New Technical FAQs for PCI 3DS Security Standards
PCI SSC Sr. Manager Jake Marcinko discusses the two newly published PCI 3DS Core and 3DS SDK Technical FAQ documents (found here).
Malware researchers from Cleafy warn of a new Android banking trojan dubbed TeaBot (aka Anatsa) that is targeting banks in Europe. Malware experts from the Italian cybersecurity firm Cleafy have spotted a new Android banking trojan dubbed TeaBot (aka Anatsa) that is targeting banks in Spain, Germany, Italy, Belgium, and the Netherlands. TeaBot malware appeared […]
The post TeaBot Android banking Trojan targets banks in Europe appeared first on Security Affairs.
Read More TeaBot Android banking Trojan targets banks in Europe
Court documents revealed that the infamous XcodeGhost malware, which has been active since 2015, infected 128 million iOS users. Documents provided in a court case that sees Epic Games v. Apple Inc. revealed that the XcodeGhost malware impacted 128 million iOS users. Epic Games filed a lawsuit against Apple in a California court over its violation of terms of […]
The post Apple was aware that XcodeGhost impacted 128 Million iOS Users in 2015 appeared first on Security Affairs.
Read More Apple was aware that XcodeGhost impacted 128 Million iOS Users in 2015
A high severity flaw, tracked as CVE-2020-11292, affects Qualcomm Mobile Station Modem chips used by around 30% of all smartphones worldwide Researchers from Checkpoint have discovered a buffer overflow vulnerability, tracked as CVE-2020-11292, in the Qualcomm Mobile Station Modem that can be exploited by attackers to trigger memory corruption and execute arbitrary code on the […]
The post Qualcomm bug impacts about 30% of all smartphones appeared first on Security Affairs.
Read More Qualcomm bug impacts about 30% of all smartphones
A school janitor has lost her job, and she says it’s because she refused to download a smartphone app that would track her location.
Read More School janitor says she was fired for not installing smartphone tracking app
Google is adding support for the Password Checkup service to Android applications through the passwords autofill feature to warn users if their saved passwords have been compromised or leaked in data breaches. […]
Read More Google adds Password Checkup support to Android autofill
An attacker demonstrated this week that Clubhouse chats are not secure, he was able to siphon audio feeds from “multiple rooms” into its own website While the popularity of the audio chatroom app Clubhouse continues to increase experts are questioning the security and privacy level it offers to its users. Recently the company announced it […]
The post An attacker was able to siphon audio feeds from multiple Clubhouse rooms appeared first on Security Affairs.
Read More An attacker was able to siphon audio feeds from multiple Clubhouse rooms
Multiple vulnerabilities in the popular file-sharing app SHAREit have yet, to be addressed, experts from Trend Micro warned. SHAREit is a popular file-sharing Android app with more than one billion downloads, experts from Trend Micro discovered multiple unpatched vulnerabilities in its code. The vulnerabilities impact the Android version of SHAREit, a mobile app that allows users […]
The post Popular SHAREit app is affected by severe flaws yet to be fixed appeared first on Security Affairs.
Read More Popular SHAREit app is affected by severe flaws yet to be fixed
Court documents obtained by Forbes revealed that the FBI may have a tool that allows accessing private Signal messages on iPhones. Court documents related to a recent gun-trafficking case in New York and obtained by Forbes revealed that the FBI may have a tool to access private Signal messages. The documents revealed that encrypted messages can be intercepted from […]
The post Court documents show FBI could use a tool to access private Signal messages on iPhones appeared first on Security Affairs.
Read More Court documents show FBI could use a tool to access private Signal messages on iPhones
Lookout researchers provided details about two Android spyware families employed by an APT group tracked as Confucius. Researchers at mobile security firm Lookout have provided details about two recently discovered Android spyware families, dubbed Hornbill and SunBird, used by an APT group named Confucius. Confucius is a pro-India APT group that has been active since […]
The post Experts spotted two Android spyware used by Indian APT Confucius appeared first on Security Affairs.
Read More Experts spotted two Android spyware used by Indian APT Confucius
British police have arrested eight men in connection with a series of SIM-swapping attacks which saw criminals hijack the social media accounts of well-known figures and their families.
Read more in my article on the Tripwire State of Security blog.
Read More Eight men arrested following celebrity SIM-swapping attacks
With the start of a new year, PCI SSC Executive Director Lance Johnson welcomes the new 2021-2022 Board of Advisors, provides an update on the Council’s top priorities, and offers insight into what stakeholders can expect in 2021.
Read More PCI SSC Executive Director Discusses New Board and 2021 Priorities
Read More Request for Comments: SPoC Unsupported Operating Systems Annex
From 6 January 2021 to 4 February 2021, PCI SSC stakeholders can participate in a Request for Comments (RFC) on the new SPoC Unsupported Operating Systems Annex draft.