AI clickbait can turn your notifications into a scam feed

Pushpaganda is the name researchers have given to an AI-assisted ad fraud, social engineering, and scareware operation targeting mobile users. For most people, Pushpaganda starts as something that looks completely normal. For example, a recommended article in your Google Discover feed the...

CVE-2010-4547

IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, which allows remote authenticated users to bypass intended access restrictions by using credentials fr...

New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades

Cybersecurity researchers have discovered an updated version of an Android malware called TgToxic aka ToxicPanda, indicating that the threat actors behind it are continuously making changes in response to public reporting. "The modifications seen in the TgToxic payloads reflect the actors' ongoin...

Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack

Cybersecurity researchers have flagged multiple in-the-wild exploit campaigns that leveraged now-patched flaws in Apple Safari and Google Chrome browsers to infect mobile users with information-stealing malware. "These campaigns delivered n-day exploits for which patches were available, but would...

New Phishing Attacks Target Eastern European Bank Users on iOS and Android

Cybercriminals exploit Progressive Web Apps PWAs in the latest phishing scam, targeting mobile users in Czechia, Hungary, and…...

Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users

Security vulnerabilities uncovered in cloud-based pinyin keyboard apps could be exploited to reveal users' keystrokes to nefarious actors. The findings come from the Citizen Lab, which discovered weaknesses in eight of nine apps from vendors like Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Viv...

PT-2024-23081 · Unknown · Evolution Controller

Name of the Vulnerable Software and Affected Versions: Evolution Controller versions 2.04.560.31.03.2024 and below Description: The Web interface of Evolution Controller contains poorly configured access control on the "MOBILE GET USERS LIST" endpoint, allowing an unauthenticated attacker to...

Threat Actors Selling 1.8TB Database of Indian Mobile Users

By Deeba Ahmed Two groups of threat actors, namely CYBO CREW and UNIT8200, are apparently selling the same database with a price tag of $3,000. This is a post from HackRead.com Read the original post: Threat Actors Selling 1.8TB Database of Indian Mobile Users...

Associated Press, ESPN, CBS among top sites serving fake virus alerts

ScamClub is a threat actor whos been involved in malvertising activities since 2018. Chances are you probably ran into one of their online scams on your mobile device. Confiant, the firm that has tracked ScamClub for years, released a comprehensive report in September while also disrupting their...

HPE Aruba Networking Virtual Intranet Access 安全漏洞

Hewlett Packard Enterprise Aruba Networking Virtual Intranetxa0Access is part of a remote networking solution for remote workers and mobile users from Hewlett Packard Enterprise USA. A security vulnerability exists in HPE Aruba Networking Virtual Intranet Access that originated from a vulnerabili...

Evasive Bots Drive Online Fraud – 2022 Imperva Bad Bot Report

The 2022 Imperva Bad Bot Report is now available. The report is the ninth annual in-depth analysis of bot traffic, created with data collected from Impervas global network throughout the past year by the Imperva Threat Research Team. Bad bots are software applications that run automated tasks wit...

Stalkerware Volumes Remain Concerningly High, Despite Bans

Tens of thousands of mobile users were infected by the class of software known generically as stalkerware last year. According to just-published research by Kaspersky, 2020 lockdowns related to the global COVID-19 pandemic put a damper on installations, but the scourge of privacy-busting software...

Aliens and UFOs: A Final Frontier for Social Engineers

Buried deep within the most recent round of COVID-19 stimulus legislation was a little provision with potentially explosive consequences: The Pentagon has six months to release a full report on what they know about the existence of what they term Unidentified Aerial Phenomena UAP — or UFOs to the...

Wroba Mobile Banking Trojan Spreads to the U.S., via Texts

The Wroba mobile banking trojan has made a major pivot, targeting people in the U.S. for the first time. According to researchers at Kaspersky, a wave of attacks are taking aim at U.S. Android and iPhone users in an effort that started on Thursday. The campaign uses text messages to spread, using...

Social Media: Thwarting The Phishing-Data Goldmine

Phishing attacks are on the rise and are more widespread — and successful — than ever before. They’ve gone way beyond mocked-up bank emails littered with malicious links although those are still around, too. Today’s hackers now target mobile users across multiple vectors, such as text and SMS...

Europol nabs SIM hacking network from across Europe

By Deeba Ahmed SIM Swapping SIM hijacking or SIM hacking is rapidly becoming the biggest threat to mobile service providers and mobile users alike. This is a post from HackRead.com Read the original post: Europol nabs SIM hacking network from across Europe...

Top Mobile Security Stories of 2019

Top Mobile Security Stories of 2019 Cybercriminals are increasingly and successfully targeting mobile users, as our look back on the Top 10 2019 mobile security stories show. For enterprises that are embracing an ever-more-mobile workforce, escalating mobile attack vectors significantly widen the...

Android Malware Plaguing 45K Devices Remains a Mystery

Researchers are on the hunt for the infection vector behind a mysterious mobile malware that has infected over 45,000 Android devices in the past six months. Researchers said they have detected a surge in detections of the malware, dubbed Xhelper, which can hide itself from users, download...

Massive Malvertising Campaign Reaches 100M Ads, Manipulates Supply Chain

A Hong Kong-based advertiser has mounted a snowballing campaign, compromising more than 100 million ads to date by forming relationships with legitimate ad platforms to gain access to premium audiences. From there, it often pushes malware onto victim machines. The malvertiser, operating under the...

The Ping is the Thing: Popular HTML5 Feature Used to Trick Chinese Mobile Users into Joining Latest DDoS Attack

DDoS attacks have always been a major threat to network infrastructure and web applications. Attackers are always creating new ways to exploit legitimate services for malicious purposes, forcing us to constantly research DDoS attacks in our CDN to build advanced mitigations. We recently...