CVE-2019-16256

Some Samsung devices include the SIMalliance Toolbox Browser aka S@T Browser on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit STK instructions in an SMS message, aka Simjacker...

CVE-2019-16257

CVE-2019-16257 relates to SIMalliance Toolbox Browser (S@T Browser) on the UICC in some Motorola devices. The issue allows remote attackers to retrieve location and IMEI information, or other data and commands, via SIM Toolkit (STK) instructions in an SMS message (Simjacker). The Red Hat/NVD/NIST...

New SIM Card Flaw Lets Hackers Hijack Any Phone Just By Sending SMS

Cybersecurity researchers today revealed the existence of a new and previously undetected critical vulnerability in SIM cards that could allow remote attackers to compromise targeted mobile phones and spy on victims just by sending an SMS. Dubbed "SimJacker ," the vulnerability resides in a...

PT-2019-6137

Name of the Vulnerable Software and Affected Versions SIMalliance Toolbox Browser aka S@T Browser versions not specified Description The issue is related to insecure privilege management in the SIMalliance Toolbox Browser on certain Samsung devices. This could allow a remote attacker to disclose...

Twitter temporarily disables 'Tweeting via SMS' after CEO gets hacked

Twitter today finally decided to temporarily disable a feature, called 'Tweeting via SMS,' after it was abused by a hacking group to compromise Twitter CEO Jack Dorsey last week and sent a series of racist and offensive tweets to Dorsey's followers. Dorsey's Twitter account was compromised last...

How Twitter CEO Jack Dorsey's Account Was Hacked

Like so many Twitter attacks lately, it was a SIM swap...

TrickBot Targets Verizon, T-Mobile, Sprint Users to Siphon PINs

The TrickBot malware, known previously for targeting U.S. banks, is now setting a bullseye on users of U.S.-based mobile carriers, including Verizon Wireless, T-Mobile and Sprint, to launch SIM swapping attacks. Researchers with Dell’s Secureworks research team warned that they have observed the...

Who Owns Your Wireless Service? Crooks Do.

Incessantly annoying and fraudulent robocalls. Corrupt wireless company employees taking hundreds of thousands of dollars in bribes to unlock and hijack mobile phone service. Wireless providers selling real-time customer location data, despite repeated promises to the contrary. A noticeable uptic...

The Risk of Weak Online Banking Passwords

If you bank online and choose weak or re-used passwords, there's a decent chance your account could be pilfered by cyberthieves -- even if your bank offers multi-factor authentication as part of its login process. This story is about how crooks increasingly are abusing third-party financial...

Threat Source newsletter (May 23)

Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Election security is a touchy — and oftentimes depressing — topic of conversation. So why not let Beer with Talos bring some levity...

A week in security (May 13 – 19)

Last week, Malwarebytes Labs reviewed active and unique exploit kits targeting consumers and businesses alike, reported about a flaw in WhatsApp used to target a human rights lawyer, and wrote about an important Microsoft patch that aimed to prevent a "WannaCry level" attack. We also profiled the...

Account Hijacking Forum OGusers Hacked

Ogusers.com -- a forum popular among people involved in hijacking online accounts and conducting SIM swapping attacks to seize control over victims' phone numbers -- has itself been hacked, exposing the email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 forum...

Sim swapping hackers charged with stealing $2.5m worth of crypto

By Uzair Amir These hackers are part of the group called "The Community." According to an announcement made by the U.S. Department of Justice DoJ, six men have been charged for SIM swapping fraud that resulted in the theft of nearly $2.5 million $2,416,352 worth of cryptocurrency. The six men are...

U.S. Charges 9 'SIM Swapping' Attackers For Stealing $2.5 Million

The U.S. Department of Justice today announced charges against nine individuals, 6 of which are members of a hacking group called "The Community" and other 3 are former employees of mobile phone providers who allegedly helped them steal roughly $2.5 million worth of the cryptocurrency using a...

U.S. Charges 9 'SIM Swapping' Attackers For Stealing $2.5 Million

The U.S. Department of Justice today announced charges against nine individuals, 6 of which are members of a hacking group called "The Community" and other 3 are former employees of mobile phone providers who allegedly helped them steal roughly $2.5 million worth of the cryptocurrency using a...

Nine Charged in Alleged SIM Swapping Ring

Eight Americans and an Irishman have been charged with wire fraud this week for allegedly hijacking mobile phones through SIM-swapping, a form of fraud in which scammers bribe or trick employees at mobile phone stores into seizing control of the target's phone number and diverting all texts and...

Rockwell Automation 1771-SIM General Purpose Discrete I/O

Binary data 753446.prm...

SAP Gateway Remote Command Execution

Added: 05/07/2019 Background SAP Gateway is a development framework, which allows non-SAP applications to communicate with SAP applications. Problem SAP Gateway behavior depends on two parameters, aclmode and simmode. If SAP Gateway access control lists ACLs are configured aclmode=0, anonymous...

The SIM Swap Fix That the US Isn't Using

While foreign phone carriers are sharing data to stop SIM swap fraud, US carriers are dragging feet...

Building a VPN for Mobile Devices at the Network Level

By David Balaban In 2019, there is still surprisingly little information about such an old, simple, convenient, and secure technology, as mobile VPN - Virtual Private Network. In this article, I will describe how you can provide access to your virtual private network to any device with a SIM card...