Google Simplifies 2-Factor Authentication Setup (It's More Important Than Ever)

Google on Monday announced that it's simplifying the process of enabling two-factor authentication 2FA for users with personal and Workspace accounts. Also called 2-Step Verification 2SV, it aims to add an extra layer of security to users' accounts to prevent takeover attacks in case the password...

SMShell - Send Commands And Receive Responses Over SMS From Mobile Broadband Capable Computers

PoC for an SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers. This tool came as an insipiration during a research on eSIM security implications led by Markus Vervier, presented at Offensivecon 2023 Disclaimer This is not a complete C2 but rather...

European Bank Customers Targeted in SpyNote Android Trojan Campaign

Various European customers of different banks are being targeted by an Android banking trojan called SpyNote as part of an aggressive campaign detected in June and July 2023. "The spyware is distributed through email phishing or smishing campaigns and the fraudulent activities are executed with a...

U.K. Cyber Thug “PlugwalkJoe” Gets 5 Years in Prison

Joseph James "PlugwalkJoe" OConnor, a 24-year-old from the United Kingdom who earned his 15 minutes of fame by participating in the July 2020 hack of Twitter, has been sentenced to five years in a U.S. prison. That may seem like harsh punishment for a brief and very public cyber joy ride. But...

Threat Source newsletter (Feb. 23, 2023) — Social media sites are making extra security a paid feature

Welcome to this weeks edition of the Threat Source newsletter. Social medias latest business plan seems to be charging for security. Twitter recently announced a plan to make SMS-based two-factor authentication a paid service as part of Twitter Blue -- asking users to pay either $8 or $11 monthly...

Authentication flaw

SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker without authentication...

CVE-2022-2141 ICSA-22-200-01 MiCODUS MV720 GPS tracker Improper Authentication

SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker without authentication...

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

Pavel Vrublevsky, founder of the Russian payment technology firm ChronoPay and the antagonist in my 2014 book "Spam Nation," was arrested in Moscow this month and charged with fraud. Russian authorities allege Vrublevsky operated several fraudulent SMS-based payment schemes, and facilitated money...

Mobile Adware Booms, Online Banks Become Prime Target for Attacks

Hackers painted a bullseye on the backs of online financial institutions in 2020 as the pandemic shuttered local branch offices and forced customers online. Over the past 12 months, incidents of adware nearly tripled. And, overall in 2020 researchers saw a slight drop in the number of mobile...

Cloud communication firm exposes millions of sensitive text messages to public access

By Waqas There’s bad news for those who rely upon SMS-based 2FA authentication. A Berlin-based security researcher Sébastien Kaul has revealed that Voxox exposed a huge database containing tens of millions of text messages by storing it on an unprotected server. The VOIP and Cloud communication f...

Reddit Hacked – Emails, Passwords, Private Messages Stolen

Another day, another significant data breach. This time the victim is Reddit... seems someone is really pissed off with Reddit's account ban policy or bias moderators. Reddit social media network today announced that it suffered a security breach in June that exposed some of its users' data,...

Google just discovered a dangerous Android Spyware that went undetected for 3 Years

An Android version of one of the most sophisticated mobile spyware has been discovered that remained undetected for at least three years due to its smart self-destruction capabilities. Dubbed Chrysaor, the Android spyware has been used in targeted attacks against activists and journalists mostly ...

WhatsApp Adds​ ​2-Step Verification Passcode — Enable this Security Feature

WhatsApp has introduced a new security feature that fixes a loophole in the popular messaging platform, which if exploited, could allow an attacker to hijack victim's account with just knowing the victim's phone number and some hacking skills. The attack does not exploit any vulnerability in...

Telegram Hacked? Turn ON Important Security Settings to Secure your Private Chats

We have heard a lot about data breaches nowadays. And if you think that switching to an encrypted messaging service may secure you and your data, then you may be wrong. No good deed today can help you protect yourself completely. Reuters and several media outlets are reporting that the phone...

Google Nexus phone vulnerable to SMS-based DOS attack

Google's Nexus Smartphones are vulnerable to SMS-based DOS attack, where an attacker can force it to restart, freeze, or lose network connection by sending a large number of special SMS messages to them. The vulnerability, discovered by Bogdan Alecu, a system administrator at Dutch IT services...

Two-Factor Authentication Options for Web Services

LinkedIn is the latest in a long line of high profile Internet services companies to offer two-factor authentication to its user base, joining Twitter, Evernote, Gmail and myriad others. And much like those other services, the move to a stronger form authentication is a reactionary one, coming on...

Two-Factor Authentication Won't Stop Twitter Compromises

The hijacking of high-profile Twitter accounts belonging to the Associated Press and Guardian UK newspaper brings to light numerous security shortcomings, namely the susceptibility users still have when it comes to phishing attacks, their propensity to use weak passwords, and the inability to...

Russian Police, Cybersecurity Company Arrest Cybercriminal

If you’ve ever sat in on a cybersecurity hearing on Capitol Hill or attended a security conference , then you’re no doubt familiar with the oft-preached need for information sharing and private-public partnerships. So frequently repeated are these refrains that they’re almost as meaningless as th...

FBI Warns of Rising Smishing and Vishing Scams This Holiday Season

Social networking sites and search engines are expected to face increased cybercriminal activity this holiday season. However, the FBI is also warning consumers about two other significant threats: “smishing” and “vishing” scams. Both smishing and vishing are forms of phishing. Smishing involves...

Zeus Variant Targets Mobile Online Banking Apps

Researchers have discovered a variant of the Zeus bot malware that specifically targets users who perform online-banking operations from the mobile phones, playing on the increasingly common use of SMS-based one-time passwords in order to dupe users into loading the malware. The attack begins wit...