Security News

T-Mobile has confirmed that the Lapsus$ extortion gang breached its network "Several weeks ago" using stolen credentials and gained access to internal systems. Per T-Mobile, the Lapsus$ hackers didn't steal sensitive customer or government information during the incident.

It's important to understand that passwords are not passports. Using biometrics, which is a great security advancement, is not the same as identity, says Leonard Navarro, VP of Business Development at Nametag.

As businesses reopen for the first time in more than two years, companies are reassessing their mobile technology policies. A new study conducted by Samsung and Oxford Economics examines the impact of BYOD and employer-provided device strategies on small and midsize businesses.

An ongoing phishing campaign targets T-Mobile customers with malicious links using unblockable texts sent via SMS group messages. The New Jersey Cybersecurity & Communications Integration Cell issued a warning after multiple customers have filed reports of being targeted by this new SMS phishing campaign.

The United Stations Federal Communications Commission has labelled Kaspersky, China Mobile, and China Telecom as threats to national security. Kaspersky is the first non-Chinese company to be added to the FCC's list, but the agency did not tie its decision to Russia's illegal invasion of Ukraine.

Social engineering attacks leveraging a combination of romantic lures and cryptocurrency fraud have been luring unsuspecting victims into installing fake apps by taking advantage of legitimate iOS features like TestFlight and Web Clips. "This style of cyber-fraud, known as sha zhu pan - literally 'pig butchering plate' - is a well-organized, syndicated scam operation that uses a combination of often romance-centered social engineering and fraudulent financial applications and websites to ensnare victims and steal their savings after gaining their confidence," Sophos analyst Jagadeesh Chandraiah said in a report published last week.

Thousands of mobile apps - some of which have been downloaded tens of millions of times - are exposing sensitive data from open cloud-based databases due to misconfigured cloud implementations, new research from Check Point has found. Check Point Research found that in three months' time, 2,113 mobile apps using the Firebase cloud-based database exposed data, "Leaving victims unprotected and easily accessible for threat actors to exploit," according to a blog post published this week.

Escobar mobile malware targets 190 banking and financial apps, steals 2FA codes. Mobile malware is becoming increasingly powerful against banking and financial applications, especially on Android operating systems.

In 2021, the Zimperium zLabs team discovered threats impacting 10 million mobile devices in at least 214 countries. Mobile malware was the most prevalent threat, encountered by nearly 1 in 4 mobile endpoints within the global customer base.

Sensitive mobile app data found unprotected in the cloud. Experienced developers who use the cloud to create mobile apps typically try to harden their apps to protect them against different types of attack.