Security News

The mobile security software market is expected to witness significant growth in the coming years with the increased adoption of mobile devices. Technavio expects the global mobile security software market to grow by $2.75 billion between 2020 and 2025, expanding at a CAGR of 9.68% during the forecast period.

T-Mobile confirmed that recent reports of a new data breach are linked to notifications sent to a "Very small number of customers" who fell victim to SIM swap attacks. SIM swapping makes it possible for attackers to take control of a target's mobile phone number by tricking or bribing the carrier's employees to reassign the numbers to attacker-controlled SIM cards.

Researchers have disclosed security vulnerabilities in handover, a fundamental mechanism that undergirds modern cellular networks, which could be exploited by adversaries to launch denial-of-service and man-in-the-middle attacks using low-cost equipment. The new fake base station attacks, in a nutshell, render vulnerable the handover procedures, which are based on the aforementioned encrypted measurement reports and signal power thresholds, effectively enabling the adversary to establish a MitM relay and even eavesdrop, drop, modify, and forward messages transmitted between the device and the network.

T-Mobile says it blocked 21 billion scam, spam, and unwanted robocalls this year through its free Scam Shield robocall and scam protection service, amounting to an average of 1.8 billion scam calls identified or blocked every month. Last year, when it announced the Scam Shield service, T-Mobile said it could detect or block approximately 12 billion scam calls in 2019 and that around 30 million Americans fell victim to a phone scam within 12 months.

The British government has launched a £2.6bn National Cyber Strategy, intended to steer the state's thinking on cyber attack, defence and technology for the next three years - and there's some good news if you run a tech company. Its authors praised the formation of the National Cyber Force "Offensive cyber activity" unit, a joint venture between spy agency MI6, domestic intel agency GCHQ and the Ministry of Defence.

Protecting mobile applications and APIs against automated threats is a top priority for online commerce businesses, according to data from a study published by DataDome. Focusing on mobile application and API protection Two-thirds of respondents report that focusing on mobile application and API protection is a key priority for the next 12 months.

You don't have to log into the network to use the phone - it happens in the background via the SIM. Moreover, the mobile subscriber identity is one of the most widely used forms of digital identity. Firstly, it merely proves the user has access to a phone number, potentially through social engineering, not possession of a physical security token / device.

The North Korea-linked ScarCruft advanced persistent threat group has developed a fresh, multiplatform malware family for attacking North Korean defectors, journalists and government organizations involved in Korean Peninsula affairs. ScarCruft specifically controls the malware using a PHP script on a compromised web server, directing the binaries based on HTTP parameters.

Below we look at ways to identify app impersonation, tools to defend yourself from attacks and measures to put in place for better security. In addition to the examples given above, app impersonation occurs in many other ways.

Over the last several years, as the Android ecosystem matured, widely-distributed malware with rooting capabilities has become rare. By definition, rooting malware is extremely dangerous because it can gain privileged access to the Android operating system.