Security News

Infosec in brief T-Mobile has had another bad week on the infosec front - this time stemming from a system glitch that exposed customer account data, followed by allegations of another breach the carrier denied. According to customers who complained of the issue on Reddit and X, the T-Mobile app was displaying other customers' data instead of their own - including the strangers' purchase history, credit card information, and address.

T-Mobile has denied suffering another data breach following Thursday night reports that a threat actor leaked a large database allegedly containing T-Mobile employees' data. The mobile carrier told BleepingComputer that the leaked data is believed to belong to an authorized retailer, which was breached earlier this year.

Today, T-Mobile customers said they could see other peoples' account and billing information after logging into the company's official mobile application. According to user reports on social media, the exposed information included customers' names, phone numbers, addresses, account balances, and credit card details like the expiration dates and the last four digits.

Mobile Verification Toolkit is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices. MVT supports using public indicators of compromise to scan mobile devices for potential traces of targeting or infection by known spyware campaigns.

The Feds didn't go as far as naming any specific vendors or services here, but one of the main reasons that crooks go down the "Beta-testing" route is to lure users of Apple iPhones into installing software that didn't come from the App Store. In contrast, even iPhone apps that are 100% free must be submitted by the vendor to the App Store to become available for download, and downloaded by the user from the App Store for installation.

The FBI is warning of a new tactic used by cybercriminals where they promote malicious "Beta" versions of cryptocurrency investment apps on popular mobile app stores that are then used to steal crypto. The threat actors submit the malicious apps to the mobile app stores as "Betas," meaning that they are in an early development phase and are meant to be used by tech enthusiasts or fans to test and submit feedback to developers before the software is officially released.

Ivanti has disclosed yet another security flaw impacting Endpoint Manager Mobile, formerly known as MobileIron Core, that it said has been weaponized as part of an exploit chain by malicious actors in the wild. "This vulnerability can be used in conjunction with CVE-2023-35078, bypassing administrator authentication and ACLs restrictions."

The prolific China-linked nation-state actor known as APT41 has been linked to two previously undocumented strains of Android spyware called WyrmSpy and DragonEgg. "Known for its exploitation of web-facing applications and infiltration of traditional endpoint devices, an established threat actor like APT 41 including mobile in its arsenal of malware shows how mobile endpoints are high-value targets with coveted corporate and personal data," Lookout said in a report shared with The Hacker News.

Researchers from Ruhr University Bochum and the CISPA Helmholtz Center for Information Security in Saarbrücken have assessed the security mechanisms of satellites currently orbiting the Earth from an IT perspective. They analyzed three current low-earth orbit satellites and found that, from a technical point of view, only some modern security concepts were implemented.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.