Security News

Argishti Khudaverdyan, the former owner of a T-Mobile retail store, was sentenced to 10 years in prison for a $25 million scheme where he unlocked and unblocked cellphones by hacking into T-Mobile's internal systems. "Removing the unlock allowed the phones to be sold on the black market and enabled T-Mobile customers to stop using T-Mobile's services and thereby deprive T-Mobile of revenue generated from customers' service contracts and equipment installment plans."

Appdome unveiled the results of a global survey that shares the views of 25,000 consumers in 11 countries on mobile app use and consumer expectations of mobile app security. With 53.5% of consumers now preferring mobile apps to other digital channels, the report is incredibly timely for all brands with mobile strategies.

Cybersecurity researchers have shed light on a darknet marketplace called InTheBox that's designed to specifically cater to mobile malware operators. "The automation allows other bad actors to create orders to receive the most up to date web injects for further implementation into mobile malware," Resecurity said.

Lookout researchers have discovered nearly 300 Android and iOS apps that trick victims into unfair loan terms, exfiltrate excessive user data from mobile devices, and then use it to pressure and shame the victims for repayment. Aimed at consumers in developing countries - Colombia, India, Indonesia, Kenya, Mexico, Nigeria, the Philippines, Thailand, and Uganda - the apps and their operators are taking advantage of victims' inability to qualify for a traditional loan.

According to research from cybersecurity company ESET, the APT 37 threat group used the newly discovered malware against very specific entities. The researchers say that the hackers delivered their commands to Dolphin by uploading them on Google Drive.

Security researchers found a previously unknown backdoor they call Dophin that's been used by North Korean hackers in highly targeted operations for more than a year to steal files and send them to Google Drive storage. According to research from cybersecurity company ESET, the APT 37 threat group used the newly discovered malware against very specific entities.

The PCI Security Standards Council published a new standard designed to support the evolution of mobile payment acceptance solutions. PCI Mobile Payments on COTS builds on the existing PCI Software-based PIN Entry on COTS and PCI Contactless Payments on COTS Standards, which individually address security requirements for solutions that enable merchants to accept cardholder PINs or contactless payments using a smartphone or other commercial off-the-shelf mobile device.

Experian and T-Mobile have reached separate settlements with 40 US states following a pair of data breaches in 2012 and 2015. Experian will be bearing the largest brunt of the fine, with $14 million coming from the credit reporting company.

As phishing attacks soar in frequency and sophistication and are delivered by an entirely new breed of cybercriminals, it's time we utilize the latest technology to anticipate threats before they advance. Smartphones have become increasingly targeted by hacking attempts - especially since the pandemic, with total phishing attacks in the second quarter of 2022 rising to over 1 million.

According to a new report, almost half of Android-based mobile phones used by U.S. state and local government employees are running outdated versions of the operating system, exposing them to hundreds of vulnerabilities that can be leveraged for attacks. The report additionally warns of a rise in all threat metrics, including attempted phishing attacks against government employees, reliance on unmanaged mobile devices, and liability points in mission-critical networks.