Security News

New tool checks if a mobile app's browser is a privacy risk
2022-08-19 18:12

A new online tool named 'InAppBrowser' lets you analyze the behavior of in-app browsers embedded within mobile apps and determine if they inject privacy-threatening JavaScript into websites you visit. The revelations shook the communities of popular apps that feature embedded browsers, so to help users determine the behavior of their app's activity, Krause released the 'InAppBrowser' online tool and open-sourced its source code.

New tool checks if in-app mobile browsers inject risky code on sites
2022-08-19 18:12

A new online tool named 'InAppBrowser' lets you analyze the behavior of in-app browsers embedded within mobile apps and determine if they inject privacy-threatening JavaScript into websites you visit. The revelations shook the communities of popular apps that feature embedded browsers, so to help users determine the behavior of their app's activity, Krause released the 'InAppBrowser' online tool and open-sourced its source code.

Verizon: Mobile attacks up double digits from 2021
2022-08-04 17:25

With the proliferation of mobile devices and hybrid work environments where employees often use their personal devices for work-related activities almost half of respondents of the Verizon Mobile Security Index 2022 said their organizations were subject to a security incident involving a mobile device that led to data loss, downtime or other negative outcome-a 22% increase over 2021's numbers. Despite these results, 36% of respondents said that mobile devices are of less interest to cybercriminals than other IT assets-an increase of six percentage points from the 2021 MSI report.

Businesses lack visibility into run-time threats against mobile apps and APIs
2022-08-04 08:00

A new report from Osterman Research codifies the increasing dependence of businesses upon their mobile apps, and reveals a jarring disconnect between the strategic importance of apps versus the level of focus and resources applied to protect organizational apps against runtime threats. This Help Net Security video reveals how run-time security threats against mobile apps and APIs continue to inflict damage on organizations.

Ex-T-Mobile US store owner phished staff, raked in $25m from unlocking phones
2022-08-03 20:17

A now-former T-Mobile US store stole at least 50 employees' work credentials to run a phone unlocking and unblocking service that prosecutors said netted $25 million. Argishti Khudaverdyan, 44, of Burbank, California, was found guilty of 14 criminal charges [PDF] by a US federal jury on Friday.

Mobile store owner hacked T-Mobile employees to unlock phones
2022-08-02 15:02

A former owner of a T-Mobile retail store in California has been found guilty of a $25 million scheme where he illegally accessed T-Mobile's internal systems to unlock and unblock cell phones. "From August 2014 to June 2019, Khudaverdyan fraudulently unlocked and unblocked cellphones on T-Mobile's network, as well as the networks of Sprint, AT&T and other carriers," details the announcement of the U.S. Department of Justice.

Researchers Discover Nearly 3,200 Mobile Apps Leaking Twitter API Keys
2022-08-02 06:41

Researchers have uncovered a list of 3,207 apps, some of which can be utilized to gain unauthorized access to Twitter accounts. "Out of 3,207, 230 apps are leaking all four authentication credentials and can be used to fully take over their Twitter Accounts and can perform any critical/sensitive actions," the researchers said.

T-Mobile US to cough up $550m after info stolen on 77m customers
2022-07-25 20:58

T-Mobile US has agreed to pay about $550 million to end legal action against it and improve its security after crooks infiltrated the self-described Un-carrier last summer and harvested personal data belonging to almost 77 million customers. The cellular network operator agreed to pay $350 million plus legal fees to settle a class-action lawsuit brought by customers whose data was compromised in an August 2021 privacy breach, according to documents filed with the US Securities and Exchange Commission on Friday.

T-Mobile to cough up $500 million over 2021 data breach
2022-07-25 18:20

Just under a year ago, the US arm of telecomms giant T-Mobile admitted to a data breach after personal information about its customers was offered for sale on an underground forum. At the time, VICE Magazine claimed to have communicated with the hacker behind the breach via online chat, and to have been offered "T-Mobile USA. Full customer info."

Visibility into runtime threats against mobile apps and APIs still lacking
2022-07-22 03:00

A new report from Osterman Research codifies the increasing dependence of businesses upon their mobile apps, and reveals a jarring disconnect between the strategic importance of apps versus the level of focus and resources applied to protect organizational apps against runtime threats. Poor visibility into security threats against mobile apps.