Security News

A new UK law will explicitly authorise the "Voluntary" slurping of data from mobile phones of crime suspects and witnesses. The Police, Crime, Sentencing and Courts Bill, which was introduced to Parliament this week, contains clauses that will allow police and others to extract data from mobile phones if the user "Voluntarily" hands the device over.

A series of police raids in Belgium have resulted in the apparent shutdown of the Sky ECC encrypted mobile phone network. As the second major encrypted phone network to be shut down by police in Europe, Sky ECC's seeming downfall has parallels with the Encrochat story, where French and Dutch police man-in-the-middle'd the encrypted phone network on suspicion it was being used mainly by organised criminals.

Businesses and consumers are relying on the voice call more than ever during the pandemic with voice traffic up 184% in 2020 compared to 2019, according to a Hiya report. Nearly 40% of all respondents reported losing money to phone scams in 2020 - with an average of $182 per person.

Police have arrested 10 people in the U.K., Belgium and Malta for allegedly hijacking mobile phones belonging to U.S. celebrities including internet influencers, sports stars and musicians to steal personal information and millions in cryptocurrency, authorities said. The European Union police agency Europol said Wednesday that the gang is believed to have stolen more than $100 million in cryptocurrencies by using so-called SIM swap attacks.

Chicago-based wireless carrier UScellular started informing customers last week that their personal information may have been accessed and their phone numbers ported as a result of a cybersecurity breach. Since employees were already logged into the CRM system, the attackers were able to access the CRM with the employee credentials and access wireless customer accounts and phone numbers.

Cybersecurity researchers on Tuesday disclosed a now-patched security flaw in TikTok that could have potentially enabled an attacker to build a database of the app's users and their associated phone numbers for future malicious activity. Although this flaw only impacts those users who have linked a phone number with their account or logged in with a phone number, a successful exploitation of the vulnerability could have resulted in data leakage and privacy violation, Check Point Research said in an analysis shared with The Hacker News.

A vulnerability in the popular TikTok short-form video-sharing platform could have allowed attackers to easily compile users' phone numbers, unique user IDs and other data ripe for phishing attacks. In order to help users find friends through their contacts, TikTok contained a sync feature for contacts who had TikTok accounts.

The Federal Bureau of Investigation has issued a Private Industry Notification to warn of attacks targeting enterprises, in which threat actors attempt to obtain employee credentials through vishing or chat rooms. An observed shift in tactics, the FBI says, is the targeting of all employee credentials, not exclusively of those individuals who might have higher access and privileges based on their corporate position.

We all know that our cell phones constantly give our location away to our mobile network operators; that's how they work. "Pretty Good Phone Privacy" protects both user identity and user location using the existing cellular networks.

T-Mobile has announced a data breach exposing customers' proprietary network information, including phone numbers and call records. After bringing in a cybersecurity firm to perform an investigation, T-Mobile found that threat actors gained access to the telecommunications information generated by customers, known as CPNI. The information exposed in this breach includes phone numbers, call records, and the number of lines on an account.