Researchers are warning that a new version of WannaLocker – essentially a mobile derivative of WannaCry ransomware – has been enhanced with spyware, remote access trojan and banking trojan capabilities. Cybercriminals have been using the all-in-one malware package in a campaign targeting Brazilian banks and their Android mobile customers, according to a July 1 blog…
A mobile app that was designed to enhance the experience of watching a touring Cirque du Soleil show left audience members’ devices vulnerable to an attack by others sharing the same public Wi-Fi network, according to a blog post today by researchers at ESET. The app corresponded to the show TORUK – The First Flight,…
A newly discovered cyber espionage campaign has been targeting Android users in the Middle East with malware designed to steal scores of device information, snoop on victims and potentially take over mobile devices. Known as GolfSpy, the malware is found in once-legitimate applications that have been repackaged to contain malicious code, according to a June…
An analysis by Google Security on the Triada malware family found a vendor going by the name of either Yehuo or Blazefire was most likely responsible for malware that came preinstalled on some Android phones. Google’s research revealed Triada was most likely implanted on a device during the manufacturing process when the vendor opted to…
Apple released several patches to addressed several vulnerabilities in its 7.9.1 update concerning its AirPort Base Station Firmware. The update is available for AirPort Extreme and AirPort Time Capsule base stations with 802.11ac. The vulnerabilities that could allow a remote attacker to leak memory, cause a denial of service, cause arbitrary code execution, not delete…
Boost Mobile was hit with a breach which affected an unknown number of customer accounts. “Boost.com experienced unauthorized online account activity in which an unauthorized person accessed your account through your Boost phone number and Boost.com PIN code,” the company said in a notification. “The Boost Mobile fraud team discovered the incident and was able…
A U.S. Supreme Court decision allowing an antitrust lawsuit to proceed against Apple has reportedly left some cybersecurity experts wondering how users may be affected if the courts eventually force the company to allow iOS apps to be sold in third-party stores. In a 5-4 decision this past Monday, the court upheld a Ninth Circuit…
Facebook posted a security advisory for a buffer overflow vulnerability in its subsidiary WhatsApp that could allow an attacker to install Pegasus spyware on victims devices. The Israeli NSO group developed spyware allows its users to turn on a phone’s camera and mic, scan emails and messages, and collect the user’s location data and can…
Nine members of The Community hacking group have been charged with aggravated identity theft, conspiracy to commit wire fraud and wire fraud related to a SIM hijacking campaign designed to steal cryptocurrency. Charged by the U.S. Attorney’s Office, Eastern District of Michigan are Conor Freeman, Ricky Handschumacher, Colton Jurisic, Reyad Gafar Abbas, Garrett Endicott and…
A researcher uncovered a massive SMS Bombing Operation in a passwordless database that exposed the sensitive information of millions of users. Security researcher Bob Diachenko discovered an open and unprotected MongoDB instance containing a massive amount of data including MD5 hashed emails, first and last names, location data, IP address, phone number, mobile network carrier…
