Mobile Security News, Articles and Updates

Celebgate hacker who stole Jennifer Lawrence nudes pleads guilty of breaking into nearly 240 iCloud accounts

A Connecticut man admitted to hacking into the iCloud accounts of prominent females celebrities including "Red Sparrow" actress Jennifer Lawrence and more than 200 others.

Operation Parliament targeting Middle East nations with cyberespionage malware

Kaspersky Labs has detailed a large scale nation-state backed malware campaign called Operation Parliament that is targeting governments and high-level officials in the Middle East and North Africa (MENA) regions.

HTTP injectors used to steal mobile internet connectivity

Flashpoint researchers have come across several Telegram messaging channels being used to exchange HTTP injectors which can then be used to obtain free mobile internet access.

Russia takes Telegram to court over refusal to release encryption keys

The Russian government retaliated against the Telegram messaging app by filing a lawsuit that would stop or limit access to the app in that country after the company refused a request by the government to turn over its encryption keys to the FSB.

DHS acknowledges unauthorized foreign Stingray use in Washington D.C.

The United States government for the first time publicly acknowledged the existence of what appear to be stingray devices used by foreign intelligence in the U.S. capital region

Qualys acquires 1Mobility, Singapore

Qualys has acquired the software assets of the enterprise mobile management firm 1Mobility, Singapore.

Newest Apple releases squash bugs in iOS, macOS, Safari, various apps

Apple addressed a bevy of security bugs late last week, after issuing updated versions of its current operating systems, Safari browser and other core products, as well as security enhancements for two older OS offerings.

Pingu Cleans Up game actually cleans out its players

The fact that cybercriminals depend upon their victims simply not paying attention to their online environment, whether it be falling for a phishing email or not being aware of what they are clicking when playing a game, is being used by a new gang intent on duping mobile game players.

New Monero miner capable of destroying mobile devices

A new group of cryptocurrency miners is using a function normally found in SLocker Android ransomware to add self-protection and persistence to what Trend Micros is calling HiddenMiner.

U.K. police mobile device extraction tech raises eyebrows, study

U.K. police are secretly deploying technology which allows them to download all of the content and data from someone's phone on a questionably legal basis.

Malicious Android adware apps downloaded 500,000

Malicious actors managed to foil Google's Play Protect app vetting process and place numerous malicious apps into the store Sophos Labs by having them lay doggo before finally activating and bombarding the victim with unwanted ads.

New Fakebank malware variant intercepts calls on Android smartphones

Malware active in South Korea, redirects calls to scammers. Security researchers have discovered a new variant of the Fakebank malware.

Cellebrite competitor GrayKey raises security concerns with iPhone unlocking device

A product made by Cellebrite competitor GrayKey is raising security concerns over a standalone device capable of unlocking iPhones.

Cryptomining 'Calendar 2' app removed from Apple Store

Apple pulled the popular Mac scheduling app "Calendar 2" amid controversy surrounding the apps buggy cryptomining feature.

HenBox malware targets Chinese minority group

A new Android malware family dubbed HenBox is targeting a large online population based in China who have been the subject of numerous cyber-attacks in the past.

MoviePass removes 'unused' location-tracking features from iOS app

MoviePass removed the "unused" location features that tracked its customer's movements too closely without first gaining informed consent.

Researchers: LTE vulnerabilities enable attackers to disrupt service, send fake emergency alerts

An academic paper published last month presents 10 previously undiscovered vulnerabilities in the 4G LTE wireless protocol, including one that researchers say allows unauthenticated attackers to spoof the location of a legitimate user to the network, and another that reportedly can be used to distribute fake emergency messages.

RedDrop mobile malware infecting 53 apps, takes data and PII

A previously unrecorded threat has been uncovered that has 53 still operating apps distributing RedDrop malware which can exfiltrate a wide range of data from a victim's mobile device.

Cellebrite reportedly can unlock every iPhone Model

Israel-based Cellebrite reportedly privately announced the capability to subvert the security of iOS 11 enabled devices.

Apple patches 'Text Bomb' bug that causes system crashes

Apple just released a patch to fix its crash bug that allowed specially crafted messages to disable access iMessages and other messaging apps.

U.S. intel officials: Chinese phones, telecom services could be espionage tools

In testimony before the Senate Intelligence Committee last Tuesday, six top U.S. intelligence officials unanimously advised against government bodies or private citizens using equipment or services from China-based telecommunications companies ZTE or Huawei, due to the risks of potential espionage.

New AndroRAT variant with even greater info stealing skills

Another old and patched vulnerability is being used to target Android systems with a Remote Access Tool (RAT) to obtain escalated privileges.

Story behind how low-level Apple employee leaked iBoot source code

The story behind the Apple iOS 9 source code leak played out much like a horror movie in which a close-knit group of friends steal something for a good time only to open Pandora's Box.

Apple iOS 9 source code posted to Github

Apple found itself in damage control mode today after the source code, called iBoot, for the iPhone's operating system was somehow posted to Github potentially giving anyone the ability to spot vulnerabilities.

APIs in Samsung, Roku devices unsecure: Consumer Reports

Several Smart TVs from Samsung and others using the Roku TV platform, as well as media players from that company, are susceptible cyberattacks, according to Consumer Reports, a claim denied vehemently by Roku.

ADB.Miner takes cryptominer mobile and beyond targeting Android devices

Malicious cryptominers are going mobile and beyond with a new botnet malware targeting Android-based devices.

U.S. CERT posts cybersecurity suggestions for Pyeongchang Winter Olympic attendees

With the torch lighting for the Winter Olympics in Pyeongchang just over a week away U.S. CERT has issued cybersecuirty guidelines for those visiting the games, tips that can also be used in any public environment.

661 blacklisted Bitcoin apps found in popular app stores

RiskIQ monitored 10 popular Bitcoin exchanges included in the app titles and found that three percent with "Bitcoin exchange" were blacklisted, as were 2.6 percent using "Bitcoin wallet" and 2.2 percent listed as "cryptocurrency."

EFF, Lookout uncover Dark Caracal spy group

A new threat actor named Dark Caracal and operating out of a building operated by the Lebanese e General Directorate of General Security (GDGS) has been fingered by Lookout and the Electronic Frontier Foundation (EFF) as being behind cyberattacks hitting thousands of victims in more than 20 nations worldwide.