dcsimg

Apple pulls Facebook enterprise certificate

It’s been an astonishing few days for Facebook. They’ve seen both an app and their enterprise certificate removed and revoked with big consequences. What happened? Apple issue enterprise certificates to organizations with which they can create internal apps. Those apps don’t end up released on the Apple store, because the terms of service don’t allow it. Anything storefront-bound must go … [Read more...]

The new landscape of pre-installed mobile malware: malicious code within

Here’s a scary thought: Mobile devices may soon come with pre-installed malware on required system apps. While it might sound like a grim foretelling, pre-installed mobile malware is an unfortunate reality of the future. In the past, we’ve seen pre-installed malware with the notorious Adups threat, among others. “Pre-installed” means the malware comes already installed on a … [Read more...]

All the reasons why cybercriminals want to hack your phone

When people think of hacking, most imagine desktop computers, laptops, or perhaps even security cameras. However, in recent years, cybercriminals have expanded their repertoire to include smartphones, too. Here are 10 reasons why they may be looking to hack your phone. 1. To infect it with malware Many smartphone users assume they can stay safe from malware and other threats by installing … [Read more...]

Mobile Menace Monday: Is Fuchsia OS the end of Android?

It’s no secret that every year Google announces a new Android version. This time though, recent Google documents state that the next major Android version will be Android Q and not Android 9.1 Pie. In parallel, Google is also developing an operating system called Fuchsia that’s supposedly going to replace Android in the near future. People were expecting to see a statement from Google about … [Read more...]

Something else is phishy: How to detect phishing attempts on mobile

In a report published in 2011, IBM revealed that mobile users are three times more likely to fall for phishing scams compared to desktop users. This claim was based on accessed log files found on Web servers used to host websites involved in phishing campaigns. Almost a decade later, we continue to see different organizations reporting an increased trend in phishing attacks targeting the mobile … [Read more...]

Mobile Menace Monday: top five scariest mobile threats

In the spirit of this upcoming Halloween season, we thought we’d provide you with a list of the top five scariest mobile threats in our book. The list is organized from least to most haunting, based on my own humble opinion gathered from several years as a mobile threat researcher. Of course, my opinion has also been formed by the data we’ve collected within the last few months that … [Read more...]

Mobile Menace Monday: SMS phishing attacks target the job market

Recently, a co-worker received an enticing SMS message from ASPXPPZUPS Human Resources. It read: Tired of your old job? Join our team today, work from home and earn $6,200 per month: hire-me-zvcbrvpffy.<hidden>.com.   Could it be that our dream job awaits via random text message? On the contrary, this SMS phishing attack could cause nightmares for unsuspecting job hunters. Don’t quit your … [Read more...]

Mac App Store apps are stealing user data

There is a concerning trend lately in the Mac App Store. Several security researchers have independently found different apps that are collecting sensitive user data and uploading it to servers controlled by the developer. (This is referred to as exfiltrating the data.) Some of this data is actually being sent to Chinese servers, which may not be subject to the same stringent requirements around … [Read more...]

Fortnite’s Google Play rebuff sparks security concerns for Android users

There’s been no small outbreak of chaos in mobile land recently, all because of an astonishingly popular game called Fortnite. Here’s the thing: people refer to Android as “open platform,” saying that, in theory, you can do what you want with it. In practice, you buy an Android phone and then you’re locked into apps from the Google Play store. You can switch things … [Read more...]

A week in security (August 27 – September 2)

Last week, we looked at dubious antics in mobile land, a peculiar case of spam on the official Cardi B website, and we deep dived into fileless malware. We also explored the inner workings of Hidden Bee, and gave an explainer of Regex. Other cybersecurity news: Huge data breach affects Chinese hotel chain (Source: Xinhuanet) Cryptojacking doesn’t bring in the big bucks [PDF] (Source: … [Read more...]