Lookout Announces Sale of Its Cloud Security Business to Fortra https://www.byteseu.com/1004291/ #business #CloudSecurity #EndpointSecurity #Fortra #Inc. #Lookout #MobileSecurity

He Thought the App Was Safe… Until This Happened.

He downloaded the app. It looked polished. Smooth UI. Secure login. But under the hood…

As a pentester, I decided to take a peek.

So far, so good… right? Wrong.

I fired up my tools:

MobSF for static analysis
Burp Suite for traffic interception
Frida to hook runtime behavior

What I found shocked me.

Check the comments for the link to the full guide....

$38,000… GONE while he was sleeping.

That’s how fast SIM-swapping can destroy your financial life.

In just 3 hours, a hacker took over Justin Chan’s phone number, intercepted his two-factor codes, and emptied his bank and trading accounts. No alarms. No notifications. Just silent access and drained funds.

It didn’t happen because he was careless.
It happened because the attacker exploited a broken system:

- His mobile carrier transferred his number to a new device without proper checks
- His 2FA codes were sent to that new device
- His bank and investment apps trusted that number

This is the $38,000 mistake most people never see coming. Because by the time you realize something is wrong — it’s already too late.

The worst part? Getting the money back was harder than the hack itself.
It took media pressure, endless follow-ups, and months of stress just to get refunded.

Mobile numbers are the new master key — and most people are handing them out unlocked.

If your 2FA is tied to your phone number, it's time to change that.
If your carrier doesn’t lock down your SIM by default, it’s time to upgrade.
And if your bank’s idea of protection is a form letter and a closed case, don’t wait for a wake-up call at 3AM.

Legacy security testing leaves mobile apps vulnerable to third-party risks. Without deeper binary analysis, attackers can exploit blind spots in the software supply chain. https://jpmellojr.blogspot.com/2025/05/mobile-and-third-party-risk-how-legacy.html #AppSec #MobileSecurity #BinaryAnalysis #SecurityTesting

Mobile security risk: New Android malware "SuperCard X" enables contactless payment fraud via NFC relay attacks

Here’s how it works:
Victims are socially engineered through fake bank alerts (smishing + calls)
Tricked into installing a rogue app posing as “security software”
NFC data is intercepted from real debit/credit cards
Attackers relay stolen credentials to PoS terminals and ATMs for fraudulent cashouts

Why it matters:
• Attackers no longer need stolen physical cards — just proximity + deception
• Banking customers, payment providers, and card issuers are all at risk
• Google is working on Android protections — but vigilance is key now

Tip: Always scrutinize app installs, verify messages before acting, and keep Google Play Protect enabled.

#CyberSecurity #MobileSecurity #Malware #NFC #FinancialFraud #ThreatIntel #security #privacy #cloud #infosec

https://thehackernews.com/2025/04/supercard-x-android-malware-enables.html

A new Android malware campaign is using NFC relay attacks to clone credit cards — and it’s nearly invisible to antivirus tools.

Security researchers have discovered 'SuperCard X', a malware-as-a-service (MaaS) platform that allows cybercriminals to steal card data and make contactless payments using compromised Android devices.

Key highlights from the report:
- Distributed via social engineering scams through fake SMS or WhatsApp messages
- Victims are tricked into installing a malicious app disguised as a bank “verification” tool
- Once installed, it uses NFC to read card chip data and sends it to a second attacker device
- Attackers use a companion app to emulate the victim’s card and make payments or ATM withdrawals

What makes it dangerous:
- SuperCard X requests minimal permissions, making it hard to detect
- It uses ATR-based card emulation and mutual TLS (mTLS) for secure communication
- Malware is not flagged by any antivirus engines on VirusTotal
- Transactions are small, instant, and look legitimate to banks — making them harder to detect or reverse

Google responded saying Play Protect is active and currently no such apps are listed on Google Play. But since these apps spread outside the store, Android users remain at risk — especially if they sideload apps or fall for impersonation scams.

This is a textbook example of how mobile payment infrastructure is being exploited — and why NFC security deserves more attention in mobile-first threat models.

At @Efani we’re committed to helping protect high-risk users from silent, evasive mobile threats just like this.

Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks – Source: www.techrepublic.com https://ciso2ciso.com/apple-patches-two-zero-days-used-in-extremely-sophisticated-attacks-source-www-techrepublic-com/ #threatsandvulnerabilities #rssfeedpostgeneratorecho #SecurityonTechRepublic #SecurityTechRepublic #CyberSecurityNews #MobileSecurity #zerodaythreats #Cybersecurity #AppleiPhone #Mobility #Security #Software #Apple #News #ios

Android just got a quiet but powerful security upgrade: automatic reboots after 3 days of device inactivity.

Google has rolled out a new feature via Google Play Services: if an Android device remains locked for 3 consecutive days, it will now automatically reboot.

Why this matters:
Rebooting puts the phone back into the "Before First Unlock" state — where data remains fully encrypted and inaccessible without the passcode. This makes it significantly harder for anyone trying to extract sensitive data using forensic tools like Cellebrite or Magnet.

Apple introduced a similar feature last year, signaling a broader trend: both ecosystems are reinforcing protections against post-unlock data extraction, often used by law enforcement or threat actors.

This feature:

- Reduces exposure time after a phone is seized or stolen
- Restores full disk encryption status automatically
- Adds a layer of passive defense even if users don’t act

At @Efani, we advocate for security that works even when you’re not paying attention. Automatic reboots after periods of inactivity are a subtle but smart move — one that helps prevent surveillance, data harvesting, and unauthorized access.

It’s not just about convenience anymore. It’s about digital self-defense by default.

Mobile apps are a goldmine for hackers, packed with private data & vulnerable to AI-powered attacks. Learn how invisible security gaps are exploited & why built-in security is crucial. https://jpmellojr.blogspot.com/2025/04/access-to-private-data-makes-mobile.html #MobileSecurity #AppSecurity #dataprivacy

Verizon call log exposure was more than a bug—it was a real-time surveillance risk.

A serious flaw in Verizon’s pre-installed Call Filter iOS app allowed unauthorized access to detailed incoming call logs of any Verizon user.

Discovered by ethical hacker Evan Connelly in February and patched in March, the issue:
・Affected millions using the app to block spam and ID unknown numbers
・ Could have exposed call histories of journalists, law enforcement, and public officials
・ Raised massive concerns around privacy and real-time surveillance

Verizon confirmed the fix, but experts stress this as a wake-up call for rigorous mobile app security—especially those preloaded at scale.

https://www.newsweek.com/verizon-expose-customer-call-history-hack-2055247

.NET MAUI for Android Malware? Sounds like serious geek-speak, I know, but this is *really* dangerous. We're talking fake banking apps, stolen data… the whole nine yards.

Here's the deal: Crooks are now leveraging Microsoft's .NET MAUI framework to conceal malicious code. So, the apps *look* totally legit, but they're actually nasty data-snatchers.

As a pentester, I'm urging you: Stay alert! Seriously, only download apps from the official store, steer clear of suspicious links, and double-check those app permissions. Another pro tip? Get an MTD scanner installed!

What are your thoughts, though? Do you think Android's built-in security features are cutting it these days?

Traveling folx: are you doing anything with your devices over borders?

Not asking if you know what can be done, I realize everyone here knows that. What are you actually doing tomorrow before you get on the plane?

https://www.theverge.com/policy/634264/customs-border-protection-search-phone-airport-rights

iPhone-Android: A Major Privacy Upgrade is Coming Soon – Source: www.techrepublic.com https://ciso2ciso.com/iphone-android-a-major-privacy-upgrade-is-coming-soon-source-www-techrepublic-com/ #rssfeedpostgeneratorecho #SecurityonTechRepublic #SecurityTechRepublic #endtoendencryption #CyberSecurityNews #MobileSecurity #Cybersecurity #Encryption #Mobility #Security #Android #Google #iPhone #Apple

Did you know that entering * and # on your phone triggers different actions? This blog post explains MMI, USSD, and SS codes, and how they interact with your device and network. A must-read for understanding mobile communication!
https://berlin.ccc.de/~tobias/mmi-ussd-ss-codes-explained.html #USSD #MMI #MobileSecurity #GSM #UMTS #LTE

1Password now lets you add physical locations to your passwords and items! Now, your passwords appear automatically in the app when you're nearby. Secure, smart, and location-aware! #1Password #Cybersecurity #PasswordManagement #TechInnovation #Privacy #MobileSecurity

#Android abriegeln - onlinepc.ch https://www.onlinepc.ch/mobile/praxis/android-abriegeln-2948927.html #MobileSecurity #Cybersecurity #DataPrivacy #Antivirus #TechTips #AndroidUpdates #MobileTech #SecurityApps #Sophos #Bitdefender #StaySafeOnline #SecureAndroid #TechForGood

In an era where smartphones serve as an extension of your most personal and professional data, including your private thoughts, personal images, and social connections; safeguarding these devices from malware and data theft has become an essential aspect of owning and maintaining your devices. The risk of malicious attacks, data breaches, and unauthorized access has escalated in parallel with the growing reliance on mobile technology.

A first step in securing your device is to ensure your operating system and applications are consistently updated, as these updates often address vulnerabilities exploited by attackers.

Additionally, you should only be installing applications from verified, reputable sources. Both Android and Apple offer their own tested and trusted application repositories. These trusted application repositories minimizes the likelihood of inadvertently introducing malicious code from third part application maintainers. Sideloading should not be a normal occurrence, and only undertaken by developers or those who understand the risks. Applications from untrusted sources could, and probably will, introduce malware into your devices. I can't reiterate enough you should NEVER install applications suggested to you from alternative source such as online financial/crypto platforms or people you've met online unless you do not care if that device becomes compromised or if it eventually leads to financial loss.

This will be the first of a series of posts on mobile device security. In the next few posts I will focus on steps we should all be taking to ensure the security of our mobile devices we rely upon.

I look forward to any questions or comments.

GrapheneOS now has support for fingerprint + PIN to unlock.

So now I have a really strong password to secure the phone, and then the combination of fingerprint + PIN to unlock fast and easy.

I have been waiting for this feature for a while

QR code phishing is on the rise! Watch as we share details on how thieves placed fake QR codes on parking meters, redirecting users to fraudulent payment sites to steal credit card information. You'll learn:

How fake QR codes are being used in phishing scams.
Why QR codes are difficult to identify as malicious just by looking at them.
Tips to stay vigilant and protect your mobile devices from these evolving threats.

Watch now and stay one step ahead of cybercriminals targeting your mobile devices. https://youtu.be/ssYB9nwLXXI