Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads

UltimaSMS leverages at least 151 apps that have been downloaded collectively more than 10 million times, to extort money through a fake premium SMS subscription service. Threat actors are using…

Defending Assets You Don’t Know About Against Cyberattacks

No security defense is perfect, and shadow IT means no company can inventory every single asset that it has. David “moose” Wolpoff, CTO at Randori, discusses strategies for core asset…

Geriatric Microsoft Bug Exploited by APT Using Commodity RATs

Disguised as an IT firm, the APT is hitting targets in Afghanistan & India, exploiting a 20-year-old+ Microsoft Office bug that’s as potent as it is ancient. An APT described…

Verizon’s Visible Wireless Carrier Confirms Credential-Stuffing Attack

Visible says yes, user accounts were hijacked, but it denied a breach. As of today, users are still posting tales of forcibly changed passwords and getting stuck with bills for…

CryptoRom Scam Rakes in $1.4M by Exploiting Apple Enterprise Features

The campaign, which uses the Apple Developer Program and Enterprise Signatures to get past Apple’s app review process, remains active. Pyramid-scheme cryptocurrency scammers are exploiting Apple’s Enterprise Developer Program to…

Apple Releases Urgent iOS Updates to Patch New Zero-Day Bug

The bug is under attack. Within hours of the patch release, a researcher published POC code, calling it a “great” flaw that can be used for jailbreaks and local privilege…

Canopy Parental Control App Wide Open to Unpatched XSS Bugs

The possible cyberattacks include disabling monitoring, location-tracking of children and malicious redirects of parent-console users. Canopy, a parental control app that offers a range of features meant to protect kids…

How to Build an Incident-Response Plan, Before Security Disaster Strikes

Joseph Carson, Chief Security Scientist at ThycoticCentrify, offers a 7-step practical IR checklist for ensuring a swift recovery from a cyberattack. In a startling discovery, a recent report found that…

MFA Glitch Leads to 6K+ Coinbase Customers Getting Robbed

Coinbase suspects phishing led to attackers getting personal details needed to access wallets but also blamed a flaw in its SMS-based 2FA. The accounts of at least 6,000 Coinbase customers…

Flubot Malware Targets Androids With Fake Security Updates

The banking trojan keeps switching up its lies, trying to fool Android users into clicking on a fake Flubot-deleting app or supposedly uploaded photos of recipients. The Flubot banking trojan…