#Mobile Security

TA505 – cybercrime trailblazers with ever-evolving TTPs – have returned to mass-volume email attacks, flashing retooled malware and exotic scripting languages.

Chris Hass, director of information security and research at Automox, discusses how to assign security responsibility, punishment for poor cyber-hygiene and IDing 'security champions' to help small businesses.

Visible says yes, user accounts were hijacked, but it denied a breach. As of today, users are still posting tales of forcibly changed passwords and getting stuck with bills for pricey new iPhones.

The campaign, which uses the Apple Developer Program and Enterprise Signatures to get past Apple's app review process, remains active.

The bug is under attack. Within hours of the patch release, a researcher published POC code, calling it a "great" flaw that can be used for jailbreaks and local privilege escalation.

The possible cyberattacks include disabling monitoring, location-tracking of children and malicious redirects of parent-console users.

Joseph Carson, Chief Security Scientist at ThycoticCentrify, offers a 7-step practical IR checklist for ensuring a swift recovery from a cyberattack.

Coinbase suspects phishing led to attackers getting personal details needed to access wallets but also blamed a flaw in its SMS-based 2FA.

The banking trojan keeps switching up its lies, trying to fool Android users into clicking on a fake Flubot-deleting app or supposedly uploaded photos of recipients.

Researchers have demonstrated that someone could use a stolen, locked iPhone to pay for thousands of dollars of goods or services, no authentication needed.