UltimaSMS leverages at least 151 apps that have been downloaded collectively more than 10 million times, to extort money through a fake premium SMS subscription service. [...]

No security defense is perfect, and shadow IT means no company can inventory every single asset that it has. David “moose” Wolpoff, CTO at Randori, discusses strategies for core asset protection given this reality. [...]

Disguised as an IT firm, the APT is hitting targets in Afghanistan & India, exploiting a 20-year-old+ Microsoft Office bug that's as potent as it is ancient. [...]

Visible says yes, user accounts were hijacked, but it denied a breach. As of today, users are still posting tales of forcibly changed passwords and getting stuck with bills for pricey new iPhones. [...]

The campaign, which uses the Apple Developer Program and Enterprise Signatures to get past Apple's app review process, remains active. [...]

The bug is under attack. Within hours of the patch release, a researcher published POC code, calling it a "great" flaw that can be used for jailbreaks and local privilege escalation. [...]

The possible cyberattacks include disabling monitoring, location-tracking of children and malicious redirects of parent-console users. [...]

Joseph Carson, Chief Security Scientist at ThycoticCentrify, offers a 7-step practical IR checklist for ensuring a swift recovery from a cyberattack. [...]

Coinbase suspects phishing led to attackers getting personal details needed to access wallets but also blamed a flaw in its SMS-based 2FA. [...]

The banking trojan keeps switching up its lies, trying to fool Android users into clicking on a fake Flubot-deleting app or supposedly uploaded photos of recipients. [...]

Researchers have demonstrated that someone could use a stolen, locked iPhone to pay for thousands of dollars of goods or services, no authentication needed. [...]

Certificate misconfigurations of the EAP protocol in Eduroam (and likely other networks globally) threaten Android and Windows users. [...]

The mobile malware has fleeced hundreds of millions of dollars from victims globally, using sophisticated techniques. [...]

Income level, education and being part of a disadvantaged population all contribute to cybercrime outcomes, a survey suggests. [...]

The mobile baddie grants itself access to almost everything, enabling spying, data-harvesting, stalking and fraud attacks, among others. [...]

One of the bugs, which affects macOS as well as older versions of iPhones, could allow an attacker to execute arbitrary code with kernel privileges. [...]

Digital privacy rights defenders contend that geofencing warrants grab data on everyone near a crime, without cause. [...]

With the help of malicious insiders, a fraudster was able to install malware and remotely divorce iPhones and other handsets from the carrier's U.S. network -- all the way from Pakistan. [...]

Citizen Lab urges Apple users to update immediately. The new zero-click zero-day ForcedEntry flaw affects all things Apple: iPhones, iPads, Macs and Watches. [...]

WhatsApp’s moderators sent messages flagged by intended recipients. Researchers say this isn't concerning -- yet. [...]

The malware appeared in August with an ambitious roadmap (think ransomware, DDoS) that could make it 'the most feature-rich Android malware on the market.' [...]

John Hammond, security researcher with Huntress, discusses how financially motivated cybercrooks use and abuse cryptocurrency. [...]

Pro-Kurd Facebook profiles deliver '888 RAT' and 'SpyNote' trojans, masked as legitimate apps, to perform mobile espionage. [...]

Australian immunization app bug lets attackers fake vaccine status. [...]

Verizon DBIR is already funny, useful & well-written, and it just got better with mapping to MITRE ATT&CK TTPs. The marriage could finally bring answers to "What are we doing right?" instead of the constant reminders of what's not working in fending off threats. [...]