top of page
man holding laptop in office

IT / OT Security News

Headlines: 2022

December 28, 2022

EarSpy: Spying on Phone Calls via Ear Speaker Vibrations Captured by Accelerometer

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for eavesdropping on a targeted user’s conversations, according to a team of researchers from several universities in the United States.

December 23, 2022

China’s ByteDance Admits Using TikTok Data to Track Journalists

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source of leaks to the media, the company admitted Friday.

December 19, 2022

Cybercrime (and Security) Predictions for 2023

Threat actors continue to adapt to the latest technologies, practices, and even data privacy laws—and it's up to organizations to stay one step ahead by implementing strong cybersecurity measures and programs.

December 14, 2022

New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products

Apple on Tuesday rolled out security updates to iOS, iPadOS, macOS, tvOS, and Safari web browser to address a new zero-day vulnerability that could result in the execution of malicious code.

December 14, 2022

Spyware and surveillance-for-hire industry ‘growing globally’: report

The spyware and surveillance-for-hire industry is “indiscriminately” targeting journalists, activists and political opposition, and growing on a global scale, the social media company Meta warned.

December 4, 2022

Android malware apps with 2 million installs spotted on Google Play

A new set of Android malware, phishing, and adware apps have infiltrated the Google Play store, tricking over two million people into installing them.

December 1, 2022

‘Schoolyard Bully’ Android Trojan Targeted Facebook Credentials of 300,000 Users

Mobile security firm Zimperium is warning of an Android trojan that may have stolen Facebook credentials from a large number of users.

November 30, 2022

Hundreds of scam predatory loan platforms found on Google and Apple app stores

Hundreds of predatory loan apps targeting people across Africa, Asia and Latin America have been available on Google Play and Apple App Store, garnering over 15 million collective downloads.

November 28, 2022

Malicious Android app found powering account creation service

​A fake Android SMS application, with 100,000 downloads on the Google Play store, has been discovered to secretly act as an SMS relay for an account creation service for sites like Microsoft, Google, Instagram, Telegram, and Facebook.

November 25, 2022

Experts investigate WhatsApp data leak: 500M user records for sale

On November 16, an actor posted an ad on a well-known hacking community forum, claiming they were selling a 2022 database of 487 million WhatsApp user mobile numbers.

November 24, 2022

Hackers modify popular OpenVPN Android app to include spyware

A threat actor associated with cyberespionage operations since at least 2017 has been luring victims with fake VPN software for Android that is a trojanized version of legitimate software SoftVPN and OpenVPN.

November 21, 2022

A Leak Details Apple's Dirt on a Trusted Security Startup

Corellium, a cybersecurity startup that sells phone-virtualization software for catching security bugs, offered or sold its tools to controversial government spyware and hacking-tool makers in Israel, the United Arab Emirates, and Russia, and to a cybersecurity firm with potential ties to the Chinese government, according to a leaked document reviewed by WIRED that contains internal company communications.

November 17, 2022

The Accidental $70k Android Hack

November 9, 2022

Google Reveals Spyware Vendor’s Use of Samsung Phone Zero-Day Exploits

Google Project Zero has disclosed the details of three Samsung phone vulnerabilities that have been exploited by a spyware vendor since when they still had a zero-day status.

November 4, 2022

BYOD policies increase the attack surface but firms can manage the risk

As hybrid- and remote-working arrangements continue to be enforced, many enterprises have adopted Bring Your Own Device (BYOD) policies that have led to a mixing of corporate and personal data on a single device.

November 1, 2022

Malicious Android apps with 1M+ installs found on Google Play

A set of four malicious applications currently available in Google Play, the official store for the Android system, are directing users sites that steal sensitive information or generate ‘pay-per-click’ revenue for the operators.

November 1, 2022

New SandStrike spyware infects Android devices via malicious VPN app

Threat actors are using newly discovered spyware known as SandStrike and delivered via a malicious VPN application to target Android users.

October 20, 2022

Hacking group updates Furball Android spyware to evade detection

A new version of the 'FurBall' Android spyware has been found targeting Iranian citizens in mobile surveillance campaigns conducted by the Domestic Kitten hacking group, also known as APT-C-50.

October 14, 2022

Everyone going to the World Cup must have this app - experts are now sounding the alarm

Security experts believe Qatar's required mobile app will be like giving the World Cup country's authorities the key to your house.

October 7, 2022

Zoom for macOS Contains High-Risk Security Flaw

Video messaging technology powerhouse Zoom has rolled out a high-priority patch for macOS users alongside a warning that hackers could abuse the software flaw to connect to and control Zoom Apps.

October 7, 2022

Meta Warns of Password Stealing Phone Apps

Meta warned a million Facebook users Friday that they have been “exposed” to seemingly innocuous smartphone applications designed to steal passwords to the social network.

October 5, 2022

Iranian Hackers Target Enterprise Android Users With New RatMilad Spyware

Zimperium is warning of an Iranian hacking group using a new piece of Android spyware in a broad campaign that has also targeted enterprise users.

October 2, 2022

Mexican journalists targeted by zero-click spyware infections

Mexican journalists and a human rights defender investigating links between extrajudicial killings, drugs cartels, and the Mexican military, were infected with NSO Group’s spyware after being hacked through zero-click attacks, a new investigation has alleged.

September 27, 2022

Google, Apple Remove ‘Scylla’ Mobile Ad Fraud Apps After 13 Million Downloads

Cybersecurity firm Human has discovered and disrupted a mobile ad fraud campaign involving 89 mobile applications with a total download count of 13 million.

September 22, 2022

7-year Android malware campaign targeted Uyghurs: report

The Uyghur community was targeted with an Android-based malware campaign for over seven years, according to researchers with cybersecurity firm Check Point.

September 22, 2022

Russia-Based Hackers FIN11 Impersonate Zoom to Conduct Phishing Campaigns

The threat actors known as FIN11 (and Clop) may have impersonated web download pages of the Zoom Application to conduct phishing campaigns against targets worldwide.

September 13, 2022

Fears grow of Russian spies turning to industrial espionage

Russia acknowledged this week that parts of its technology industry are dependent on foreign knowledge and lagging competitors by more than a decade, raising concerns that the country’s cyber spies will be used for industrial espionage.

September 12, 2022

Google Patches Critical Vulnerabilities in Pixel Phones

Google’s September 2022 security update for Pixel devices addresses two critical vulnerabilities. A total of 46 other security flaws were resolved in the Android platform this month.

September 7, 2022

Iranian hackers spy on journalists and government officials, researchers warn

Cybersecurity researchers have uncovered another Iranian state-sponsored hacking group that has been targeting government officials, journalists, academics, and opposition leaders around the world for at least seven years.

September 1, 2022

iOS 12 Update for Older iPhones Patches Exploited Vulnerability

Apple on Wednesday started shipping patches for older iPhone and iPad devices to address a recent, actively exploited vulnerability.

Tracked as CVE-2022-32893, the vulnerability impacts WebKit and it can be exploited to achieve arbitrary code execution when the user visits a malicious website.

August 25, 2022

Leaked Docs Show Spyware Firm Offering iOS, Android Hacking Services for $8 Million

Leaked documents appear to show a little-known spyware company offering services that include Android and iOS device exploits for €8 million (roughly $8 million).

August 25, 2022

FCC launches investigation into mobile carriers’ geolocation data practices

The Federal Communication Commission on Thursday shared responses from mobile carriers to a probe of how they handle geolocation data and announced a new investigation into carrier compliance with agency rules about disclosing how such data is stored and shared.

August 19, 2022

Full access: Apple warns of security flaw for iPhones, iPads and Macs

Apple has fixed a series of serious security vulnerabilities affecting iPhones and iPads and Macs, which it said may have been actively in use to take complete control of victim’s devices.

August 17, 2022

iOS VPNs have leaked traffic for years, researcher claims [Updated]

VPNs on Apple mobile devices reportedly keep connections open and expose data.

August 16, 2022

Signal Discloses Impact From Twilio Hack

Secure communications services provider Signal on Monday disclosed impact from the recent Twilio hack, after threat actors attempted to re-register the phone numbers of some of its users to new devices.

August 12, 2022

Chinese hackers backdoor chat app with new Linux, macOS malware

Versions of a cross-platform instant messenger application focused on the Chinese market known as 'MiMi' have been trojanized to deliver a new backdoor (dubbed rshell) that can be used to steal data from Linux and macOS systems.

August 5, 2022

Facebook finds new Android malware used by APT hackers

Meta (Facebook) has released its Q2 2022 adversarial threat report, and among the highlights is the discovery of two cyber-espionage clusters connected to hacker groups known as 'Bitter APT' and APT36 (aka 'Transparent Tribe') using new Android malware.

July 29, 2022

Cybersecurity researcher publishes a list of 30 malicious Android apps available in Google Play Store

Cybersecurity researcher and anti-malware firm Dr.Web recently warned Android users about a list of 30 Android apps with malicious trojans that are currently still available in the Google Play Store.

July 29, 2022

Over a Dozen Android Apps on Google Play Store Caught Dropping Banking Malware

A malicious campaign leveraged seemingly innocuous Android dropper apps on the Google Play Store to compromise users' devices with banking malware.

July 27, 2022

These 28+ Android Apps with 10 Million Downloads from the Play Store Contain Malware

As many as 30 malicious Android apps with cumulative downloads of nearly 10 million have been found on the Google Play Store distributing adware.

July 19, 2022

Russian hackers use fake DDoS app to infect pro-Ukrainian activists

Google's Threat Analysis Group (TAG), whose primary goal is to defend Google users from state-sponsored attacks, said today that Russian-backed threat groups are still focusing their attacks on Ukrainian organizations.

July 17, 2022

Pegasus Spyware Used against Thailand’s Pro-Democracy Movement

We discovered an extensive espionage campaign targeting Thai pro-democracy protesters, and activists calling for reforms to the monarchy.

July 13, 2022

New Android malware on Google Play installed 3 million times

A new Android malware family on the Google Play Store that secretly subscribes users to premium services was downloaded over 3,000,000 times.

July 12, 2022

TikTok admits Australian data can be accessed in China, prompting warnings app may be compromised

The federal Treasurer says he is concerned that social media platform TikTok's China-based employees are able to access Australian user data.

June 29, 2022

Amazon Confirmed and Fixed a High Severity Vulnerability of Broken Authentication in Amazon Photos Android App

Our research team at Checkmarx found that the Amazon Photos Android app could have allowed a malicious application, installed on the user’s phone, to steal their Amazon access token. The Android app has over 50 million downloads.

June 26, 2022

Rethinking organizational cybersecurity strategy for corporations

“The fact that commercial companies have experienced such attacks casts doubt on the assumption that they don’t need to include nation state level attacks as one of the threats to be addressed,” writes Dr. Yaniv Harel, CSO at the Blavantnik Interdisciplinary Cyber Research Center

June 23, 2022

Spyware vendor works with ISPs to infect iOS and Android users

Google's Threat Analysis Group (TAG) revealed today that RCS Labs, an Italian spyware vendor, has received help from some Internet service providers (ISPs) to infect Android and iOS users in Italy and Kazakhstan with commercial surveillance tools.

June 22, 2022

Microsoft: Russian Cyber Spying Targets 42 Ukraine Allies

Coinciding with unrelenting cyberattacks against Ukraine, state-backed Russian hackers have engaged in “strategic espionage” against governments, think tanks, businesses and aid groups in 42 countries supporting Kyiv, Microsoft said in a report Wednesday.

June 16, 2022

Lookout Uncovers Hermit Spyware Deployed in Kazakhstan


Lookout researchers have uncovered enterprise-grade Android surveillanceware used by the government of Kazakhstan within its borders. While we’ve been following this threat for a while using Lookout Endpoint Detection and Response (EDR) these latest samples were detected in April 2022, four months after nation-wide protests against government policies were violently suppressed.

June 16, 2022

‘MaliBot’ Android Malware Steals Financial, Personal Information

Researchers at F5 Labs have nabbed a new Android malware family capable of exfiltrating financial and personal information after taking control of infected devices.

June 14, 2022

Android malware on the Google Play Store gets 2 million downloads

Cybersecurity researchers have discovered adware and information-stealing malware on the Google Play Store last month, with at least five still available and having amassed over two million downloads.

June 13, 2022

GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool

Unit 42 recently identified a new, difficult-to-detect remote access trojan named PingPull being used by GALLIUM, an advanced persistent threat (APT) group

June 12, 2022

How SeaFlower 藏海花 installs backdoors in iOS/Android web3 wallets to steal your seed phrase

During the course of our work at Confiant, we see malicious activity on a daily basis. What matters the most for us is the ability to:

June 11, 2022

WiFi probing exposes smartphone users to tracking, info leaks

Researchers at the University of Hamburg in Germany have conducted a field experiment capturing hundreds of thousands of passersby's WiFi connection probe requests to determine the type of data transmitted without the device owners realizing it.

June 7, 2022

Hacking a powered-off iPhone: vulnerabilities never sleep

Can a device be hacked when switched off? Recent studies suggest so. Let’s see how this is even possible.

June 2, 2022

Vulnerability within the UNISOC baseband opens mobile phones communications to remote hacker attacks

Do you remember push-button telephones? Many of them were based on chips from Spreadtrum Communications Inc., a Chinese chip manufacturer founded in 2001. In 2011, over half of all phones in China were powered by Spreadtrum chips.

May 28, 2022

Microsoft Finds Critical Bugs in Pre-Installed Apps on Millions of Android Devices

Four high severity vulnerabilities have been disclosed in a framework used by pre-installed Android System apps with millions of downloads.

May 27, 2022

Android apps with millions of downloads exposed to high-severity vulnerabilities

Microsoft uncovered high-severity vulnerabilities in a mobile framework owned by mce Systems and used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote (albeit complex) or local attacks. The vulnerabilities, which affected apps with millions of downloads, have been fixed by all involved parties.

May 26, 2022

‘Dystopian’: Govt-endorsed education apps surveilling Australian children

A number of education apps and websites endorsed by Australian governments and used throughout the pandemic have been surveilling and tracking children and sending their data to advertisers, according to a report by Human Rights Watch.

May 25, 2022

Spain’s PM vows to reform intelligence services following phone hacking scandal

Spanish prime minister Pedro Sánchez pledged to further regulate and oversee the country’s spy agencies on Thursday following the discovery of unauthorized spyware on the phones of top politicians earlier this year.

May 24, 2022

New FluBot Campaign Sweeps through Europe Targeting Android and iOS Users Alike

FluBot operators are targeting European countries with a renewed smishing campaign, leaping from one country to another in an intense push to sneak data-stealing malware onto people’s phones.

May 22, 2022

Google: Predator spyware infected Android devices using zero-days

Google's Threat Analysis Group (TAG) says that state-backed threat actors used five zero-day vulnerabilities to install Predator spyware developed by commercial surveillance developer Cytrox.

May 17, 2022

Over 200 Apps on Play Store Caught Spying on Android Users Using Facestealer

More than 200 Android apps masquerading as fitness, photo editing, and puzzle apps have been observed distributing spyware called Facestealer to siphon user credentials and other valuable information.

May 16, 2022

Hackers Can Abuse Low-Power Mode to Run Malware on Powered-Off iPhones

Researchers from a university in Germany have analyzed the low-power mode (LPM) implementation on iPhones and found that it introduces potentially serious security risks, even allowing attackers to run malware on powered-off devices.

May 12, 2022

Russia Pushes Law to Force Taxi Apps to Share Data With Spy Agency

The Russian authorities have been ramping up restrictions on public freedoms since the start of Moscow’s offensive in Ukraine on February 24.

May 11, 2022

Biden extends US telecom supply chain order aimed at Huawei, ZTE

President Joe Biden on Thursday extended for another year a Trump-era executive order that declared a national emergency and prohibited U.S. companies from using telecommunications equipment produced by firms posing a national security risk.

May 6, 2022

Meet the Trojan subscribers hungry to sign you up

We explain how Android users fall victim to Trojan subscribers Jocker, MobOk, Vesub and GriftHorse.

May 3, 2022

Dirty Pipe: What you need to know about the major exploit affecting Pixel 6 and Galaxy S22 devices [Updated]

The security world has been abuzz about a new Linux exploit called “Dirty Pipe,” which also affects Android 12 devices like Galaxy S22 and Pixel 6. Here’s everything you need to know about “Dirty Pipe,” which devices it affects, and how best to avoid it.

May 2, 2022

Spanish prime minister’s phone ‘targeted with Pegasus spyware’

Minister for presidency says ‘illicit’ targeting will be investigated by Spain’s highest criminal court

April 28, 2022

1.2 Million Bad Apps Blocked From Reaching Google Play in 2021

Google claims that it prevented 1.2 million bad applications from reaching Google Play in 2021, but cybercriminals are still finding ways to deliver malware through the official Android app store.

April 28, 2022

Is your mic really muted?

We cite an interesting study on how the mute button actually works in teleconferencing services, and discuss privacy in the web conferencing era.

April 21, 2022

Cisco Patches Virtual Conference Software Vulnerability Reported by NSA

Cisco on Wednesday announced the release of patches for several high-severity vulnerabilities in its products, including a bug reported by the National Security Agency (NSA).

April 21, 2022

Largest Mobile Chipset Manufacturers used Vulnerable Audio Decoder, 2/3 of Android users’ Privacy around the World were at Risk

The Apple Lossless Audio Codec (ALAC), also known as Apple Lossless, is an audio coding format, developed by Apple Inc. and first introduced in 2004 for lossless data compression of digital music.

April 19, 2022

The smarter mobile devices get, the greater the cyber risks they pose

That is why organizations need to beef up basic mobile device management with real-time threat intelligence and frictionless all-round user protection.

April 15, 2022

'Mute' button in conferencing apps may not actually mute your mic

A new study shows that pressing the mute button on popular video conferencing apps (VCA) may not actually work like you think it should, with apps still listening in on your microphone.

April 7, 2022

Google crackdown kicks a bunch of data-stealing malware off the Play Store

Malicious software, AKA malware, is a huge problem for anyone who ends up saddled with it. It's not just the bad guys who are hiding software that can harm us, though.

April 1, 2022

Newly found Android malware records audio, tracks your location

A previously unknown Android malware uses the same shared-hosting infrastructure previously seen used by the Russian APT group known as Turla, though attribution to the hacking group not possible.

March 25, 2022

Mobile threats: who targeted smartphones in 2021

In 2021 there were fewer attacks on smartphones and tablets than in 2020. But that’s no reason to relax, and here’s why.

March 22, 2022

Google was quietly collecting your Messages and Phone app data

In what could be yet another case of data privacy violation, Google's Messages and Phone apps were found to be secretly sending your text messages and call logs to its servers.

March 21, 2022

Android password-stealing malware infects 100,000 Google Play users

A malicious Android app that steals Facebook credentials has been installed over 100,000 times via the Google Play Store, with the app still available to download.

March 20, 2022

British soldiers are ordered off WhatsApp amid fears that sensitive military details could be accessed by Russian hackers

The British Army has banned WhatsApp over fears Russia is hacking the platform to acquire operationally sensitive information.

March 16, 2022

Hackers Break Into Phone of Mossad Head’s Wife in Apparent Iranian ‘Revenge’

As far as is known, Mossad chief David Barnea's phone and personal devices, which are encrypted and secured, were not hacked

March 14, 2022

The story of mobile phishing through statistics

Mobile phishing is a significant threat, and there are many statistics that back this up. Find out what these numbers mean and how they should affect mobile security strategy.

March 9, 2022

Smartphone malware is on the rise, here's what to watch out for

Cybersecurity researchers warn of a 500% surge in mobile cyberattacks as hackers try to steal passwords, bank details and even take full control of smartphones.

March 5, 2022

SharkBot malware hides as Android antivirus in Google Play

SharkBot banking malware has infiltrated the Google Play Store, the official Android app repository, posing as an antivirus with system cleaning capabilities.

February 23, 2022

Samsung shipped '100 million' phones with flawed encryption

Academics at Tel Aviv University in Israel have found that recent Android-based Samsung phones shipped with design flaws that allow the extraction of secret cryptographic keys.

February 22, 2022

Mobile authentication is no longer as secure as you think

Despite the ever-increasing volume of cyberattacks, many organizations are still using legacy authentication methods, such as passwords or mobile-based authenticators, to secure access to sensitive applications and data.

February 21, 2022

Mobile malware evolution 2021

In 2021, we observed a downward trend in the number of attacks on mobile users. But it is too early to celebrate: attacks are becoming more sophisticated in terms of both malware functionality and vectors.

February 19, 2022

Police following up with Sylvia Lim on phone hacking allegations, advise her to file report

SINGAPORE: Home Affairs Minister K Shanmugam has asked the police to follow up with Member of Parliament Sylvia Lim (WP-Aljunied) regarding her claim that she had received a threat warning from Apple stating that her iPhone could be the subject of hacking by state-sponsored attackers, the Singapore Police Force (SPF) said on Saturday (Feb 19).

February 15, 2022

FBI sees increase in use of virtual meeting platforms for BEC scams

The US Federal Bureau of Investigation said today that it had seen an increase in the use of virtual meeting platforms as a way to trick organizations into sending payments to the wrong accounts as part of a type of attack known as BEC scams.

February 15, 2022

Mexican Businessman Admits to Brokering Spyware Used to Monitor Political and Business Rivals

SAN DIEGO – Mexican businessman Carlos Guerrero pleaded guilty in federal court today, admitting that he conspired to sell and use hacking tools manufactured by private companies in Italy, Israel and elsewhere.

February 11, 2022

Update iOS, there is a dangerous vulnerability in WebKit

Dangerous vulnerability in WebKit (CVE-2022-22620) is believed to be actively exploited by hackers. Update your iOS devices as soon as possible!

February 8, 2022

Android’s February 2022 Security Updates Patch 36 Vulnerabilities

Google on Monday announced that the Android security updates for February 2022 patch a total of 36 vulnerabilities.

February 8, 2022

Protecting mobile devices from text-based phishing

Phishing emails often get IT teams' attention, but text-based phishing is a growing threat. Organizations must understand the risks of mobile phishing and how to prevent it.

February 7, 2022

No one was immune: Israel Police Pegasus surveillance list revealed

CEOs of government ministries, journalists, tycoons, corporate executives, mayors, social activists, and even the Prime Minister’s relatives, all were police targets, having their phones hacked by NSO’s spyware, prior to any investigation even opening and without any judicial authorization

February 7, 2022

FBI: "You Should Use A Burner Phone"

February 1, 2022

Israeli Police: Possible Improper Surveillance by Our Own

Israel’s national police force on Tuesday said it had found evidence pointing to improper use of sophisticated spyware by its own investigators to snoop on Israeli citizens’ phones.

January 20, 2022

Zoom security issues: What's gone wrong and what's been fixed

Do you use Zoom? Sure you do. When the pandemic hit North America and Europe in March 2020, seemingly everyone who had to start working, going to school or even socializing from home started using the videoconferencing service.

bottom of page