SMS - Security Intelligence

Woman using two-factor authentication on her phone to log in to computer

news

New Reverse Proxy Tool Can Bypass Two-Factor Authentication and Automate Phishing Attacks

A new reverse proxy tool called Modlishka can easily automate phishing attacks and bypass two-factor authentication (2FA) — and it's available for download on GitHub.

January 15, 2019 | By Douglas Bonderud

news

Android Trojan malware infects a mobile device

news

GPlayed Android Trojan Imitates Google Apps to Spy On and Steal Data From Victims

Researchers uncovered an adaptable Android Trojan known as GPlayed that masquerades as Google Apps to spy on and steal information from victims.

October 23, 2018 | By David Bisson

news

A man holds a smartphone: mobile security

news

How a 40-Year-Old Mobile Security Flaw Puts Consumers at Risk

A decades-old mobile security flaw resurfaced in recent weeks after a U.S. senator reported that cybercriminals exploited the Signaling System 7 (SS7) protocol to breach a mobile carrier.

June 27, 2018 | By Grant Gross

news

Hands pushing buttons on a smartphone in front of a computer keyboard.

news

Google Advances Two-Step Verification

Google is changing how it does two-step verification by replacing one-time SMS codes with new features and login protocols.

July 18, 2017 | By Larry Loeb

news

Any good defense against attacks related to SMS authentication starts with strong password guidelines and mobile security practices. Two-factor authentication is still better than the old username/password system, but users should explore options.

article

What’s Wrong With SMS Authentication? Two IBM Experts Weigh In on the NIST Recommendation

IBM experts Dustin Hoff and Ashish Malhotra discussed ways for businesses and end users to mitigate security issues stemming from SMS authentication.

September 7, 2016 | By Laurène Hummer

article

Mobile wallets are supposed to be secure in their own right, but when combined with certain device features they could be exploited by cybercriminals. That was the case with a recent research discovery regarding Venmo and SMS messages.

news

Venmo Wallet Can Be Drained by SMS Use

A security researcher recently discovered how the popular mobile wallet Venmo can be hacked using SMS text messages and certain iOS quirks.

August 5, 2016 | By Larry Loeb

news

Attackers simply repurpose all or part of a phishing email, fire it off to random numbers and see who bites. Typically these messages contain a shortened URL link that directs to an official-looking page asking users to verify banking information.

news

New SMS Phishing Campaigns Spotted: Attackers Bobbing for Apples?

The latest targets of SMS phishing are iOS users. In fact, more than 7,500 users who clicked on a malicious link fell victim to a recent smishing attack.

August 1, 2016 | By Douglas Bonderud

news

Companies recognize the value of SMS two-factor authentication, since passwords alone are no longer enough to secure user accounts and protect businesses in the event of malicious data loss. However, SMS two-factor authentication may not be so secure.

news

SMS Two-Factor Authentication: Time to Trash the Text?

Just like software or network defense, cybercriminals have found ways to circumvent and compromise SMS two-factor authentication.

July 28, 2016 | By Douglas Bonderud

news

Risk detection should identify the openings through which malware attempts to access sensitive data. Financial institutions need to step up their game by examining malware's three-part infection cycle, or they will never see it coming.

article

Is Your Risk Engine Shortsighted? Improve Its Vision With a Holistic View

A firm can face a malware breach if its risk engine does not see every stage of an attack, as one bank recently discovered.

March 19, 2013 | By George Tubin

article

Man-in-the-Browser: Citadel Trojan Targets Airport Employees With VPN Attack

A sophisticated man-in-the-browser (MitB) enterprise attack has been found to target users on virtual private networks at a major international airport.

August 14, 2012 | By Amit Klein

article

Attackers Compromise Admin Account to Infect Manufacturing Company With BitPaymer Ransomware

Spear Phishing Report Card: Perfect Scores in School Security Pen Testing

Google 2FA Approach Turns Android Smartphones Into Security Keys

April Scams May Ruin Plans: Threat Actors Ramp Up for Tax Scam Season

Voices of Security

X-Force Red in Action

A Secure Start

On the Front Line With IBM X-Force IRIS

Challenges and Opportunities to Close the Cybersecurity Gap in the Financial Services Industry

How a Cunning Remote Overlay Malware Met Its Match

The US Is Slow to Adopt EHRs, But That Might Actually Be a Good Thing for Healthcare Security

Challenges and Opportunities to Close the Cybersecurity Gap in the Financial Services Industry

Credential Dumping Campaign Hits Multinational Corporations

Cybercriminals Spoof Major Accounting and Payroll Firms in Tax Season Malware Campaigns

Buffer Overflow Vulnerability in TP-Link Routers Can Allow Remote Attackers to Take Control

Podcast: Muscle Memory and Cyber Fitness Training

Podcast: Zero Trust and the Evolving Role of Identity and Access Management

Podcast: Digital Identity Trust, Part 3 — Powering Digital Growth With Digital Identity Trust

Podcast: Monitoring National Cybersecurity Trends With Former NSA Deputy Director Bill Crowell

Webinar: MacOS Management Made Easy with MaaS360

Webinar: Encryption is the Fastest Way to Protect Data

Webinar: Under the Radar: Live Webinar and Demo

Webinar: Facilitating Secure Hybrid Cloud Adoption with Guardium

Tag: SMS

New Reverse Proxy Tool Can Bypass Two-Factor Authentication and Automate Phishing Attacks

GPlayed Android Trojan Imitates Google Apps to Spy On and Steal Data From Victims

How a 40-Year-Old Mobile Security Flaw Puts Consumers at Risk

Google Advances Two-Step Verification

What’s Wrong With SMS Authentication? Two IBM Experts Weigh In on the NIST Recommendation

Venmo Wallet Can Be Drained by SMS Use

New SMS Phishing Campaigns Spotted: Attackers Bobbing for Apples?

SMS Two-Factor Authentication: Time to Trash the Text?

Is Your Risk Engine Shortsighted? Improve Its Vision With a Holistic View

Man-in-the-Browser: Citadel Trojan Targets Airport Employees With VPN Attack