dice.camp is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Mastodon server for RPG folks to hang out and talk. Not owned by a billionaire.

Administered by:

Server stats:

1.5K
active users

#mobilesecurity

1 post1 participant0 posts today
Pen Test Partners<p>Most Android apps don’t expose much through services. But system apps? That’s where things get interesting...</p><p>This blog post by David Lodge explains how Android services work and looks into the security risks of AIDL (Android Interface Definition Language) services.</p><p>They’re often used by OEMs to expose system-level functionality, sometimes without proper permission checks. That makes them a worthwhile attack surface if you’re testing vendor builds or reviewing apps with elevated privileges.</p><p>📌Learn more here: <a href="https://www.pentestpartners.com/security-blog/android-services-101/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">pentestpartners.com/security-b</span><span class="invisible">log/android-services-101/</span></a></p><p><a href="https://infosec.exchange/tags/AndroidSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AndroidSecurity</span></a> <a href="https://infosec.exchange/tags/MobileSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileSecurity</span></a> <a href="https://infosec.exchange/tags/AIDL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AIDL</span></a> <a href="https://infosec.exchange/tags/PenTesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PenTesting</span></a> <a href="https://infosec.exchange/tags/ReverseEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ReverseEngineering</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a></p>
TechnoTenshi :verified_trans: :Fire_Lesbian:<p>Security Explorations reveals critical flaws in Kigen's GSMA-certified eSIMs, enabling profile theft, app injection, and user impersonation. The exploit leverages 2019 Java Card bugs, undermining trust in eUICC isolation and GSMA certification. Mitigation and disclosure coordination followed.</p><p><a href="https://security-explorations.com/esim-security.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">security-explorations.com/esim</span><span class="invisible">-security.html</span></a></p><p><a href="https://infosec.exchange/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIM</span></a> <a href="https://infosec.exchange/tags/MobileSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileSecurity</span></a> <a href="https://infosec.exchange/tags/JavaCard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JavaCard</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a></p>
Alexandre Dulaunoy<p>In a result of its research investigation efforts, Security Explorations, a research lab of AG Security Research company, conducted security analysis of eSIM technology.</p><p><a href="https://infosec.exchange/tags/esim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>esim</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/mobilesecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mobilesecurity</span></a> <a href="https://infosec.exchange/tags/mobile" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mobile</span></a> </p><p>🔗 <a href="https://security-explorations.com/esim-security.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">security-explorations.com/esim</span><span class="invisible">-security.html</span></a></p>
BSides Boulder<p>Two days until <a href="https://infosec.exchange/tags/BSidesBoulder25" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSidesBoulder25</span></a> and only 15 tickets remain! Today we highlight, two <a href="https://infosec.exchange/tags/BSidesBoulder25" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSidesBoulder25</span></a> talks: Andrew Brandt's "Smashing Smishing by Quashing Quishing" and Eric Harashevsky's "Firmware Readout Bypass in STM92 (Don't put this in an alarm control panel). </p><p>Andrew's talk will examine QR-based phishing attacks, how attackers are exploiting QR codes and SMS to steal credentials and MFA tokens, and how a cross-industry collaboration between mobile vendors, telcos, and the infosec community could finally slam the door on mobile phishing. Think SafeBrowsing, but for QR scans! And we promise that our BSidesBoulder event QR codes will not redirect you to an Andrew-controlled C2 server. </p><p>Eric's talk will explore his adventure tinkering with an old STM92's firmware - the talk will explore his findings, reverse engineering the legacy microcontroller, bypassing firmware protections, and what that means for devices still hanging on your wall! Expect a live demo that is sure to excite your future hardware hacking journey. </p><p><a href="https://infosec.exchange/tags/BSides" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSides</span></a> <a href="https://infosec.exchange/tags/BSidesBoulder" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSidesBoulder</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/Quishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Quishing</span></a> <a href="https://infosec.exchange/tags/Smishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Smishing</span></a> <a href="https://infosec.exchange/tags/MobileSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileSecurity</span></a> <a href="https://infosec.exchange/tags/PhishingDefense" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhishingDefense</span></a> <a href="https://infosec.exchange/tags/HardwareHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HardwareHacking</span></a> <a href="https://infosec.exchange/tags/FirmwareSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FirmwareSecurity</span></a></p><p>Check out our full schedule at <a href="https://bsidesboulder.org/schedule/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">bsidesboulder.org/schedule/</span><span class="invisible"></span></a></p><p>Tickets are available for purchase for our 13 June event here: <a href="https://www.eventbrite.com/e/bsides-boulder-2025-registration-1290129274389" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">eventbrite.com/e/bsides-boulde</span><span class="invisible">r-2025-registration-1290129274389</span></a></p>
Brian Greenberg :verified:<p>Google is set to release Android 16 with a significant new security feature: Advanced Protection Mode. 🛡️ This one-click setting provides a robust layer of defense for users facing heightened risks of targeted attacks, such as journalists and elected officials.</p><p>💡 Key Protections Include:<br>👉 Network Security: Disables connections to vulnerable 2G networks and prevents automatic connection to insecure Wi-Fi.<br>🧠 Memory Protection: Implements the Memory Tagging Extension to guard against memory-corruption exploits.<br>🕵️‍♂️ Intrusion Detection: Features intrusion logging to help identify attempted or successful hacks.<br>⏳ Enhanced Lockdown: Automatically locks after extended offline periods and powers down when locked for prolonged times.</p><p>This initiative reflects a proactive approach to combating sophisticated threats and providing enhanced security for those most vulnerable. <br><a href="https://infosec.exchange/tags/Android16" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Android16</span></a> <a href="https://infosec.exchange/tags/MobileSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileSecurity</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/PrivacyFirst" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PrivacyFirst</span></a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Technology</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> <a href="https://infosec.exchange/tags/cloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cloud</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <br><a href="https://arstechnica.com/security/2025/05/google-introduces-advanced-protection-mode-for-its-most-at-risk-android-users/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2025/</span><span class="invisible">05/google-introduces-advanced-protection-mode-for-its-most-at-risk-android-users/</span></a></p>
Pawan Jaiswal<p>He Thought the App Was Safe… Until This Happened.</p><p>He downloaded the app. It looked polished. Smooth UI. Secure login. But under the hood… </p><p>As a pentester, I decided to take a peek.</p><p>So far, so good… right? Wrong.</p><p>I fired up my tools:</p><p>MobSF for static analysis<br>Burp Suite for traffic interception<br>Frida to hook runtime behavior</p><p>What I found shocked me.</p><p>Check the comments for the link to the full guide....</p><p><a href="https://cyberplace.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://cyberplace.social/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentesting</span></a> <a href="https://cyberplace.social/tags/MobileSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileSecurity</span></a> <a href="https://cyberplace.social/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BugBounty</span></a> <a href="https://cyberplace.social/tags/EthicalHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EthicalHacking</span></a></p>
Efani<p>$38,000… GONE while he was sleeping.</p><p>That’s how fast SIM-swapping can destroy your financial life.</p><p>In just 3 hours, a hacker took over Justin Chan’s phone number, intercepted his two-factor codes, and emptied his bank and trading accounts. No alarms. No notifications. Just silent access and drained funds.</p><p>It didn’t happen because he was careless.<br>It happened because the attacker exploited a broken system:</p><p>- His mobile carrier transferred his number to a new device without proper checks<br>- His 2FA codes were sent to that new device<br>- His bank and investment apps trusted that number</p><p>This is the $38,000 mistake most people never see coming. Because by the time you realize something is wrong — it’s already too late.</p><p>The worst part? Getting the money back was harder than the hack itself.<br>It took media pressure, endless follow-ups, and months of stress just to get refunded.</p><p>Mobile numbers are the new master key — and most people are handing them out unlocked.</p><p>If your 2FA is tied to your phone number, it's time to change that.<br>If your carrier doesn’t lock down your SIM by default, it’s time to upgrade.<br>And if your bank’s idea of protection is a form letter and a closed case, don’t wait for a wake-up call at 3AM.</p><p><a href="https://infosec.exchange/tags/SIMSwapping" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIMSwapping</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/MobileSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileSecurity</span></a> <a href="https://infosec.exchange/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2FA</span></a></p>
Brian Greenberg :verified:<p>⚠️ Mobile security risk: New Android malware "SuperCard X" enables contactless payment fraud via NFC relay attacks 📱💳</p><p>Here’s how it works:<br>🔹 Victims are socially engineered through fake bank alerts (smishing + calls)<br>🔹 Tricked into installing a rogue app posing as “security software”<br>🔹 NFC data is intercepted from real debit/credit cards<br>🔹 Attackers relay stolen credentials to PoS terminals and ATMs for fraudulent cashouts</p><p>Why it matters:<br>• Attackers no longer need stolen physical cards — just proximity + deception<br>• Banking customers, payment providers, and card issuers are all at risk<br>• Google is working on Android protections — but vigilance is key now</p><p>🛡️ Tip: Always scrutinize app installs, verify messages before acting, and keep Google Play Protect enabled.</p><p><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/MobileSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileSecurity</span></a> <a href="https://infosec.exchange/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://infosec.exchange/tags/NFC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NFC</span></a> <a href="https://infosec.exchange/tags/FinancialFraud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FinancialFraud</span></a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> <a href="https://infosec.exchange/tags/cloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cloud</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> </p><p><a href="https://thehackernews.com/2025/04/supercard-x-android-malware-enables.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2025/04/supe</span><span class="invisible">rcard-x-android-malware-enables.html</span></a></p>
Efani<p>🚨 A new Android malware campaign is using NFC relay attacks to clone credit cards — and it’s nearly invisible to antivirus tools.</p><p>Security researchers have discovered 'SuperCard X', a malware-as-a-service (MaaS) platform that allows cybercriminals to steal card data and make contactless payments using compromised Android devices.</p><p>Key highlights from the report:<br>- Distributed via social engineering scams through fake SMS or WhatsApp messages <br>- Victims are tricked into installing a malicious app disguised as a bank “verification” tool <br>- Once installed, it uses NFC to read card chip data and sends it to a second attacker device <br>- Attackers use a companion app to emulate the victim’s card and make payments or ATM withdrawals</p><p>🔍 What makes it dangerous:<br>- SuperCard X requests minimal permissions, making it hard to detect <br>- It uses ATR-based card emulation and mutual TLS (mTLS) for secure communication <br>- Malware is not flagged by any antivirus engines on VirusTotal <br>- Transactions are small, instant, and look legitimate to banks — making them harder to detect or reverse</p><p>🛡️ Google responded saying Play Protect is active and currently no such apps are listed on Google Play. But since these apps spread outside the store, Android users remain at risk — especially if they sideload apps or fall for impersonation scams.</p><p>This is a textbook example of how mobile payment infrastructure is being exploited — and why NFC security deserves more attention in mobile-first threat models.</p><p>At <span class="h-card" translate="no"><a href="https://infosec.exchange/@Efani" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Efani</span></a></span> we’re committed to helping protect high-risk users from silent, evasive mobile threats just like this.</p><p><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/AndroidMalware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AndroidMalware</span></a> <a href="https://infosec.exchange/tags/NFC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NFC</span></a> <a href="https://infosec.exchange/tags/MobileSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileSecurity</span></a> <a href="https://infosec.exchange/tags/EfaniSecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EfaniSecure</span></a> <a href="https://infosec.exchange/tags/SuperCardX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SuperCardX</span></a> <a href="https://infosec.exchange/tags/FintechFraud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FintechFraud</span></a> <a href="https://infosec.exchange/tags/MalwareAsAService" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MalwareAsAService</span></a></p>
OWASP Foundation<p>Join Jeroen Beckers at OWASP Global AppSec EU 2025 in Barcelona on May 29! </p><p>🔗 Register: <a href="https://owasp.glueup.com/event/123983/register/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">owasp.glueup.com/event/123983/</span><span class="invisible">register/</span></a></p><p>From secure coding practices to the impact on SAST, DAST, and manual testing, this talk is a must for anyone securing modern mobile apps across platforms. </p><p>Learn how to embed security into every phase of mobile app development—see you there! </p><p><a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OWASP</span></a> <a href="https://infosec.exchange/tags/AppSecEU2025" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppSecEU2025</span></a> <a href="https://infosec.exchange/tags/MobileSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileSecurity</span></a> <a href="https://infosec.exchange/tags/Flutter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Flutter</span></a> <a href="https://infosec.exchange/tags/ReactNative" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ReactNative</span></a> <a href="https://infosec.exchange/tags/CrossPlatform" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CrossPlatform</span></a> <a href="https://infosec.exchange/tags/SecureDev" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecureDev</span></a> <a href="https://infosec.exchange/tags/Barcelona" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Barcelona</span></a> <a href="https://infosec.exchange/tags/OWASPMobile" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OWASPMobile</span></a></p>
Pyrzout :vm:<p>Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks – Source: www.techrepublic.com <a href="https://ciso2ciso.com/apple-patches-two-zero-days-used-in-extremely-sophisticated-attacks-source-www-techrepublic-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/apple-patches-tw</span><span class="invisible">o-zero-days-used-in-extremely-sophisticated-attacks-source-www-techrepublic-com/</span></a> <a href="https://social.skynetcloud.site/tags/threatsandvulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatsandvulnerabilities</span></a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rssfeedpostgeneratorecho</span></a> <a href="https://social.skynetcloud.site/tags/SecurityonTechRepublic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityonTechRepublic</span></a> <a href="https://social.skynetcloud.site/tags/SecurityTechRepublic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityTechRepublic</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/MobileSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileSecurity</span></a> <a href="https://social.skynetcloud.site/tags/zerodaythreats" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zerodaythreats</span></a> <a href="https://social.skynetcloud.site/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/AppleiPhone" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppleiPhone</span></a> <a href="https://social.skynetcloud.site/tags/Mobility" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mobility</span></a> <a href="https://social.skynetcloud.site/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://social.skynetcloud.site/tags/Software" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Software</span></a> <a href="https://social.skynetcloud.site/tags/Apple" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apple</span></a> <a href="https://social.skynetcloud.site/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>News</span></a> <a href="https://social.skynetcloud.site/tags/ios" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ios</span></a></p>
Efani<p>🔐 Android just got a quiet but powerful security upgrade: automatic reboots after 3 days of device inactivity.</p><p>Google has rolled out a new feature via Google Play Services: if an Android device remains locked for 3 consecutive days, it will now automatically reboot.</p><p>Why this matters:<br>Rebooting puts the phone back into the "Before First Unlock" state — where data remains fully encrypted and inaccessible without the passcode. This makes it significantly harder for anyone trying to extract sensitive data using forensic tools like Cellebrite or Magnet.</p><p>Apple introduced a similar feature last year, signaling a broader trend: both ecosystems are reinforcing protections against post-unlock data extraction, often used by law enforcement or threat actors.</p><p>This feature:</p><p>- Reduces exposure time after a phone is seized or stolen<br>- Restores full disk encryption status automatically<br>- Adds a layer of passive defense even if users don’t act</p><p>📱 At <span class="h-card" translate="no"><a href="https://infosec.exchange/@Efani" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Efani</span></a></span>, we advocate for security that works even when you’re not paying attention. Automatic reboots after periods of inactivity are a subtle but smart move — one that helps prevent surveillance, data harvesting, and unauthorized access.</p><p>It’s not just about convenience anymore. It’s about digital self-defense by default.</p><p><a href="https://infosec.exchange/tags/MobileSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileSecurity</span></a> <a href="https://infosec.exchange/tags/Android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Android</span></a> <a href="https://infosec.exchange/tags/Encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Encryption</span></a> <a href="https://infosec.exchange/tags/Privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Privacy</span></a> <a href="https://infosec.exchange/tags/EfaniSecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EfaniSecure</span></a></p>
Bill<p>Traveling folx: are you doing anything with your devices over borders?</p><p>Not asking if you know what can be done, I realize everyone here knows that. What are you actually doing tomorrow before you get on the plane?</p><p><a href="https://www.theverge.com/policy/634264/customs-border-protection-search-phone-airport-rights" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">theverge.com/policy/634264/cus</span><span class="invisible">toms-border-protection-search-phone-airport-rights</span></a></p><p><a href="https://infosec.exchange/tags/uspol" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>uspol</span></a> <a href="https://infosec.exchange/tags/mobilesecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mobilesecurity</span></a></p>
Brandon Lipani<p>APPLE ADVANCED DATA PROTECTION EXPLAINED - <a href="https://lipanisecurity.com/apple-advanced-data-protection-explained/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">lipanisecurity.com/apple-advan</span><span class="invisible">ced-data-protection-explained/</span></a> <a href="https://twit.social/tags/apple" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>apple</span></a> <a href="https://twit.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://twit.social/tags/applesecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>applesecurity</span></a> <a href="https://twit.social/tags/mobilesecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mobilesecurity</span></a> <a href="https://twit.social/tags/icloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>icloud</span></a> <a href="https://twit.social/tags/netsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>netsec</span></a> <a href="https://twit.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://twit.social/tags/informationsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>informationsecurity</span></a></p>
LorenzoResearchers warn these commands could be exploited to manipulate memory, impersonate devices, and bypass security controls.<a href="https://poliverso.org/search?tag=bluetooth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bluetooth</span></a> <a href="https://poliverso.org/search?tag=chip" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>chip</span></a> <a href="https://poliverso.org/search?tag=cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://poliverso.org/search?tag=esp32" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>esp32</span></a> <a href="https://poliverso.org/search?tag=internetofthings" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>internetofthings</span></a> <a href="https://poliverso.org/search?tag=iotsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iotsecurity</span></a> <a href="https://poliverso.org/search?tag=microcontroller" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>microcontroller</span></a> <a href="https://poliverso.org/search?tag=mobilesecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mobilesecurity</span></a> <a href="https://poliverso.org/search?tag=research" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>research</span></a> <a href="https://poliverso.org/search?tag=security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://poliverso.org/search?tag=supplychain" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>supplychain</span></a> <a href="https://poliverso.org/search?tag=tarlogic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tarlogic</span></a> <a href="https://poliverso.org/search?tag=vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://poliverso.org/search?tag=wifi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wifi</span></a><br><a href="https://www.techrepublic.com/article/esp32-hidden-commands-hacking-risk/" rel="nofollow noopener" target="_blank">Billions of Devices at Risk of Hacking Due to Hidden Commands</a>
nemo™ 🇺🇦<p>Did you know that entering * and # on your phone triggers different actions? 🤔 This blog post explains MMI, USSD, and SS codes, and how they interact with your device and network. A must-read for understanding mobile communication! 📱<br>🔗 <a href="https://berlin.ccc.de/~tobias/mmi-ussd-ss-codes-explained.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">berlin.ccc.de/~tobias/mmi-ussd</span><span class="invisible">-ss-codes-explained.html</span></a> <a href="https://mas.to/tags/USSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>USSD</span></a> <a href="https://mas.to/tags/MMI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MMI</span></a> <a href="https://mas.to/tags/MobileSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileSecurity</span></a> <a href="https://mas.to/tags/GSM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GSM</span></a> <a href="https://mas.to/tags/UMTS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UMTS</span></a> <a href="https://mas.to/tags/LTE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LTE</span></a></p>
eicker.news ᳇ tech news<p>»How Democratizing <a href="https://eicker.news/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatHunting</span></a> is Changing <a href="https://eicker.news/tags/MobileSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileSecurity</span></a>: revealing 11 new <a href="https://eicker.news/tags/Pegasus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pegasus</span></a> <a href="https://eicker.news/tags/detections" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>detections</span></a>.« <a href="https://iverify.io/blog/how-democratizing-threat-hunting-is-changing-mobile-security?eicker.news" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">iverify.io/blog/how-democratiz</span><span class="invisible">ing-threat-hunting-is-changing-mobile-security?eicker.news</span></a> <a href="https://eicker.news/tags/tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tech</span></a> <a href="https://eicker.news/tags/media" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>media</span></a></p>
OWASP Foundation<p>Master Mobile App Security at OWASP Global AppSec EU 2025</p><p>Join Sven Schleier for The Mobile Playbook – a 3-day hands-on training from May 26-28, 2025, designed for penetration testers, developers, and engineers.</p><p>This intermediate-level course will take you through dynamic testing, static analysis, reverse engineering, and Software Composition Analysis.</p><p><a href="https://owasp.glueup.com/event/123983/register" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">owasp.glueup.com/event/123983/</span><span class="invisible">register</span></a></p><p><a href="https://infosec.exchange/tags/AppSecEU" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppSecEU</span></a> <a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OWASP</span></a> <a href="https://infosec.exchange/tags/MobileSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileSecurity</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/iOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iOS</span></a> <a href="https://infosec.exchange/tags/Android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Android</span></a></p>
Miguel Afonso Caetano<p>"Cape runs its own mobile core, all of the software necessary to route messages, authenticate users, and basically be a telecom. Ultimately, this gives Cape the control to do more privacy-enhancing things, such as periodically give its phones a new IMEI—a unique identifier for the phone—and new IMSI—a similar identifier but one attached to the SIM card (or eSIM in Cape’s case). The phone can also give itself a new mobile advertising identifier (MAID), which is an identifier advertising ecosystems and apps use to track peoples’ web browsing activity and is sometimes linked to their physical movement data. Cape said the IMEI and MAID rotation is handled by the custom Cape handset, which runs standard up-to-date Android.</p><p>Cape lets users create bundles of these identifiers, called “personas,” then cycle through them at different points. This means that during some attacks, a Cape phone may look like a different phone each time. The device can do this in a few ways. In the first, users can set geofences around a particular area, meaning that when they enter that location—such as their home, place of work, or commute—the device automatically switches to a particular IMSI, IMEI, and MAID. Secondly, users can set it to switch between these sets of identifiers after an approximate period of time has passed, between one hour and one day, with an option to add some percentage of variation between each rotation."</p><p><a href="https://www.404media.co/i-dont-own-a-cellphone-can-this-privacy-focused-network-change-that/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">404media.co/i-dont-own-a-cellp</span><span class="invisible">hone-can-this-privacy-focused-network-change-that/</span></a></p><p><a href="https://tldr.nettime.org/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://tldr.nettime.org/tags/Mobile" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mobile</span></a> <a href="https://tldr.nettime.org/tags/Privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Privacy</span></a> <a href="https://tldr.nettime.org/tags/Cellphones" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cellphones</span></a> <a href="https://tldr.nettime.org/tags/MobileSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileSecurity</span></a> <a href="https://tldr.nettime.org/tags/Cape" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cape</span></a></p>
Pyrzout :vm:<p>White House Memo Puts the Focus of AI on National Security – Source: securityboulevard.com <a href="https://ciso2ciso.com/white-house-memo-puts-the-focus-of-ai-on-national-security-source-securityboulevard-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/white-house-memo</span><span class="invisible">-puts-the-focus-of-ai-on-national-security-source-securityboulevard-com/</span></a> <a href="https://social.skynetcloud.site/tags/SecurityBoulevard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityBoulevard</span></a>(Original) <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rssfeedpostgeneratorecho</span></a> <a href="https://social.skynetcloud.site/tags/Bidenadministration" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Bidenadministration</span></a> <a href="https://social.skynetcloud.site/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntelligence</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/IndustrySpotlight" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IndustrySpotlight</span></a> <a href="https://social.skynetcloud.site/tags/SecurityBoulevard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityBoulevard</span></a> <a href="https://social.skynetcloud.site/tags/nationalsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nationalsecurity</span></a> <a href="https://social.skynetcloud.site/tags/NetworkSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NetworkSecurity</span></a> <a href="https://social.skynetcloud.site/tags/MobileSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileSecurity</span></a> <a href="https://social.skynetcloud.site/tags/SocialFacebook" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SocialFacebook</span></a> <a href="https://social.skynetcloud.site/tags/SocialLinkedIn" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SocialLinkedIn</span></a> <a href="https://social.skynetcloud.site/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudSecurity</span></a> <a href="https://social.skynetcloud.site/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/datasecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>datasecurity</span></a> <a href="https://social.skynetcloud.site/tags/Spotlight" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Spotlight</span></a> <a href="https://social.skynetcloud.site/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>News</span></a></p>