Premium number | Breaking Cybersecurity News | The Hacker News

Smart hackers could exploit a loophole that could allow them to steal a significant amount of cash from Google, Microsoft and Instagram using a Premium rate phone number. Security researcher Arne Swinnen from Belgium has discovered an ingenious way to steal money from big tech companies like Google, Microsoft, and Instagram using their two-factor authentication (2FA) voice-based token distribution systems. Swinnen argues that any attacker with malicious intent could create fake Google, Microsoft or Instagram accounts, as well as premium phone services, and then link them together. The attacker could then request 2FA voice-based tokens for all fake accounts using an automated scripts, placing legitimate phone calls to his service to earn him quite a nice profit. Swinnen created accounts on Google, Microsoft Office 365 and Instagram and then tied them to a premium phone number instead of a regular one. As a result, whenever one of these three services would call the account...

Downloading various apps blindly from Google play store may bring you at risk in terms of money.  PandaLabs , the Cloud Security Company, has identified malicious Android apps on Google Play that can sign up users for premium SMS subscription services without their permission and so far it has infected at least 300,000 Android users, although the number of malicious downloads could have reached 4 times higher i.e. 1,200,000 users. The four apps found free in the app store that came packaged with a premium SMS scam that dubbed as "Easy Hairdos", "Abs Diets", "Workout Routines" and "Cupcake Recipes" and are among the malicious apps available for free download on Google Play store . From the above app, say if 'Abs Diet' has been installed on your phone and once the user has accepted the terms and conditions of the service, the app displays a series of tips to reduce abdominal fat and then without the user's knowledge, the app l...

Intro: Why hack in when you can log in? SaaS applications are the backbone of modern organizations, powering productivity and operational efficiency. But every new app introduces critical security risks through app integrations and multiple users, creating easy access points for threat actors. As a result, SaaS breaches have increased, and according to a May 2024 XM Cyber report, identity and credential misconfigurations caused 80% of security exposures. Subtle signs of a compromise get lost in the noise, and then multi-stage attacks unfold undetected due to siloed solutions. Think of an account takeover in Entra ID, then privilege escalation in GitHub, along with data exfiltration from Slack. Each seems unrelated when viewed in isolation, but in a connected timeline of events, it's a dangerous breach. Wing Security's SaaS platform is a multi-layered solution that combines posture management with real-time identity threat detection and response. This allows organizations to get a ...

Android platform is a primary target for malware attacks from few years and during 2013, more than 79% of mobile operating malware threats are taking place on Android OS. I have been working on Android Malware architectures since last two years and created 100's of sample of most sophisticated malware for demo purpose. Till now we have seen the majority of Android malware apps that earn money for their creators by sending SMS messages to premium rate numbers from infected devices. Security researchers at Lookout identified an interesting monetized Android Malware labeled as ' Mouabad ', that allow a remote attacker to make phone calls to premium-rate numbers without user interaction from C&C servers by sending commands to the malware. The technique is not new, but infection from such app notified first time in the wild. The variant dubbed MouaBad . p. , is particularly sneaky and to avoid detection it waits to make its calls until a period of tim...