Author: Cyberthreat Blog

The “PCB Mobile” by Phelps County Bank app 3.0.2 — aka pcb-mobile/id436891295 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain...

The “Blue Ridge Bank and Trust Co. Mobile Banking” by Blue Ridge Bank and Trust Co. app 3.0.1 — aka blue-ridge-bank-and-trust-co-mobile-banking/id699679197 for iOS does not verify X.509 certificates from SSL...

The “State Bank of Waterloo Mobile Banking” by State Bank of Waterloo app 3.0.2 — aka state-bank-of-waterloo-mobile-banking/id555321714 for iOS does not verify X.509 certificates from SSL servers, which allows...

The “First State Bank of Bigfork Mobile Banking” by First State Bank of Bigfork app 4.0.3 — aka first-state-bank-of-bigfork-mobile-banking/id1133969876 for iOS does not verify X.509 certificates from SSL...

The “CFB Mobile Banking” by Citizens First Bank Wisconsin app 3.0.1 — aka cfb-mobile-banking/id1081102805 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to...