[James Settle]

Three emerging vulnerabilities on mobile & physical devices would be phishing attacks, rogue wifi hotspots, and social engineering.

Phishing attacks come in the form of fake websites, or links via email, from mobile or physical devices where attackers use targeted messages to try to trick people into revealing personal information or clinking a link with malware, usually resulting in some way to obtain their financial information.

Rogue Wifi is where attackers set up fake wifi hotspots in order to direct network traffic their and intercept and obtain sensitive data from users.

Social engineering in infosec, the best way i can explain it is catfishing. Manipulating people in attempt to gain information about them. Basically building up a case file on people, info gathering, gaining access to their systems, and sometimes fraud.

Countermeasures to reduce these vulnerabilities would be virtual private networks on any outside/ public network connections, data encryption, and enabling multiple firewalls as a deterrent, MFA, and constant user education as new threats and techniques to implement them continue to emerge.