News & Commentary

Latest Content tagged with Mobile
Page 1 / 2   >   >>
ZipperDown Vulnerability Could Hit 10% of iOS Apps
Quick Hits  |  5/22/2018  | 
A newly discovered vulnerability could affect thousands of iOS apps -- and Android users may not be spared.
'Roaming Mantis' Android Malware Evolves, Expands Targets
Quick Hits  |  5/21/2018  | 
Roaming Mantis has evolved rapidly, adding geographies, platforms, and capabilities to its original scope.
Cracking 2FA: How It's Done and How to Stay Safe
Slideshows  |  5/17/2018  | 
Two-factor authentication is a common best security practice but not ironclad. Here's how it can be bypassed, and how you can improve security.
Phishing Attack Bypasses Two-Factor Authentication
News  |  5/10/2018  | 
Hacker Kevin Mitnick demonstrates a phishing attack designed to abuse multi-factor authentication and take over targets' accounts.
Phishing Threats Move to Mobile Devices
News  |  5/9/2018  | 
Mobile devices are emerging as a primary gateway for phishing attacks aimed at stealing data.
APT Attacks on Mobile Rapidly Emerging
News  |  5/8/2018  | 
Mobile devices are becoming a 'primary' enterprise target for attackers.
What Meltdown and Spectre Mean for Mobile Device Security
Commentary  |  4/30/2018  | 
Here are four tips to keep your mobile users safe from similar attacks.
Google Adds Security Features to Gmail Face-lift
News  |  4/25/2018  | 
A redesigned Gmail brings new security measures to improve data protection and applications for artificial intelligence.
Biometrics Are Coming & So Are Security Concerns
Commentary  |  4/20/2018  | 
Could these advanced technologies be putting user data at risk?
Securing Social Media: National Safety, Privacy Concerns
News  |  4/19/2018  | 
It's a critical time for social media platforms and the government agencies and private businesses and individuals using them.
DHS Helps Shop Android IPS Prototype
News  |  4/18/2018  | 
A MITRE-developed intrusion prevention system for mobile technology is showcased here this week at the RSA Conference.
INsecurity Conference Seeks Security Pros to Speak on Best Practices
News  |  4/16/2018  | 
Dark Reading's second annual data defense conference will be held Oct. 23-25 in Chicago; call for speakers is issued.
Pairing Policy & Technology: BYOD That Works for Your Enterprise
Commentary  |  4/10/2018  | 
An intelligent security policy coupled with the right technology can set you up for success with BYOD.
HTTP Injector Steals Mobile Internet Access
News  |  4/10/2018  | 
Users aren't shy about sharing the technique and payload in a new attack.
89% of Android Users Didn't Consent to Facebook Data Collection
Quick Hits  |  4/10/2018  | 
A new survey shows most Android users did not give Facebook permission to collect their call and text data.
Deep Instinct Adds MacOS Support
Quick Hits  |  4/9/2018  | 
Deep Instinct adds support for MacOS, Citrix, and multi-tenancy in its version 2.2 release.
Protect Yourself from Online Fraud This Tax Season
Commentary  |  4/6/2018  | 
Use these tips to stay safe online during everyone's least-favorite time of the year.
Qualys Buys 1Mobility Software Assets
Quick Hits  |  4/2/2018  | 
Qualys has purchased the software assets of 1Mobility for an undisclosed sum.
Under Armour App Breach Exposes 150 Million Records
Quick Hits  |  3/30/2018  | 
A breach in a database for MyFitnessPal exposes information on 150 million users.
New Android Cryptojacker Can Brick Phones
News  |  3/28/2018  | 
Mobile cryptojacking malware mines Monero.
Looking Back to Look Ahead: Cyber Threat Trends to Watch
Commentary  |  3/23/2018  | 
Data from the fourth quarter of last year shows the state of application exploits, malicious software, and botnets.
Phantom Secure 'Uncrackable Phone' Execs Indicted for RICO Crimes
Quick Hits  |  3/16/2018  | 
Executives of Phantom Secure have been indicted on federal RICO charges for encrypting communications among criminals.
Online Ads vs. Security: An Invisible War
Commentary  |  3/15/2018  | 
Why visiting one website is like visiting 50, and how you can fight back against malvertisers.
What's the C-Suite Doing About Mobile Security?
Commentary  |  3/13/2018  | 
While most companies have security infrastructure for on-premises servers, networks, and endpoints, too many are ignoring mobile security. They'd better get moving.
Asia's Security Leaders Feel Underprepared for Future Threats: Report
News  |  3/12/2018  | 
A new study highlights major concerns of cybersecurity leaders in Asia, where most fear critical infrastructure attacks, advanced threats, and social engineering.
IoT Product Safety: If It Appears Too Good to Be True, It Probably Is
Commentary  |  3/12/2018  | 
Proposed new connected-product repair laws will provide hackers with more tools to make our lives less secure.
Researchers Defeat Android OEMs' Security Mitigations
News  |  3/7/2018  | 
At Black Hat Asia, two security experts will bypass security improvements added to Android by equipment manufacturers.
Connected Cars Pose New Security Challenges
Commentary  |  3/6/2018  | 
The auto industry should seize the opportunity and get in front of this issue.
Securing the Web of Wearables, Smartphones & Cloud
News  |  3/1/2018  | 
Why security for the Internet of Things demands that businesses revamp their software development lifecycle.
What Enterprises Can Learn from Medical Device Security
Commentary  |  3/1/2018  | 
In today's cloud-native world, organizations need a highly distributed approach that ties security to the workload itself in order to prevent targeted attacks.
New Android Malware Family Highlights Evolving Mobile Threat Capabilities
News  |  2/28/2018  | 
RedDrop can steal data, record audio, and rack up SMS charges for victims, says Wandera.
Threats from Mobile Ransomware & Banking Malware Are Growing
News  |  2/26/2018  | 
The number of unique mobile malware samples increased sharply in 2017 compared to a year ago, according to Trend Micro.
10 Can't-Miss Talks at Black Hat Asia
Slideshows  |  2/23/2018  | 
With threats featuring everything from nation-states to sleep states, the sessions taking place from March 20-23 in Singapore are relevant to security experts around the world.
The Mobile Threat: 4 out of 10 Businesses Report 'Significant' Risk
News  |  2/21/2018  | 
Organizations put efficiency and profit before security, leading to system downtime and data loss, according to inaugural research from Verizon.
Can Android for Work Redefine Enterprise Mobile Security?
Commentary  |  2/13/2018  | 
Google's new mobility management framework makes great strides in addressing security and device management concerns while offering diverse deployment options. Here are the pros and cons.
Google Paid $2.9M for Vulnerabilities in 2017
News  |  2/9/2018  | 
The Google Vulnerability Reward Program issued a total of 1,230 rewards in 2017. The single largest payout was $112,500.
Apple iOS iBoot Secure Bootloader Code Leaked Online
Quick Hits  |  2/8/2018  | 
Lawyers for Apple called for the source code to be removed from GitHub.
Identity Fraud Hits All-Time High in 2017
News  |  2/6/2018  | 
Survey reports that the number of fraud victims topped 16 million consumers last year, and much of that crime has moved online.
Mastering Security in the Zettabyte Era
Commentary  |  2/5/2018  | 
Many businesses are ill-equipped to deal with potential risks posed by billions of connected devices, exponential data growth, and an unprecedented number of cyber threats. Here's how to prepare.
3 Ways Hackers Steal Your Company's Mobile Data
Commentary  |  2/2/2018  | 
The most effective data exfiltration prevention strategies are those that are as rigorous in vetting traffic entering the network as they are traffic leaving it.
700,000 Bad Apps Deleted from Google Play in 2017
Quick Hits  |  1/31/2018  | 
Google rejected 99% of apps with abusive content before anyone could install them, according to a 2017 security recap.
Strava Fitness App Shares Secret Army Base Locations
Quick Hits  |  1/29/2018  | 
The exercise tracker published a data visualization map containing exercise routes shared by soldiers on active duty.
Endpoint and Mobile Top Security Spending at 57% of Businesses
Quick Hits  |  1/26/2018  | 
Businesses say data-at-rest security tools are most effective at preventing breaches, but spend most of their budgets securing endpoint and mobile devices.
Dark Caracal Campaign Breaks New Ground with Focus on Mobile Devices
News  |  1/23/2018  | 
This is the first known global-scale campaign primarily focused on stealing data from Android devices, Lookout and EFF say.
Google Pays Researcher Record $112,500 for Android Flaw
Quick Hits  |  1/19/2018  | 
The bug bounty reward, given to a researcher who submitted a working remote exploit chain, is Google's highest for an Android bug.
Kaspersky Lab Warns of Extremely Sophisticated Android Spyware Tool
News  |  1/16/2018  | 
Skygofree appears to have been developed for lawful intercept, offensive surveillance purposes.
Top 3 Pitfalls of Securing the Decentralized Enterprise
Partner Perspectives  |  1/16/2018  | 
Doubling down on outdated security practices while the number of users leveraging your enterprise network grows is a race to the bottom for businesses moving to distributed workflows.
Majority of Companies Lack Sufficient IoT Policy Enforcement Tools
Quick Hits  |  1/12/2018  | 
Shortfall exists despite nearly all global technology enterprise companies having security policies to manage IoT devices.
Responding to the Rise of Fileless Attacks
News  |  1/11/2018  | 
Fileless attacks, easier to conduct and more effective than traditional malware-based threats, pose a growing challenge to enterprise targets.
Vulnerable Mobile Apps: The Next ICS/SCADA Cyber Threat
News  |  1/11/2018  | 
Researchers find nearly 150 vulnerabilities in SCADA mobile apps downloadable from Google Play.
Page 1 / 2   >   >>


Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2016-8656
PUBLISHED: 2018-05-22
Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation.
CVE-2017-2609
PUBLISHED: 2018-05-22
jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to.
CVE-2017-2617
PUBLISHED: 2018-05-22
hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where hawtio is deployed.
CVE-2018-11372
PUBLISHED: 2018-05-22
iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter.
CVE-2018-11373
PUBLISHED: 2018-05-22
iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter.