Mobile
News & Commentary
Gemalto: NSA, GCHQ May Have Been Behind Breaches It Suffered In 2010 And 2011
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
But the 'sophisticated' attacks hit only Gemalto office networks--not 'massive theft' of SIM crypto keys, vendor says, and such an attack, if waged, would only affect 2G networks, not 3G or 4G.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/25/2015
Comment3 comments  |  Read  |  Post a Comment
Mobile Apps Remain Vulnerable For Months
Thomas Claburn, Editor-at-LargeNews
Developers are failing to respond quickly to reports of security flaws, Trojans are infecting corporate devices at an alarming rate, and even mundane data about your device's power consumption could threaten your privacy.
By Thomas Claburn Editor-at-Large, 2/24/2015
Comment11 comments  |  Read  |  Post a Comment
7 Things You Should Know About Secure Payment Technology
Sara Peters, Senior Editor at Dark Reading
Despite the existence of EMV and Apple Pay, we're a long way from true payment security, especially in the US.
By Sara Peters Senior Editor at Dark Reading, 2/24/2015
Comment14 comments  |  Read  |  Post a Comment
Video: Net Neutrality, Apple Malware & InformationWeek Live
Andrew Conry Murray, Director of Content & Community, InteropCommentary
This Week In 60 Seconds looks at legal challenges to the FCC’s regulatory proposal, discusses new malware that targets Apple iOS, and invites you to InformationWeek’s live radio show.
By Andrew Conry Murray Director of Content & Community, Interop, 2/6/2015
Comment0 comments  |  Read  |  Post a Comment
Android Adware Raises Google Play Security Concerns
Eric Zeman, Commentary
Three apps, downloaded to tens of millions of Android devices from the Google Play store, foisted ads for apps on unsuspecting users.
By Eric Zeman , 2/4/2015
Comment9 comments  |  Read  |  Post a Comment
Apple iOS Now Targeted In Massive Cyber Espionage Campaign
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Attack campaign tied to Russia now zeroing in on mobile user's iPhones, iPads.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/4/2015
Comment4 comments  |  Read  |  Post a Comment
Enterprises Underestimate Actual Shadow Cloud Risks
Jai Vijayan, Freelance writerNews
More than 85 percent of cloud applications used in the workplace are unsanctioned, study shows.
By Jai Vijayan Freelance writer, 2/3/2015
Comment3 comments  |  Read  |  Post a Comment
BMW's Software Security Patch A Sign Of Things To Come
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
But not all car security flaws can be patched as simply -- or at all.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/3/2015
Comment8 comments  |  Read  |  Post a Comment
Syrian Opposition Forces Social-Engineered And Hacked
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers uncover trove of sensitive information and details of Syrian government opposition plans and players -- pilfered by pro-Assad government hackers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/2/2015
Comment6 comments  |  Read  |  Post a Comment
Google Paid Over $1.5 Million In Bug Bounties In 2014
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Mobile apps developed by Google now included in its Vulnerability Reward Program.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/30/2015
Comment5 comments  |  Read  |  Post a Comment
FCC: Stop Blocking Personal WiFi
Thomas Claburn, Editor-at-LargeNews
Great news for travelers: Hotels and other businesses cannot interfere with your personal WiFi hotspot.
By Thomas Claburn Editor-at-Large, 1/28/2015
Comment7 comments  |  Read  |  Post a Comment
WiIl Millennials Be The Death Of Data Security?
Chris Rouland, Founder & CEO, BastilleCommentary
Millennials, notoriously promiscuous with data and devices, this year will become the largest generation in the workforce. Is your security team prepared?
By Chris Rouland Founder & CEO, Bastille, 1/27/2015
Comment35 comments  |  Read  |  Post a Comment
Facebook Messenger: Classically Bad AppSec
Daniel Riedel, CEO, New ContextCommentary
Facebook offers a textbook example of what the software industry needs to do to put application security in the forefront of software development.
By Daniel Riedel CEO, New Context, 1/21/2015
Comment2 comments  |  Read  |  Post a Comment
Verizon Wireless Customers Face 'Zombie Cookies'
Thomas Claburn, Editor-at-LargeNews
Cookie files placed on the phones of Verizon Wireless customers by the ad company Turn return to life even after they've been deleted.
By Thomas Claburn Editor-at-Large, 1/15/2015
Comment3 comments  |  Read  |  Post a Comment
CES 2015: 8 Innovative Security Products
Luke Bilton, Luke Bilton, Director, Digital & Content, UBMNews
The explosion in smart technologies that connect everyday objects to the internet is transforming both home and personal security.
By Luke Bilton, Director, Digital & Content, UBM , 1/7/2015
Comment0 comments  |  Read  |  Post a Comment
CES 2015 Preview: 8 Hot Trends
Kevin Casey,
Tech's annual celebration of gadgets, robots, and connected everything kicks off soon in Vegas. Here's what will grab the spotlight at CES 2015.
By Kevin Casey , 1/3/2015
Comment7 comments  |  Read  |  Post a Comment
Why Digital Forensics In Incident Response Matters More Now
Craig Carpenter, President & COO, Resolution1 SecurityCommentary
By understanding what happened, when, how, and why, security teams can prevent similar breaches from occurring in the future.
By Craig Carpenter President & COO, Resolution1 Security, 12/24/2014
Comment6 comments  |  Read  |  Post a Comment
Millions Of Android Phones In China Have Backdoor
Jai Vijayan, Freelance writerNews
An Android backdoor is the topic of one of two advisories this week on mobile threats.
By Jai Vijayan Freelance writer, 12/17/2014
Comment0 comments  |  Read  |  Post a Comment
Smartphones Get Headlines, But Lax USB Security Is Just As Risky
Cam Roberson, Director Reseller Channel, Beachhead SolutionsCommentary
Most companies use no software to detect or secure sensitive data when it is moved to a USB flash drive, or even check USB drives for viruses or malware.
By Cam Roberson Director Reseller Channel, Beachhead Solutions, 12/10/2014
Comment8 comments  |  Read  |  Post a Comment
Healthcare Security In 2015: 9 Hotspots
Alison Diana, Senior Editor
With data breaches growing, 2015 promises to be the healthcare industry's most challenging security year yet. These nine areas demand attention in 2015.
By Alison Diana Senior Editor, 12/10/2014
Comment4 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2188
Published: 2015-02-26
The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connecti...

CVE-2015-0594
Published: 2015-02-26
Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS) and Cisco Security Manager, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq54654 and CSCun1...

CVE-2015-0632
Published: 2015-02-26
Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the local network, aka Bug ID CSCuo67770.

CVE-2015-0651
Published: 2015-02-26
Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisco Application Networking Manager (ANM), and Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo99753.

CVE-2015-0882
Published: 2015-02-26
Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to admin/includes/init_includes/init_sanitize.php an...

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.