Mobile
News & Commentary
Apple Pay Fraud Gives Us A New Reason To Hate Data Breaches And SSNs
Sara Peters, Senior Editor at Dark ReadingNews
There may already be millions of dollars in losses, but you can't blame Apple for this one.
By Sara Peters Senior Editor at Dark Reading, 3/4/2015
Comment1 Comment  |  Read  |  Post a Comment
A ‘Building Code’ For Internet of Things Security, Privacy
Greg Shannon, Ph.D., chair, IEEE Cybersecurity Initiative & Chief Scientist, CERT Division, Carnegie Mellon University Software Engineering InstituteCommentary
In the fast-emerging IoT, medical device safety is reaching a critical juncture. Here are three challenges InfoSec professionals should begin to think about now.
By Greg Shannon Ph.D., chair, IEEE Cybersecurity Initiative & Chief Scientist, CERT Division, Carnegie Mellon University Software Engineering Institute, 3/4/2015
Comment1 Comment  |  Read  |  Post a Comment
Mobile Security By The Numbers
Ericka Chickowski, Contributing Writer, Dark Reading
Rounding up the latest research on mobile malware and security practices.
By Ericka Chickowski , 3/2/2015
Comment0 comments  |  Read  |  Post a Comment
Gemalto: NSA, GCHQ May Have Been Behind Breaches It Suffered In 2010 And 2011
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
But the 'sophisticated' attacks hit only Gemalto office networks--not 'massive theft' of SIM crypto keys, vendor says, and such an attack, if waged, would only affect 2G networks, not 3G or 4G.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/25/2015
Comment3 comments  |  Read  |  Post a Comment
Mobile Apps Remain Vulnerable For Months
Thomas Claburn, Editor at Large, Enterprise MobilityNews
Developers are failing to respond quickly to reports of security flaws, Trojans are infecting corporate devices at an alarming rate, and even mundane data about your device's power consumption could threaten your privacy.
By Thomas Claburn Editor at Large, Enterprise Mobility, 2/24/2015
Comment16 comments  |  Read  |  Post a Comment
7 Things You Should Know About Secure Payment Technology
Sara Peters, Senior Editor at Dark Reading
Despite the existence of EMV and Apple Pay, we're a long way from true payment security, especially in the US.
By Sara Peters Senior Editor at Dark Reading, 2/24/2015
Comment14 comments  |  Read  |  Post a Comment
Video: Net Neutrality, Apple Malware & InformationWeek Live
Andrew Conry Murray, Director of Content & Community, InteropCommentary
This Week In 60 Seconds looks at legal challenges to the FCC’s regulatory proposal, discusses new malware that targets Apple iOS, and invites you to InformationWeek’s live radio show.
By Andrew Conry Murray Director of Content & Community, Interop, 2/6/2015
Comment0 comments  |  Read  |  Post a Comment
Android Adware Raises Google Play Security Concerns
Eric Zeman, Commentary
Three apps, downloaded to tens of millions of Android devices from the Google Play store, foisted ads for apps on unsuspecting users.
By Eric Zeman , 2/4/2015
Comment9 comments  |  Read  |  Post a Comment
Apple iOS Now Targeted In Massive Cyber Espionage Campaign
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Attack campaign tied to Russia now zeroing in on mobile user's iPhones, iPads.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/4/2015
Comment4 comments  |  Read  |  Post a Comment
Enterprises Underestimate Actual Shadow Cloud Risks
Jai Vijayan, Freelance writerNews
More than 85 percent of cloud applications used in the workplace are unsanctioned, study shows.
By Jai Vijayan Freelance writer, 2/3/2015
Comment3 comments  |  Read  |  Post a Comment
BMW's Software Security Patch A Sign Of Things To Come
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
But not all car security flaws can be patched as simply -- or at all.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/3/2015
Comment8 comments  |  Read  |  Post a Comment
Syrian Opposition Forces Social-Engineered And Hacked
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers uncover trove of sensitive information and details of Syrian government opposition plans and players -- pilfered by pro-Assad government hackers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/2/2015
Comment6 comments  |  Read  |  Post a Comment
Google Paid Over $1.5 Million In Bug Bounties In 2014
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Mobile apps developed by Google now included in its Vulnerability Reward Program.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/30/2015
Comment5 comments  |  Read  |  Post a Comment
FCC: Stop Blocking Personal WiFi
Thomas Claburn, Editor at Large, Enterprise MobilityNews
Great news for travelers: Hotels and other businesses cannot interfere with your personal WiFi hotspot.
By Thomas Claburn Editor at Large, Enterprise Mobility, 1/28/2015
Comment7 comments  |  Read  |  Post a Comment
WiIl Millennials Be The Death Of Data Security?
Chris Rouland, Founder & CEO, BastilleCommentary
Millennials, notoriously promiscuous with data and devices, this year will become the largest generation in the workforce. Is your security team prepared?
By Chris Rouland Founder & CEO, Bastille, 1/27/2015
Comment35 comments  |  Read  |  Post a Comment
Facebook Messenger: Classically Bad AppSec
Daniel Riedel, CEO, New ContextCommentary
Facebook offers a textbook example of what the software industry needs to do to put application security in the forefront of software development.
By Daniel Riedel CEO, New Context, 1/21/2015
Comment2 comments  |  Read  |  Post a Comment
Verizon Wireless Customers Face 'Zombie Cookies'
Thomas Claburn, Editor at Large, Enterprise MobilityNews
Cookie files placed on the phones of Verizon Wireless customers by the ad company Turn return to life even after they've been deleted.
By Thomas Claburn Editor at Large, Enterprise Mobility, 1/15/2015
Comment3 comments  |  Read  |  Post a Comment
CES 2015: 8 Innovative Security Products
Luke Bilton, Luke Bilton, Director, Digital & Content, UBMNews
The explosion in smart technologies that connect everyday objects to the internet is transforming both home and personal security.
By Luke Bilton, Director, Digital & Content, UBM , 1/7/2015
Comment0 comments  |  Read  |  Post a Comment
CES 2015 Preview: 8 Hot Trends
Kevin Casey,
Tech's annual celebration of gadgets, robots, and connected everything kicks off soon in Vegas. Here's what will grab the spotlight at CES 2015.
By Kevin Casey , 1/3/2015
Comment7 comments  |  Read  |  Post a Comment
Why Digital Forensics In Incident Response Matters More Now
Craig Carpenter, President & COO, Resolution1 SecurityCommentary
By understanding what happened, when, how, and why, security teams can prevent similar breaches from occurring in the future.
By Craig Carpenter President & COO, Resolution1 Security, 12/24/2014
Comment6 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8617
Published: 2015-03-04
Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to module/re...

CVE-2015-0891
Published: 2015-03-04
Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Simple Board allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2015-0892
Published: 2015-03-04
Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Image Album allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2015-0893
Published: 2015-03-04
Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Relay Novel allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2015-2209
Published: 2015-03-04
DLGuard 4.5 allows remote attackers to obtain the installation path via the c parameter to index.php.

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.