Mobile
News & Commentary
What Do You Mean My Security Tools Donít Work on APIs?!!
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
SAST and DAST scanners havenít advanced much in 15 years. But the bigger problem is that they were designed for web apps, not to test the security of an API.
By Jeff Williams CTO, Aspect Security & Contrast Security, 6/25/2015
Comment6 comments  |  Read  |  Post a Comment
iOS 9, Android M Place New Focus On Security, Privacy
Pablo Valerio, International Business & IT ConsultantCommentary
Google and Apple have publicly challenged calls from law enforcement agencies to weaken encryption on consumer devices. In turn, iOS 9 and Android M will sport a string of new security and privacy features for users.
By Pablo Valerio International Business & IT Consultant, 6/24/2015
Comment3 comments  |  Read  |  Post a Comment
FitBit, Acer Liquid Leap Fail In Security Fitness
Sara Peters, Senior Editor at Dark ReadingNews
Transmissions to the cloud are secured with these Internet of Things devices, but wristband-to-phone comms are open to eavesdropping.
By Sara Peters Senior Editor at Dark Reading, 6/22/2015
Comment2 comments  |  Read  |  Post a Comment
Samsung Update Fixes SwiftKey Security Flaw
Kelly Sheridan, Associate Editor, InformationWeekNews
Samsung will release a security policy update following reports of vulnerability in SwiftKey keyboard replacement software.
By Kelly Sheridan Associate Editor, InformationWeek, 6/20/2015
Comment2 comments  |  Read  |  Post a Comment
7 Top Security Quotes From London Technology Week
Sara Peters, Senior Editor at Dark Reading
Tech events across the city hit on IoT, smart cities, mobility and Legos.
By Sara Peters Senior Editor at Dark Reading, 6/19/2015
Comment9 comments  |  Read  |  Post a Comment
600M Samsung Smartphones Vulnerable To Hacking
Larry Loeb, Blogger, InformationweekCommentary
A report from a security firms finds that Samsung's smartphones are vulnerable to attacks thanks to replacement software in the SwiftKey keyboard. However, it's not really Samsung's fault.
By Larry Loeb Blogger, Informationweek, 6/17/2015
Comment12 comments  |  Read  |  Post a Comment
Millennials And Smartphone Apps: Your Security Nightmare
Kelly Sheridan, Associate Editor, InformationWeekNews
Millennials' overall relaxed attitude towards security could be leaving your corporate data vulnerable to hackers.
By Kelly Sheridan Associate Editor, InformationWeek, 6/12/2015
Comment7 comments  |  Read  |  Post a Comment
Apple Adds 6-Digit Passcodes And A Splash Of 2FA To iOS9
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Unknown devices must be confirmed with verification codes.
By Sara Peters Senior Editor at Dark Reading, 6/11/2015
Comment0 comments  |  Read  |  Post a Comment
iOS Mail App Vulnerable To Phishing Bug
Nathan Eddy, Freelance WriterNews
An unpatched bug in Apple's Mail app for iOS mobile devices could easily fool users into giving up their iCloud passwords to phishing hackers.
By Nathan Eddy Freelance Writer, 6/11/2015
Comment1 Comment  |  Read  |  Post a Comment
Firewalls Sustain Foundation of Sound Security
Jody Brazil, Founder and CEO of FireMonCommentary
Simply put, organizations that cannot maintain rigid firewall enforcement are more likely to be compromised.
By Jody Brazil Founder and CEO of FireMon, 6/10/2015
Comment1 Comment  |  Read  |  Post a Comment
Why the Firewall is Increasingly Irrelevant
Asaf Cidon, CEO & Co-founder, SookasaCommentary
It will take a dramatic reimagining of security to dedicate focus to the areas where company data actually resides. It starts with tearing down the firewall.
By Asaf Cidon CEO & Co-founder, Sookasa, 6/10/2015
Comment4 comments  |  Read  |  Post a Comment
Tim Cook: Customers, Not Companies, Should Control Their Data
Nathan Eddy, Freelance WriterNews
Apple CEO Tim Cook told a crowd that consumer data should be theirs to keep and not used to make businesses money. He targeted Google and Facebook without mentioning them.
By Nathan Eddy Freelance Writer, 6/3/2015
Comment9 comments  |  Read  |  Post a Comment
Google Play Ban Challenged By App Maker Disconnect
Thomas Claburn, Editor at Large, Enterprise MobilityNews
The dispute raises an important question for individuals and businesses: Who controls the software on mobile devices?
By Thomas Claburn Editor at Large, Enterprise Mobility, 6/3/2015
Comment0 comments  |  Read  |  Post a Comment
IoT Devices Hosted On Vulnerable Clouds In 'Bad Neighborhoods'
Sara Peters, Senior Editor at Dark ReadingNews
OpenDNS report finds that organizations may be more susceptible to Internet of Things devices than they realize.
By Sara Peters Senior Editor at Dark Reading, 6/2/2015
Comment1 Comment  |  Read  |  Post a Comment
3 Lessons From Heartland Breach The Second Time Around
Ericka Chickowski, Contributing Writer, Dark ReadingNews
While not even a drop in the bucket compared to its last breach, Heartland's exposure this week does offer some lessons to the security community.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/2/2015
Comment1 Comment  |  Read  |  Post a Comment
NSA Wanted To Hack Google App Store, Infect Android Phones
Eric Zeman, Commentary
The NSA and its Five Eyes allies researched a man-in-the-middle attack to infect Android smartphone users by hacking Google's App Store. It's the last revelation from Edward Snowden.
By Eric Zeman , 5/21/2015
Comment20 comments  |  Read  |  Post a Comment
Google, Apple Urge Obama To Protect Phone Data Privacy
Nathan Eddy, Freelance WriterNews
The letter, signed by Google, Apple, and a number of tech companies and security organizations, is urging Obama to halt legislation that would allow government to access personal data stored on mobile devices.
By Nathan Eddy Freelance Writer, 5/19/2015
Comment1 Comment  |  Read  |  Post a Comment
Deconstructing Mobile Fraud Risk
Subbu Sthanu, Director, Mobile Security & Application Security, IBMCommentary
Todayís enterprise security solutions donít do enough to manage BYOD risk, credit card theft and the reputational damage resulting from a major data breach.
By Subbu Sthanu Director, Mobile Security & Application Security, IBM, 5/5/2015
Comment1 Comment  |  Read  |  Post a Comment
Free Android Apps Secretly Talk To Ad, Tracking Sites
Eric Zeman, Commentary
Researchers are warning about misleading Google Play app behaviors and are calling for more visibility into Android applications' connection policies.
By Eric Zeman , 5/4/2015
Comment3 comments  |  Read  |  Post a Comment
Wi-Fi Woes Continue To Plague Infosec
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Several pieces of research coincide to send the message that hotspot connectivity is probably always going to be a sore spot for security.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/30/2015
Comment8 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If youíre still focused on securing endpoints, youíve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-1913
Published: 2015-06-30
Rational Test Control Panel in IBM Rational Test Workbench and Rational Test Virtualization Server 8.0.0.x before 8.0.0.5, 8.0.1.x before 8.0.1.6, 8.5.0.x before 8.5.0.4, 8.5.1.x before 8.5.1.5, 8.6.0.x before 8.6.0.4, and 8.7.0.x before 8.7.0.2 uses the MD5 algorithm for password hashing, which mak...

CVE-2015-4227
Published: 2015-06-30
Memory leak in Cisco Headend System Release allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, aka Bug ID CSCus91838.

CVE-2015-4229
Published: 2015-06-30
The web framework in Cisco Unified Communications Domain Manager 8.1(4)ER1 allows remote attackers to obtain sensitive information by visiting a bvsmweb URL, aka Bug ID CSCuq22589.

CVE-2015-0196
Published: 2015-06-29
CRLF injection vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 before 7.0.0.8 Cumulative iFix 2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

CVE-2015-0545
Published: 2015-06-29
EMC Unisphere for VMAX 8.x before 8.0.3.4 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report