Mobile
News & Commentary
7 Deadly Sins That Get Users Hacked
Ericka Chickowski, Contributing Writer, Dark Reading
How users and their endpoints are leveraged by the bad guys to eventually find their way to critical data
By Ericka Chickowski Contributing Writer, Dark Reading, 4/16/2015
Comment9 comments  |  Read  |  Post a Comment
Verizon DBIR: Mobile Devices Not A Factor In Real-World Attacks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New annual Verizon Data Breach Investigations Report shows most attacks affect a secondary victim, the average cost of a data breach is just 58 cents per stolen record -- and attackers are not going after mobile en masse.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/14/2015
Comment2 comments  |  Read  |  Post a Comment
Apple Patches 'Darwin Nuke,' Other Security Flaws With New OS Releases
Jai Vijayan, Freelance writerNews
Denial-of-service flaw discovered by researchers at Kaspersky Lab could affect Apple users' corporate networks.
By Jai Vijayan Freelance writer, 4/10/2015
Comment0 comments  |  Read  |  Post a Comment
The Good & Bad Of BYOD
Michele Chubirka, Security ArchitectCommentary
BYOD has very little to do with technology and everything to do with security, organizational politics, and human psychology.
By Michele Chubirka Security Architect, 4/3/2015
Comment4 comments  |  Read  |  Post a Comment
Google: Less Than 1% Of Androids Have Potentially Harmful App Installed
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Google's Android security report shows that devices that only install apps from the Google Play store have fewer infections.
By Sara Peters Senior Editor at Dark Reading, 4/2/2015
Comment1 Comment  |  Read  |  Post a Comment
Salesforce Acquires Mobile Authentication Specialist Toopher
Nathan Eddy, Freelance WriterNews
Salesforce is looking to add to its identity and access management offering by acquiring start-up Toopher. Financial details were not disclosed.
By Nathan Eddy Freelance Writer, 4/2/2015
Comment0 comments  |  Read  |  Post a Comment
Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks
Jai Vijayan, Freelance writerNews
A flaw in a popular router product may have exposed millions of hotel guests, researchers from Cylance say.
By Jai Vijayan Freelance writer, 3/27/2015
Comment2 comments  |  Read  |  Post a Comment
The Internet Of Bring-Your-Own Things
David Lindner, Global Practice Manager, Mobile Application Security Services, Aspect SecurityCommentary
Devices and interconnected systems are finding a foothold not only in our homes but in mainstream organizations. Here are three tips to mitigate the risk.
By David Lindner Global Practice Manager, Mobile Application Security Services, Aspect Security, 3/25/2015
Comment1 Comment  |  Read  |  Post a Comment
New Secure Online Check-Out Tech Goes For Less Friction, More Biometrics
Sara Peters, Senior Editor at Dark ReadingNews
BioCatch, Zumigo, and Alibaba release tools to help merchants avoid those pesky charge-back costs.
By Sara Peters Senior Editor at Dark Reading, 3/24/2015
Comment2 comments  |  Read  |  Post a Comment
Google Testing On-Body Detection Tool For Android Smartphones
Eric Zeman, Commentary
With Google's new On-Body Detection Tool, Android phones will remain unlocked as long as they are in your hand or pocket. However, there are security concerns.
By Eric Zeman , 3/23/2015
Comment6 comments  |  Read  |  Post a Comment
Rush To Release Resulting In Vulnerable Mobile Apps
Jai Vijayan, Freelance writerNews
IT organizations overlooking security in their haste to crank out mobile apps, Ponemon Institute report finds.
By Jai Vijayan Freelance writer, 3/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Google Play Store Apps Draw New Scrutiny
Eric Zeman, News
Google is now closely monitoring apps in the Play Store. In addition, the company is providing app ratings in order to protect users.
By Eric Zeman , 3/17/2015
Comment2 comments  |  Read  |  Post a Comment
BlackBerry Looks To Revive Relevance By Doubling Down On Security
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Company launches new uber-secure tablet built on Samsung hardware, teams with IBM.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/17/2015
Comment1 Comment  |  Read  |  Post a Comment
Most Companies Expect To Be Hacked In The Next 12 Months
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security spending increases, while confidence in stopping cyber attacks decreases, new report shows.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/16/2015
Comment18 comments  |  Read  |  Post a Comment
Yahoo's One-Time Passwords Have Security Experts Divided
Sara Peters, Senior Editor at Dark ReadingNews
Better protection from keyloggers, but you'd better not lose your phone, Yahoo users.
By Sara Peters Senior Editor at Dark Reading, 3/16/2015
Comment7 comments  |  Read  |  Post a Comment
Study: Enterprises Losing Faith In Digital Certificates, Crytographic Keys
Tim Wilson, Editor in Chief, Dark ReadingNews
On the heels of Heartbleed and other vulnerabilities, many enterprises are not confident in the ability of digital certificates to protect their data, Ponemon report says
By Tim Wilson Editor in Chief, Dark Reading, 3/12/2015
Comment2 comments  |  Read  |  Post a Comment
DroppedIn Vuln Links Victims' Androids To Attackers' DropBoxes
Sara Peters, Senior Editor at Dark ReadingNews
DropBox released a patch quick, but unpatched vulnerable Android apps that use the DropBox SDK may let attackers open up a two-way highway between victim Droids and their own Boxes.
By Sara Peters Senior Editor at Dark Reading, 3/11/2015
Comment1 Comment  |  Read  |  Post a Comment
8 Android Security Concerns That Should Scare IT
Andrew Froehlich, President & Lead Network Architect, West Gate Networks
Even though mobile operating systems such as Android are superior to PCs when it comes to protecting against security threats, there still are several concerns that IT should beware.
By Andrew Froehlich President & Lead Network Architect, West Gate Networks, 3/10/2015
Comment19 comments  |  Read  |  Post a Comment
Apple Pay Fraud Gives Us A New Reason To Hate Data Breaches And SSNs
Sara Peters, Senior Editor at Dark ReadingNews
There may already be millions of dollars in losses, but you can't blame Apple for this one.
By Sara Peters Senior Editor at Dark Reading, 3/4/2015
Comment16 comments  |  Read  |  Post a Comment
A ‘Building Code’ For Internet of Things Security, Privacy
Greg Shannon, Ph.D., chair, IEEE Cybersecurity Initiative & Chief Scientist, CERT Division, Carnegie Mellon University Software Engineering InstituteCommentary
In the fast-emerging IoT, medical device safety is reaching a critical juncture. Here are three challenges InfoSec professionals should begin to think about now.
By Greg Shannon Ph.D., chair, IEEE Cybersecurity Initiative & Chief Scientist, CERT Division, Carnegie Mellon University Software Engineering Institute, 3/4/2015
Comment6 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-1701
Published: 2015-04-21
Unspecified vulnerability in Microsoft Windows before 8 allows local users to gain privileges via unknown vectors, as exploited in the wild in April 2015.

CVE-2015-2041
Published: 2015-04-21
net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.

CVE-2015-2042
Published: 2015-04-21
net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.

CVE-2015-0702
Published: 2015-04-20
Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712.

CVE-2015-0703
Published: 2015-04-20
Cross-site scripting (XSS) vulnerability in the administrative web interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus95857.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.