Mobile
News & Commentary
7 Deadly Sins That Get Users Hacked
Ericka Chickowski, Contributing Writer, Dark Reading
How users and their endpoints are leveraged by the bad guys to eventually find their way to critical data
By Ericka Chickowski Contributing Writer, Dark Reading, 4/16/2015
Comment7 comments  |  Read  |  Post a Comment
Verizon DBIR: Mobile Devices Not A Factor In Real-World Attacks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New annual Verizon Data Breach Investigations Report shows most attacks affect a secondary victim, the average cost of a data breach is just 58 cents per stolen record -- and attackers are not going after mobile en masse.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/14/2015
Comment2 comments  |  Read  |  Post a Comment
Apple Patches 'Darwin Nuke,' Other Security Flaws With New OS Releases
Jai Vijayan, Freelance writerNews
Denial-of-service flaw discovered by researchers at Kaspersky Lab could affect Apple users' corporate networks.
By Jai Vijayan Freelance writer, 4/10/2015
Comment0 comments  |  Read  |  Post a Comment
The Good & Bad Of BYOD
Michele Chubirka, Security ArchitectCommentary
BYOD has very little to do with technology and everything to do with security, organizational politics, and human psychology.
By Michele Chubirka Security Architect, 4/3/2015
Comment4 comments  |  Read  |  Post a Comment
Google: Less Than 1% Of Androids Have Potentially Harmful App Installed
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Google's Android security report shows that devices that only install apps from the Google Play store have fewer infections.
By Sara Peters Senior Editor at Dark Reading, 4/2/2015
Comment1 Comment  |  Read  |  Post a Comment
Salesforce Acquires Mobile Authentication Specialist Toopher
Nathan Eddy, Freelance WriterNews
Salesforce is looking to add to its identity and access management offering by acquiring start-up Toopher. Financial details were not disclosed.
By Nathan Eddy Freelance Writer, 4/2/2015
Comment0 comments  |  Read  |  Post a Comment
Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks
Jai Vijayan, Freelance writerNews
A flaw in a popular router product may have exposed millions of hotel guests, researchers from Cylance say.
By Jai Vijayan Freelance writer, 3/27/2015
Comment2 comments  |  Read  |  Post a Comment
The Internet Of Bring-Your-Own Things
David Lindner, Global Practice Manager, Mobile Application Security Services, Aspect SecurityCommentary
Devices and interconnected systems are finding a foothold not only in our homes but in mainstream organizations. Here are three tips to mitigate the risk.
By David Lindner Global Practice Manager, Mobile Application Security Services, Aspect Security, 3/25/2015
Comment1 Comment  |  Read  |  Post a Comment
New Secure Online Check-Out Tech Goes For Less Friction, More Biometrics
Sara Peters, Senior Editor at Dark ReadingNews
BioCatch, Zumigo, and Alibaba release tools to help merchants avoid those pesky charge-back costs.
By Sara Peters Senior Editor at Dark Reading, 3/24/2015
Comment2 comments  |  Read  |  Post a Comment
Google Testing On-Body Detection Tool For Android Smartphones
Eric Zeman, Commentary
With Google's new On-Body Detection Tool, Android phones will remain unlocked as long as they are in your hand or pocket. However, there are security concerns.
By Eric Zeman , 3/23/2015
Comment6 comments  |  Read  |  Post a Comment
Rush To Release Resulting In Vulnerable Mobile Apps
Jai Vijayan, Freelance writerNews
IT organizations overlooking security in their haste to crank out mobile apps, Ponemon Institute report finds.
By Jai Vijayan Freelance writer, 3/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Google Play Store Apps Draw New Scrutiny
Eric Zeman, News
Google is now closely monitoring apps in the Play Store. In addition, the company is providing app ratings in order to protect users.
By Eric Zeman , 3/17/2015
Comment2 comments  |  Read  |  Post a Comment
BlackBerry Looks To Revive Relevance By Doubling Down On Security
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Company launches new uber-secure tablet built on Samsung hardware, teams with IBM.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/17/2015
Comment1 Comment  |  Read  |  Post a Comment
Most Companies Expect To Be Hacked In The Next 12 Months
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security spending increases, while confidence in stopping cyber attacks decreases, new report shows.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/16/2015
Comment18 comments  |  Read  |  Post a Comment
Yahoo's One-Time Passwords Have Security Experts Divided
Sara Peters, Senior Editor at Dark ReadingNews
Better protection from keyloggers, but you'd better not lose your phone, Yahoo users.
By Sara Peters Senior Editor at Dark Reading, 3/16/2015
Comment7 comments  |  Read  |  Post a Comment
Study: Enterprises Losing Faith In Digital Certificates, Crytographic Keys
Tim Wilson, Editor in Chief, Dark ReadingNews
On the heels of Heartbleed and other vulnerabilities, many enterprises are not confident in the ability of digital certificates to protect their data, Ponemon report says
By Tim Wilson Editor in Chief, Dark Reading, 3/12/2015
Comment2 comments  |  Read  |  Post a Comment
DroppedIn Vuln Links Victims' Androids To Attackers' DropBoxes
Sara Peters, Senior Editor at Dark ReadingNews
DropBox released a patch quick, but unpatched vulnerable Android apps that use the DropBox SDK may let attackers open up a two-way highway between victim Droids and their own Boxes.
By Sara Peters Senior Editor at Dark Reading, 3/11/2015
Comment1 Comment  |  Read  |  Post a Comment
8 Android Security Concerns That Should Scare IT
Andrew Froehlich, President & Lead Network Architect, West Gate Networks
Even though mobile operating systems such as Android are superior to PCs when it comes to protecting against security threats, there still are several concerns that IT should beware.
By Andrew Froehlich President & Lead Network Architect, West Gate Networks, 3/10/2015
Comment19 comments  |  Read  |  Post a Comment
Apple Pay Fraud Gives Us A New Reason To Hate Data Breaches And SSNs
Sara Peters, Senior Editor at Dark ReadingNews
There may already be millions of dollars in losses, but you can't blame Apple for this one.
By Sara Peters Senior Editor at Dark Reading, 3/4/2015
Comment16 comments  |  Read  |  Post a Comment
A ‘Building Code’ For Internet of Things Security, Privacy
Greg Shannon, Ph.D., chair, IEEE Cybersecurity Initiative & Chief Scientist, CERT Division, Carnegie Mellon University Software Engineering InstituteCommentary
In the fast-emerging IoT, medical device safety is reaching a critical juncture. Here are three challenges InfoSec professionals should begin to think about now.
By Greg Shannon Ph.D., chair, IEEE Cybersecurity Initiative & Chief Scientist, CERT Division, Carnegie Mellon University Software Engineering Institute, 3/4/2015
Comment6 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: nice one
Current Issue
Flash Poll
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-1235
Published: 2015-04-19
The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element.

CVE-2015-1236
Published: 2015-04-19
The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a cr...

CVE-2015-1237
Published: 2015-04-19
Use-after-free vulnerability in the RenderFrameImpl::OnMessageReceived function in content/renderer/render_frame_impl.cc in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger renderer IPC messages ...

CVE-2015-1238
Published: 2015-04-19
Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.

CVE-2015-1240
Published: 2015-04-19
gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebGL program that triggers a state inconsistency.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.