Mobile
News & Commentary
Stagefright Android Bug: 'Heartbleed for Mobile' But Harder To Patch
Sara Peters, Senior Editor at Dark ReadingNews
Critical vulnerability in Android's multimedia playback engine is easy to exploit, requires no user interaction, and affects 95 percent of Android devices.
By Sara Peters Senior Editor at Dark Reading, 7/27/2015
Comment0 comments  |  Read  |  Post a Comment
iPhone Kill Switch: How Effective Is It?
Eric Zeman, Commentary
A new report shows that the iPhone kill switch may not be as effective as first thought. What does this mean for other smartphone kill switches?
By Eric Zeman , 7/27/2015
Comment4 comments  |  Read  |  Post a Comment
Chrysler Recalls 1.4 Million Vehicles After Jeep Hacking Demo
Dark Reading Staff, Quick Hits
National Highway Traffic Safety Administration will be watching to see if it works.
By Dark Reading Staff , 7/24/2015
Comment1 Comment  |  Read  |  Post a Comment
Smartwatches Could Become New Frontier for Cyber Attackers
Jai Vijayan, Freelance writerNews
Every single smartwatch tested in a recent study by HP had serious security weaknesses.
By Jai Vijayan Freelance writer, 7/24/2015
Comment1 Comment  |  Read  |  Post a Comment
Mobile App Security: 4 Critical Issues
Subbu Sthanu, Director, Mobile Security & Application Security, IBMCommentary
Securing the mobile workforce in the age of BYOD is no easy task. You can begin with these four measures.
By Subbu Sthanu Director, Mobile Security & Application Security, IBM, 7/17/2015
Comment3 comments  |  Read  |  Post a Comment
Adobe Flash Failure Shows Plug-Ins Are Obsolete
Larry Loeb, Blogger, InformationweekCommentary
This week's Flash failure also illustrates why plug-ins need to go. One solution to all of this is HTML5.
By Larry Loeb Blogger, Informationweek, 7/15/2015
Comment11 comments  |  Read  |  Post a Comment
Mozilla Kills Flash On Firefox As Adobe Rushes Patch
Nathan Eddy, Freelance WriterNews
It's another nail in the coffin for Adobe's Flash platform as Mozilla disables it from running on the company's Firefox Web browser.
By Nathan Eddy Freelance Writer, 7/14/2015
Comment11 comments  |  Read  |  Post a Comment
Inside A Vicious DDoS Attack
Anthony Lye, President & CEO Chief Executive Officer, HotSchedulesCommentary
What it's really like to fend off a relentless distributed denial-of-service attack.
By Anthony Lye President & CEO Chief Executive Officer, HotSchedules, 7/14/2015
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Radio: Firewall Smackdown
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Is there a future for the venerable firewall? Security CEOs Asaf Cidon of Sookasa and Jody Brazil of FireMon debate the issues in our latest radio show.
By Marilyn Cohodas Community Editor, Dark Reading, 7/13/2015
Comment1 Comment  |  Read  |  Post a Comment
6 Emerging Android Threats
Sara Peters, Senior Editor at Dark Reading
A peek at some of the Android vulnerabilities and malware that will be revealed at Black Hat USA next month.
By Sara Peters Senior Editor at Dark Reading, 7/7/2015
Comment1 Comment  |  Read  |  Post a Comment
iOS 8.4, Mac OS X Updates Plug Vulnerabilities
Eric Zeman, Commentary
Apple released its iOS 8.4 and Mac OS X 10.10.4 updates that add Apple Music and tackle a range of security problems.
By Eric Zeman , 7/1/2015
Comment1 Comment  |  Read  |  Post a Comment
Android Malware On The Rise
Sara Peters, Senior Editor at Dark ReadingNews
By the end of 2015, researchers expect the number of new Android malware strains to hit 2 million.
By Sara Peters Senior Editor at Dark Reading, 7/1/2015
Comment1 Comment  |  Read  |  Post a Comment
Getting To Yes: Negotiating Technology Innovation & Security Risk
Tsion Gonen , Chief Strategy Office, Gemalto, Identity & Data ProtectionCommentary
As enterprises look for ways to leverage the cloud, mobility, Big Data, and social media for competitive advantage, CISOs can no longer give blanket refusals to IT experimentation.
By Tsion Gonen Chief Strategy Office, Gemalto, Identity & Data Protection, 6/30/2015
Comment0 comments  |  Read  |  Post a Comment
What Do You Mean My Security Tools Don’t Work on APIs?!!
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
SAST and DAST scanners haven’t advanced much in 15 years. But the bigger problem is that they were designed for web apps, not to test the security of an API.
By Jeff Williams CTO, Aspect Security & Contrast Security, 6/25/2015
Comment9 comments  |  Read  |  Post a Comment
iOS 9, Android M Place New Focus On Security, Privacy
Pablo Valerio, International Business & IT ConsultantCommentary
Google and Apple have publicly challenged calls from law enforcement agencies to weaken encryption on consumer devices. In turn, iOS 9 and Android M will sport a string of new security and privacy features for users.
By Pablo Valerio International Business & IT Consultant, 6/24/2015
Comment5 comments  |  Read  |  Post a Comment
FitBit, Acer Liquid Leap Fail In Security Fitness
Sara Peters, Senior Editor at Dark ReadingNews
Transmissions to the cloud are secured with these Internet of Things devices, but wristband-to-phone comms are open to eavesdropping.
By Sara Peters Senior Editor at Dark Reading, 6/22/2015
Comment4 comments  |  Read  |  Post a Comment
Samsung Update Fixes SwiftKey Security Flaw
Kelly Sheridan, Associate Editor, InformationWeekNews
Samsung will release a security policy update following reports of vulnerability in SwiftKey keyboard replacement software.
By Kelly Sheridan Associate Editor, InformationWeek, 6/20/2015
Comment3 comments  |  Read  |  Post a Comment
7 Top Security Quotes From London Technology Week
Sara Peters, Senior Editor at Dark Reading
Tech events across the city hit on IoT, smart cities, mobility and Legos.
By Sara Peters Senior Editor at Dark Reading, 6/19/2015
Comment9 comments  |  Read  |  Post a Comment
600M Samsung Smartphones Vulnerable To Hacking
Larry Loeb, Blogger, InformationweekCommentary
A report from a security firms finds that Samsung's smartphones are vulnerable to attacks thanks to replacement software in the SwiftKey keyboard. However, it's not really Samsung's fault.
By Larry Loeb Blogger, Informationweek, 6/17/2015
Comment14 comments  |  Read  |  Post a Comment
Millennials And Smartphone Apps: Your Security Nightmare
Kelly Sheridan, Associate Editor, InformationWeekNews
Millennials' overall relaxed attitude towards security could be leaving your corporate data vulnerable to hackers.
By Kelly Sheridan Associate Editor, InformationWeek, 6/12/2015
Comment7 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4692
Published: 2015-07-27
The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call.

CVE-2015-1840
Published: 2015-07-26
jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space cha...

CVE-2015-1872
Published: 2015-07-26
The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via craft...

CVE-2015-2847
Published: 2015-07-26
Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream.

CVE-2015-2848
Published: 2015-07-26
Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command.

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!