Mobile

News & Commentary
IoT Medical Devices a Major Security Worry in Healthcare, Survey Shows
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Healthcare providers, manufacturers, and regulators say cybersecurity risks of IoT medical devices and connected legacy systems a top concern.
By Dawn Kawamoto Associate Editor, Dark Reading, 8/15/2017
Comment0 comments  |  Read  |  Post a Comment
Broadcom Chipset Bug in Android, iOS Smartphones Allows Remote Attack
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Security researcher found a common flaw in Android and iOS smartphone chipsets that could allow a remote exploit to be unleashed on millions of devices.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/27/2017
Comment1 Comment  |  Read  |  Post a Comment
Facebook Offers $1 Million for New Security Defenses
Dawn Kawamoto, Associate Editor, Dark ReadingNews
The social media giant has increased the size of its Internet Defense Prize program in order to spur more research into ways to defend users against the more prevalent and common methods of attack.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/26/2017
Comment0 comments  |  Read  |  Post a Comment
Custom Source Code Accounts for 93% of App Vulnerabilities
Dark Reading Staff, Quick Hits
A new study finds that third-party libraries account for 79% of the code found in apps, but only 7% of the vulnerabilities found in the software.
By Dark Reading Staff , 7/25/2017
Comment0 comments  |  Read  |  Post a Comment
Healthcare Industry Lacks Awareness of IoT Threat, Survey Says
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Three-quarters of IT decision makers report they are "confident" or "very confident" that portable and connected medical devices are secure on their networks.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/20/2017
Comment10 comments  |  Read  |  Post a Comment
'AVPass' Sneaks Malware Past Android Antivirus Apps
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers at Black Hat USA will release a toolset that studies and then cheats specific Android AV apps.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/19/2017
Comment1 Comment  |  Read  |  Post a Comment
Apple iOS Malware Growth Outpaces that of Android
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Number of iOS devices running malicious apps more than tripled in three consecutive quarters, while infected Android devices remained largely flat, report shows.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/18/2017
Comment0 comments  |  Read  |  Post a Comment
Symantec Snaps Up Skycure in Mobile Security Move
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Acquisition fills gap in Symantec's Apple iOS mobile security strategy - and addresses the future of 'mobile first,' Symantec CEO says.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/11/2017
Comment0 comments  |  Read  |  Post a Comment
IoT Physical Attack Exploit to be Revealed at Black Hat
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Security researcher Billy Rios plans to demonstrate how an exploit can cause an IoT device to launch a physical attack against a human.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/7/2017
Comment1 Comment  |  Read  |  Post a Comment
Hacking the State of the ISIS Cyber Caliphate
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers say Islamic State's United Cyber Caliphate remains in its infancy when it comes to cyberattack expertise.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/6/2017
Comment0 comments  |  Read  |  Post a Comment
CopyCat Malware Infects 14 Million Android Devices
Dawn Kawamoto, Associate Editor, Dark ReadingNews
A new malware strain is discovered with a novel approach to infecting Android handheld devices with adware.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/6/2017
Comment0 comments  |  Read  |  Post a Comment
Researchers Build Firewall to Deflect SS7 Attacks
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Security researchers will release an open-source SS7 firewall at Black Hat USA that aims to bolster security of mobile operators' core networks.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/5/2017
Comment0 comments  |  Read  |  Post a Comment
Why Enterprise Security Needs a New Focus
Kirsten Bay, President and CEO, Cyber adAPTCommentary
The WannaCry ransomware attack shows patching and perimeter defenses aren't enough. Enterprises should combine preventative measures with threat detection tactics.
By Kirsten Bay President and CEO, Cyber adAPT, 6/29/2017
Comment7 comments  |  Read  |  Post a Comment
FBI Highlights BEC, Tech Support Scams, Ransomware Concerns
Kelly Sheridan, Associate Editor, Dark ReadingNews
The 2016 Internet Crime Report found tech support fraud, business email compromise, and ransomware were major fraud categories last year.
By Kelly Sheridan Associate Editor, Dark Reading, 6/26/2017
Comment0 comments  |  Read  |  Post a Comment
Android Marcher Variant Makes Rounds as Adobe Flash Player Update
Dark Reading Staff, Quick Hits
Zscaler researchers discover a new variant of the Android Marcher malware, which aims to steal online banking credentials and credit card information.
By Dark Reading Staff , 6/23/2017
Comment0 comments  |  Read  |  Post a Comment
Apple iOS Threats Fewer Than Android But More Deadly
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Data leakage and corruption haunt iOS and Android mobile apps the most, a new study shows.
By Dawn Kawamoto Associate Editor, Dark Reading, 6/20/2017
Comment5 comments  |  Read  |  Post a Comment
Samsung KNOX Takes Some Knocks
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Researcher at Black Hat USA will reveal Samsung KNOX 2.6 vulnerabilities and bypass techniques, and notes that new KNOX 2.8 may be at risk as well.
By Dawn Kawamoto Associate Editor, Dark Reading, 6/15/2017
Comment0 comments  |  Read  |  Post a Comment
WannaCry 'Scareware' Driving Downloads of Bogus Anti-Virus Apps
Dark Reading Staff, Quick Hits
Fake anti-virus apps account for 12.2% of active AV apps in the Google Play store, of which roughly one in 10 are blacklisted, according to a report released today.
By Dark Reading Staff , 6/13/2017
Comment0 comments  |  Read  |  Post a Comment
FTC Issues Advice on Mobile Phone Data Security, Identity Theft
Dark Reading Staff, Quick Hits
The Federal Trade Commission offers hindsight and foresight on ways to reduce identity theft should your mobile device get stolen.
By Dark Reading Staff , 6/12/2017
Comment1 Comment  |  Read  |  Post a Comment
Number of CISOs Rose 15% This Year
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Although the number of CISOs increased to 65% of organizations, it could just be a case of "window dressing," new ISACA report shows.
By Dawn Kawamoto Associate Editor, Dark Reading, 6/5/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: No, no, no! Have a Unix CRON do the pop-up reminders!
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.