Mobile
News & Commentary
Mobile Device Makers Increasingly Embrace Bug Bounty Programs
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Samsung is the latest to join a small group of smartphone makers to cast their net wide on catching vulnerabilities in their devices.
By Dawn Kawamoto Associate Editor, Dark Reading, 12/15/2017
Comment0 comments  |  Read  |  Post a Comment
BlueBorne Attack Highlights Flaws in Linux, IoT Security
Kelly Sheridan, Associate Editor, Dark ReadingNews
Bluetooth vulnerabilities let attackers control devices running Linux or any OS derived from it, putting much of the Internet of Things at risk, including popular consumer products.
By Kelly Sheridan Associate Editor, Dark Reading, 12/14/2017
Comment2 comments  |  Read  |  Post a Comment
Google Play Offered Fewer Blacklisted Mobile Apps in Q3
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Third-party AndroidAPKDescargar store carried the most blacklisted mobile apps.
By Dawn Kawamoto Associate Editor, Dark Reading, 12/13/2017
Comment0 comments  |  Read  |  Post a Comment
8 Out of 10 Employees Use Unencrypted USB Devices
Dark Reading Staff, Quick Hits
Security policies for USB drivers are severely outdated or inadequate, a report finds.
By Dark Reading Staff , 12/12/2017
Comment0 comments  |  Read  |  Post a Comment
Employees on Public WiFi Rarely Face Man-in-the-Middle Attacks
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Employees' corporate mobile devices are connected to WiFi networks on average 74% of the time.
By Dawn Kawamoto Associate Editor, Dark Reading, 12/12/2017
Comment0 comments  |  Read  |  Post a Comment
Android Ransomware Kits on the Rise in the Dark Web
Dawn Kawamoto, Associate Editor, Dark ReadingNews
More than 5,000 Android ransomware kit listings have been spotted so far this year, with the median price range hitting $200.
By Dawn Kawamoto Associate Editor, Dark Reading, 12/7/2017
Comment0 comments  |  Read  |  Post a Comment
Man-in-the-Middle Flaw in Major Banking, VPN Apps Exposes Millions
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New research from University of Birmingham emphasizes importance of securing high-risk mobile apps.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/7/2017
Comment0 comments  |  Read  |  Post a Comment
The Rising Dangers of Unsecured IoT Technology
Danielle Jackson, Chief Information Security Officer, SecureAuthCommentary
As government regulation looms, the security industry must take a leading role in determining whether the convenience of the Internet of Things is worth the risk and compromise of unsecured devices.
By Danielle Jackson Chief Information Security Officer, SecureAuth, 12/4/2017
Comment1 Comment  |  Read  |  Post a Comment
Tips for Writing Better Infosec Job Descriptions
Kelly Sheridan, Associate Editor, Dark ReadingNews
Security leaders frustrated with their talent search may be searching for the wrong skills and qualifications.
By Kelly Sheridan Associate Editor, Dark Reading, 12/4/2017
Comment1 Comment  |  Read  |  Post a Comment
Hacked IV Pumps and Digital Smart Pens Can Lead to Data Breaches
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Researcher to reveal IoT medical device dangers at Black Hat Europe this week.
By Dawn Kawamoto Associate Editor, Dark Reading, 12/4/2017
Comment2 comments  |  Read  |  Post a Comment
Sallie Mae CISO: 4 Technologies That Will Shape IT Security
Dawn Kawamoto, Associate Editor, Dark ReadingNews
'The world as we know it will vanish,' according to Jerry Archer.
By Dawn Kawamoto Associate Editor, Dark Reading, 12/1/2017
Comment0 comments  |  Read  |  Post a Comment
Lawsuits Pile Up on Uber
Steve Zurier, Freelance WriterNews
Washington AG files multimillion-dollar consumer protection lawsuit; multiple states also confirm they are investigating the Uber breach, which means more lawsuits may follow.
By Steve Zurier Freelance Writer, 11/30/2017
Comment2 comments  |  Read  |  Post a Comment
5 Free or Low-Cost Security Tools for Defenders
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Not all security tools are pricey.
By Dawn Kawamoto Associate Editor, Dark Reading, 11/30/2017
Comment1 Comment  |  Read  |  Post a Comment
Samsung's Mobile Device Bug Bounty Program Gets a Boost
Dark Reading Staff, Quick Hits
Samsung Electronics partners with Bugcrowd to deliver timely payments for its Mobile Security Rewards Program.
By Dark Reading Staff , 11/29/2017
Comment2 comments  |  Read  |  Post a Comment
Retail and Hospitality Breaches Declined Over Past 2 Years
Dawn Kawamoto, Associate Editor, Dark ReadingNews
A drop in publicly disclosed breaches for the two industries is due in part to fewer point-of-sale breaches.
By Dawn Kawamoto Associate Editor, Dark Reading, 11/28/2017
Comment0 comments  |  Read  |  Post a Comment
New BankBot Version Avoids Detection in Google Play -- Again
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Mobile banking Trojan BankBot uses a unique payload downloading technique to skip past Google Play Protect.
By Dawn Kawamoto Associate Editor, Dark Reading, 11/27/2017
Comment0 comments  |  Read  |  Post a Comment
Thoma Bravo to Acquire Barracuda Networks for $1.6 billion
Dark Reading Staff, Quick Hits
The cloud email security and management company accepts buyout offer as a means to accelerate its growth.
By Dark Reading Staff , 11/27/2017
Comment0 comments  |  Read  |  Post a Comment
Samsung Pay Leaks Mobile Device Information
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Researcher at Black Hat Europe will show how Samsung Pay's security falls short and ways attackers could potentially bypass it.
By Dawn Kawamoto Associate Editor, Dark Reading, 11/22/2017
Comment0 comments  |  Read  |  Post a Comment
6 Real Black Friday Phishing Lures
Dawn Kawamoto, Associate Editor, Dark Reading
As the mega-shopping day approaches, here's a look at six examples of phishing attacks - and ways to avoid taking the bait.
By Dawn Kawamoto Associate Editor, Dark Reading, 11/21/2017
Comment1 Comment  |  Read  |  Post a Comment
DDoS Attack Attempts Doubled in 6 Months
Dark Reading Staff, Quick Hits
Organizations face an average of eight attempts a day, up from an average of four per day at the beginning of this year.
By Dark Reading Staff , 11/20/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by JosephJacoby
Current Conversations nice
In reply to: nice
Post Your Own Reply
More Conversations
PR Newswire
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
BlueBorne Attack Highlights Flaws in Linux, IoT Security
Kelly Sheridan, Associate Editor, Dark Reading,  12/14/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.