Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Mobile posted in January 2018
700,000 Bad Apps Deleted from Google Play in 2017
Quick Hits  |  1/31/2018  | 
Google rejected 99% of apps with abusive content before anyone could install them, according to a 2017 security recap.
Strava Fitness App Shares Secret Army Base Locations
Quick Hits  |  1/29/2018  | 
The exercise tracker published a data visualization map containing exercise routes shared by soldiers on active duty.
Endpoint and Mobile Top Security Spending at 57% of Businesses
Quick Hits  |  1/26/2018  | 
Businesses say data-at-rest security tools are most effective at preventing breaches, but spend most of their budgets securing endpoint and mobile devices.
Dark Caracal Campaign Breaks New Ground with Focus on Mobile Devices
News  |  1/23/2018  | 
This is the first known global-scale campaign primarily focused on stealing data from Android devices, Lookout and EFF say.
Google Pays Researcher Record $112,500 for Android Flaw
Quick Hits  |  1/19/2018  | 
The bug bounty reward, given to a researcher who submitted a working remote exploit chain, is Google's highest for an Android bug.
Kaspersky Lab Warns of Extremely Sophisticated Android Spyware Tool
News  |  1/16/2018  | 
Skygofree appears to have been developed for lawful intercept, offensive surveillance purposes.
Top 3 Pitfalls of Securing the Decentralized Enterprise
Partner Perspectives  |  1/16/2018  | 
Doubling down on outdated security practices while the number of users leveraging your enterprise network grows is a race to the bottom for businesses moving to distributed workflows.
Majority of Companies Lack Sufficient IoT Policy Enforcement Tools
Quick Hits  |  1/12/2018  | 
Shortfall exists despite nearly all global technology enterprise companies having security policies to manage IoT devices.
Responding to the Rise of Fileless Attacks
News  |  1/11/2018  | 
Fileless attacks, easier to conduct and more effective than traditional malware-based threats, pose a growing challenge to enterprise targets.
Vulnerable Mobile Apps: The Next ICS/SCADA Cyber Threat
News  |  1/11/2018  | 
Researchers find nearly 150 vulnerabilities in SCADA mobile apps downloadable from Google Play.
Wi-Fi Alliance Launches WPA2 Enhancements and Debuts WPA3
News  |  1/8/2018  | 
WPA2 protocol enhancements bring stronger security protection and best practices, while new WPA3 protocol offers new security capabilities.
Cyxtera Technologies to Acquire Immunity
Quick Hits  |  1/8/2018  | 
Deal will bring penetration testing products and services to Cyxtera's threat analytics portfolio.
Uber's Biggest Mistake: It Wasn't Paying Ransom
Commentary  |  1/4/2018  | 
Rather than scrambling to deal with attacks after the fact, companies need to focus on improving detection capabilities with tools that help them work within data laws, not outside of them.
In Mobile, It's Back to the Future
Commentary  |  1/3/2018  | 
The mobile industry keeps pushing forward while overlooking some security concerns of the past.


How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3318
PUBLISHED: 2021-01-27
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.
CVE-2020-5427
PUBLISHED: 2021-01-27
In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.
CVE-2020-5428
PUBLISHED: 2021-01-27
In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer.
CVE-2021-20357
PUBLISHED: 2021-01-27
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963.
CVE-2020-4865
PUBLISHED: 2021-01-27
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741.