Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Mobile posted in October 2017
North Korea Faces Accusations of Hacking Warship Builder Daewoo
Quick Hits  |  10/31/2017  | 
North Korea suspected by South Korea of stealing warship blueprints from Daewoo Shipbuilding & Marine Engineering.
Phishing Kits Regularly Reused by Cybercriminals
News  |  10/31/2017  | 
In 27% of cases, a phishing kit is re-used on more than one host.
Majority of Employees Hit with Ransomware Personally Make Payment
News  |  10/31/2017  | 
Office workers pay an average ransom of $1,400, according to a new report.
Security Gets Social: 10 of Dark Reading's Most Shared Stories
Slideshows  |  10/30/2017  | 
We scared up our most popular stories on Facebook, Twitter, and LinkedIn.
Identity Theft Ring Hit with Credit Card Fraud Indictment
Quick Hits  |  10/27/2017  | 
A federal grand jury indicts six individuals on criminal charges relating to credit card and debit card fraud.
Passwords Use Alone Still Trumps Multi-Factor Authentication
News  |  10/27/2017  | 
Strong authentication use overall remains weak but is starting to gain some ground with enterprises.
'Reaper' IoT Botnet Likely a DDoS-for-Hire Tool
Quick Hits  |  10/26/2017  | 
Latest IoT botnet commandeers 10,000 to 20,000 devices with an additional 2 million hosts identified.
Dark Web Marketplaces' New Home: Mobile Messaging Apps
News  |  10/26/2017  | 
Telegram, Discord, Whatsapp grow in popularity as criminals look for more alternatives to fly under the radar.
Doubling Up on AV Fails to Protect 40% of Users from Malware Attacks
News  |  10/26/2017  | 
Traditional signature-based antivirus solutions are falling short on protecting endpoints, even when there are two or more deployed.
Unpatched Bugs Rampant on Mobile Devices in Financial Services Firms
News  |  10/23/2017  | 
More than a quarter of mobile devices used by financial services employees carry known vulnerabilities, according to a recent report.
Google Play Bug Bounty Program Debuts
Quick Hits  |  10/23/2017  | 
Google teams up with HackerOne to create the Google Play Security Reward Program.
10 Social Engineering Attacks Your End Users Need to Know About
Slideshows  |  10/19/2017  | 
It's Cybersecurity Awareness Month. Make sure your users are briefed on these 10 attacker techniques that are often overlooked.
IoT Deployment Security Top Concern for Enterprises
Quick Hits  |  10/19/2017  | 
A new survey shows that 63% of respondents are worried about the impact of the Internet of Things on corporate security technologies and processes.
Malicious Minecraft Apps on Google Android Could Turn Devices into Bots
Quick Hits  |  10/18/2017  | 
New 'Sockbot' malware has 'highly flexible proxy topology' that might be leveraged for a variety of nefarious purposes.
DoubleLocker Delivers Unique Two-Punch Hit to Android
News  |  10/13/2017  | 
Combines Android ransomware with capability to change users device PINs.
IoT: Insecurity of Things or Internet of Threats?
News  |  10/11/2017  | 
Security leaders call for device manufacturers to buckle down on device security as the Internet of Things evolves.
Akamai Acquires Nominum
Quick Hits  |  10/11/2017  | 
Purchase of DNS and enterprise cybersecurity solutions company is designed to bolster Akamai's offering to telecom carriers.
Key New Security Features in Android Oreo
Slideshows  |  10/10/2017  | 
Android 8.0 Oreo marks a major revamp of Google's mobile operating system, putting in a number of new security-hardening measures.
New 4G, 5G Network Flaw 'Worrisome'
News  |  10/9/2017  | 
Weaknesses in the voice and data convergence technology can be exploited to allow cybercriminals to launch DoS attacks and hijack mobile data.
John Kelly's Personal Phone Compromised
Quick Hits  |  10/6/2017  | 
Officials fear foreign entities may have accessed White House chief of staff Kelly's phone while he was secretary of Homeland Security.
70% of US Employees Lack Security and Privacy Awareness
News  |  10/3/2017  | 
Acceptable use of social media and adherence to workplace physical security drops, new survey shows.
FBI Won't Have to Reveal iPhone-Cracking Tool Used in Terror Case
News  |  10/2/2017  | 
Revealing vendor's name and pricing details a threat to national security, DC court says.


How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3318
PUBLISHED: 2021-01-27
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.
CVE-2020-5427
PUBLISHED: 2021-01-27
In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.
CVE-2020-5428
PUBLISHED: 2021-01-27
In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer.
CVE-2021-20357
PUBLISHED: 2021-01-27
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963.
CVE-2020-4865
PUBLISHED: 2021-01-27
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741.