Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Mobile posted in November 2020
Baidu Apps Leaked Location Data, Machine Learning Reveals
News  |  11/24/2020  | 
Several apps available on the Google Play Store, including two made by Chinese Internet giant Baidu, leaked information about the phone's hardware and location without the user's knowledge, research finds.
Evidence-Based Trust Gets Black Hat Europe Spotlight
News  |  11/23/2020  | 
An FPGA-based system could change the balance of power between hardware attackers and defenders within IT security.
Facebook Messenger Flaw Enabled Spying on Android Callees
Quick Hits  |  11/20/2020  | 
A critical flaw in Facebook Messenger on Android would let someone start an audio or video call without the victim's knowledge.
Go SMS Pro Messaging App Exposed Users' Private Media Files
Quick Hits  |  11/19/2020  | 
The popular Android app uses easily guessable Web addresses when users send private photos, videos, and voice messages.
Online Shopping Surge Puts Focus on Consumer Security Habits
News  |  11/18/2020  | 
Companies will have to tread a fine line between delivering security and a frictionless shopping experience, security firms say.
DARPA and Academia Jumpstart 5G IoT Security Efforts
Commentary  |  11/12/2020  | 
With 5G IoT devices projected to hit 49 million units by 2023, researchers launch programs to keep IoT from becoming a blackhole of exfiltration.
How Hackers Blend Attack Methods to Bypass MFA
Commentary  |  11/10/2020  | 
Protecting mobile apps requires a multilayered approach with a mix of cybersecurity measures to counter various attacks at different layers.
New Brazilian Banking Trojan Targets Mobile Users in Multiple Countries
News  |  11/9/2020  | 
Ghimob is a full-fledged spy in your pocket, Kaspersky says.
The One Critical Element to Hardening Your Employees' Mobile Security
Commentary  |  11/5/2020  | 
COVID-19 has exposed longstanding gaps in enterprise mobile security. Creating a comprehensive mobile security plan and mandating compliance with that plan are essential to closing them.


Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3318
PUBLISHED: 2021-01-27
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.
CVE-2020-5427
PUBLISHED: 2021-01-27
In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.
CVE-2020-5428
PUBLISHED: 2021-01-27
In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer.
CVE-2021-20357
PUBLISHED: 2021-01-27
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963.
CVE-2020-4865
PUBLISHED: 2021-01-27
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741.