Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Mobile posted in June 2020
FCC Designates Huawei & ZTE as National Security Threats
News  |  6/30/2020  | 
Backdoors in 5G network equipment from these vendors could enable espionage and malicious activity, agency says.
Apple Buys Fleetsmith
Quick Hits  |  6/24/2020  | 
The fleet management company becomes part of Apple in a deal announced today.
No Internet Access? Amid Protests, Here's How to Tell Whether the Government Is Behind it
News  |  6/24/2020  | 
Government-mandated Internet shutdowns occur far more regularly than you might expect.
Microsoft Previews Windows Defender ATP for Android
Quick Hits  |  6/23/2020  | 
In addition, the first release of Defender ATP for Linux is now generally available.
Twitter Says Business Users Were Vulnerable to Data Breach
Quick Hits  |  6/23/2020  | 
The now-patched vulnerability left business users' personal information in web browser caches for anyone to find.
Pandemic Accelerates Priceline's 'Coffee Shop' Remote-Access Strategy
News  |  6/22/2020  | 
The travel-booking giant had been slowly starting to transition away from VPN dependence. Then COVID-19 happened, and suddenly 700 third-party call-center workers were working from home.
Employees Say They're Working From Home Without Security Guidance
Quick Hits  |  6/22/2020  | 
Working from home is new for many enterprise employees, yet many say they've received little in the way of new training or technology to keep them safe.
FBI Says Sudden Increase in Mobile Banking Is Heightening Risks For Users
News  |  6/11/2020  | 
Mobile malware and fake apps purporting to be legitimate banking software are big risks, law enforcement agency says.
Protocol Vulnerability Threatens Mobile Networks
Quick Hits  |  6/11/2020  | 
A vuln in the GTP protocol could allow DoS, fraud, and data theft attacks against cellular networks from virtually anywhere.
Fake COVID-19 Contact-Tracing Apps Infect Android Phones
Quick Hits  |  6/10/2020  | 
Researchers find 12 Android applications disguised as official COVID-19 contact tracing apps installing malware onto devices.
Asset Management Mess? How to Get Organized
News  |  6/10/2020  | 
Hardware and software deployments all over the place due to the pandemic scramble? Here are the essential steps to ensure you can find what you need -- and secure it.
Mobile Phishing Attacks Increase Sharply
News  |  6/2/2020  | 
Organizations need to include smartphones and tablets in their phishing mitigation strategies, a new report suggests.
Apple Pays Researcher $100,000 for Critical Vulnerability
News  |  6/1/2020  | 
Apple has fixed a flaw in the "Sign in with Apple" feature that could have enabled attackers to break into user accounts for third-party services.


NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21238
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping bec...
CVE-2021-21239
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does not ...
CVE-2021-21253
PUBLISHED: 2021-01-21
OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for attacker...
CVE-2020-4966
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...
CVE-2020-4968
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427.