Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Mobile posted in September 2015
Run, Jump, Shoot, Infect: Trojanized Games Invade Google Play
News  |  9/22/2015  | 
ESET Researchers find Trojan Mapin bundled with games that look like popular titles such as Plants vs. Zombies and Candy Crush.
XcodeGhost Another Crack In Apple's Circle of Trust
News  |  9/21/2015  | 
On the heels of KeyRaider's attack on jailbroken iPhones, attackers show they can hit non-broken devices too, sneaking 39 weaponized apps onto the official App Store and around Apple's best efforts to lock down its developer environment.
Windows PCs Make Up 80% Of Mobile Network Infections
News  |  9/18/2015  | 
Microsoft Windows PCs -- not smartphones and tablets -- harbor most of the malware on mobile networks, according to a new Alcatel-Lucent report.
AirDrop Exploit Drops Malware On Mac, iPhone, But Not iOS 9
Quick Hits  |  9/16/2015  | 
iOS 9 drops today, and includes a patch for the vulnerability that lets attackers bomb any iOS and Mac device within Bluetooth range, via the Airdrop file-sharing feature.
Fixing IoT Security: Dark Reading Radio Wednesday at 1 P.M. ET
Commentary  |  9/15/2015  | 
Join us for a conversation about what is being done and what needs to be done to secure the Internet of Things.
US Secret Service Warns Of Rise In Mobile Payment Fraud
Quick Hits  |  9/8/2015  | 
Fraudulent transactions spotted at high-end retailers and banking institutions in the Northeast.
Microsoft's Remarkable Pivot: Windows 10 Abandons Privacy
Commentary  |  9/2/2015  | 
You can read all you want about Windows 10 powerful new privacy features, but that doesnt mean you have them.
Report: Ransomware Jumped 58 Percent in Q2
News  |  9/1/2015  | 
McAfee Threat Labs Report also zooms in on GPU malware and looks back on the first five years of the Intel-McAfee marriage.
Malware Pre-Installed On Over Two-Dozen Android Smartphone Brands
News  |  9/1/2015  | 
Threat affects several smartphones shipping from Asia including some popular ones such as Lenovo, Huawei, and Xiaomi, says G Data.


Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-23359
PUBLISHED: 2021-01-27
WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check.
CVE-2020-23360
PUBLISHED: 2021-01-27
oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php
CVE-2020-23361
PUBLISHED: 2021-01-27
phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.
CVE-2021-25311
PUBLISHED: 2021-01-27
condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the SEC_CREDENTIAL_DIRECTORY_OAUTH directory, as demonstrated by creating a file under /etc that will later be executed by root.
CVE-2021-25312
PUBLISHED: 2021-01-27
HTCondor before 8.9.11 allows a user to submit a job as another user on the system, because of a flaw in the IDTOKENS authentication method.