Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Hacking The Real Mobile Threats
Newest First  |  Oldest First  |  Threaded View
carmenlund1
50%
50%
carmenlund1,
User Rank: Apprentice
4/29/2015 | 5:35:49 AM
RE;
Thanks...
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
4/27/2015 | 11:56:36 PM
Re: Color Me Surprised - Future Mobile Opportunities
It all goes back to the lowest-hanging fruit always wins, right? There are some exceptions, of course, of nation-state targeting mobile, but that's because those types of attackers don't necessarily take the easy way in, and they are targeting.
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
4/27/2015 | 8:56:48 PM
Color Me Surprised - Future Mobile Opportunities
I have to admint I'm surprised.  For as many exploits as I've read about and mobile malware I've seen out in the ecosystem, I would have thought mobile would be higher up there.  But I gues you're right - it's about what can be gained now from hacking a mobile device vs a desktop in highly desirable data areas.  And, is the current source of threats really malware, anyway.

Now, fast-forward.  This won't last for long.  I think there is an opportunity here for humanitarian-minded techs to set up app servers for malware-clean, MD5-verified and supported app downloads for users who have the hardware and the mobile OS but no access to app stores like Android and Apple.  In fact, they will be safer for it, despite the difficulty rating of getting malware in those stores, it's often what you agree to share from the legal apps that gets you in trouble.  I see a future of detached app offerings that let users free their phones from highly commercialized and secretive corporate app servers.

Nevertheless, BYOD is booming and soon those mobile devices are going to be as sweet a target as any desktop since the data that everyone wants will be within a hop and a tether of every mobile OS on the premises.  While this report is surprising, it's not a reason to relax but a good time-cushion for strategizing future mobile security models.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7700
PUBLISHED: 2020-08-14
All versions of phpjs are vulnerable to Prototype Pollution via parse_str.
CVE-2020-7701
PUBLISHED: 2020-08-14
madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution via setValue.
CVE-2020-9228
PUBLISHED: 2020-08-14
FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information.
CVE-2020-9229
PUBLISHED: 2020-08-14
FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information.
CVE-2019-19643
PUBLISHED: 2020-08-14
ise smart connect KNX Vaillant 1.2.839 contain a Denial of Service.