Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

News & Commentary
The Data-Centric Path to Zero Trust
Altaz Valani, Director of Insights Research, Security CompassCommentary
Data is an organization's most valuable asset, so a data-centric approach would provide the best value for organizations, now and in the future.
By Altaz Valani Director of Insights Research, Security Compass, 1/13/2021
Comment1 Comment  |  Read  |  Post a Comment
Mobile Endpoint Security: Still the Crack in the Enterprise's Cyber Armor
Joel Wallenstrom, CEO & President, WickrCommentary
A combination of best practices and best-in-class technology will help keep your enterprise from falling victim to ever-growing threats.
By Joel Wallenstrom CEO & President, Wickr, 12/30/2020
Comment0 comments  |  Read  |  Post a Comment
'Fingerprint-Jacking' Attack Technique Manipulates Android UI
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers explore fingerprint-jacking, a user interface-based attack that targets fingerprints scanned into Android apps.
By Kelly Sheridan Staff Editor, Dark Reading, 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
Keeping Cyber Secure at Christmas
IFSEC Global, StaffNews
Sylvain Cortes, Security Evangelist and cybersecurity expert at Alsid, highlights the need for security departments to raise awareness through their organizations over cyber threats this Christmas.
By Sylvain Cortes, Security Evangelist and cybersecurity expert , 12/8/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers Discover New Obfuscation-As-a-Service Platform
Ericka Chickowski, Contributing WriterNews
Researchers detail how a Android APK obfuscation service automates detection evasion for highly malicious apps.
By Ericka Chickowski Contributing Writer, 12/3/2020
Comment1 Comment  |  Read  |  Post a Comment
Google Security Researcher Develops 'Zero-Click' Exploit for iOS Flaw
Jai Vijayan, Contributing WriterNews
A new patched memory corruption vulnerability in Apple's AWDL protocol can be used to take over iOS devices that are in close proximity to an attacker.
By Jai Vijayan Contributing Writer, 12/3/2020
Comment0 comments  |  Read  |  Post a Comment
Free Mobile App Measures Your Personal Cyber Risk
Steve Zurier, Contributing WriterNews
New app for Android and Apple iOS uses an algorithm co-developed with MIT to gauge security posture on an ongoing basis.
By Steve Zurier Contributing Writer, 12/2/2020
Comment0 comments  |  Read  |  Post a Comment
Ivanti Acquires MobileIron & Pulse Secure
Dark Reading Staff, Quick Hits
The company plans to use these acquisitions to strengthen and secure IT connections across remote devices and infrastructure.
By Dark Reading Staff , 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
Baidu Apps Leaked Location Data, Machine Learning Reveals
Robert Lemos, Contributing WriterNews
Several apps available on the Google Play Store, including two made by Chinese Internet giant Baidu, leaked information about the phone's hardware and location without the user's knowledge, research finds.
By Robert Lemos Contributing Writer, 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
Evidence-Based Trust Gets Black Hat Europe Spotlight
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
An FPGA-based system could change the balance of power between hardware attackers and defenders within IT security.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
Facebook Messenger Flaw Enabled Spying on Android Callees
Dark Reading Staff, Quick Hits
A critical flaw in Facebook Messenger on Android would let someone start an audio or video call without the victim's knowledge.
By Dark Reading Staff , 11/20/2020
Comment0 comments  |  Read  |  Post a Comment
Go SMS Pro Messaging App Exposed Users' Private Media Files
Dark Reading Staff, Quick Hits
The popular Android app uses easily guessable Web addresses when users send private photos, videos, and voice messages.
By Dark Reading Staff , 11/19/2020
Comment0 comments  |  Read  |  Post a Comment
Online Shopping Surge Puts Focus on Consumer Security Habits
Robert Lemos, Contributing WriterNews
Companies will have to tread a fine line between delivering security and a frictionless shopping experience, security firms say.
By Robert Lemos Contributing Writer, 11/18/2020
Comment0 comments  |  Read  |  Post a Comment
DARPA and Academia Jumpstart 5G IoT Security Efforts
Paul Shomo, Cybersecurity AnalystCommentary
With 5G IoT devices projected to hit 49 million units by 2023, researchers launch programs to keep IoT from becoming a blackhole of exfiltration.
By Paul Shomo Cybersecurity Analyst, 11/12/2020
Comment0 comments  |  Read  |  Post a Comment
How Hackers Blend Attack Methods to Bypass MFA
Alan Bavosa, VP, Security Products, at AppdomeCommentary
Protecting mobile apps requires a multilayered approach with a mix of cybersecurity measures to counter various attacks at different layers.
By Alan Bavosa VP, Security Products, at Appdome, 11/10/2020
Comment1 Comment  |  Read  |  Post a Comment
New Brazilian Banking Trojan Targets Mobile Users in Multiple Countries
Jai Vijayan, Contributing WriterNews
Ghimob is a full-fledged spy in your pocket, Kaspersky says.
By Jai Vijayan Contributing Writer, 11/9/2020
Comment0 comments  |  Read  |  Post a Comment
The One Critical Element to Hardening Your Employees' Mobile Security
Alex White, Co-Founder & CTO of GlacierCommentary
COVID-19 has exposed longstanding gaps in enterprise mobile security. Creating a comprehensive mobile security plan and mandating compliance with that plan are essential to closing them.
By Alex White Co-Founder & CTO of Glacier, 11/5/2020
Comment0 comments  |  Read  |  Post a Comment
New Wroba Campaign Is Latest Sign of Growing Mobile Threats
Jai Vijayan, Contributing WriterNews
After years of mostly targeting users in Japan, Korea, and other countries in the region, operators of the Trojan expanded their campaign to the US this week.
By Jai Vijayan Contributing Writer, 10/30/2020
Comment0 comments  |  Read  |  Post a Comment
Akamai Acquires Asavie
Dark Reading Staff, Quick Hits
Asavie's mobile, IoT, and security products and services will become part of the Akamai Security and Personalization Services product line.
By Dark Reading Staff , 10/27/2020
Comment0 comments  |  Read  |  Post a Comment
7 Mobile Browsers Vulnerable to Address-Bar Spoofing
Jai Vijayan, Contributing WriterNews
Flaws allow attackers to manipulate URLs users see on their mobile devices, Rapid7 says.
By Jai Vijayan Contributing Writer, 10/22/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3113
PUBLISHED: 2021-01-17
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and ...
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...