Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

News & Commentary
Secure Laptops & the Enterprise of the Future
Arun Subbarao, Vice President of Engineering, Lynx Software TechnologiesCommentary
The enterprise of the future will depend upon organizations' ability to extend the company firewall to everywhere people are working.
By Arun Subbarao Vice President of Engineering, Lynx Software Technologies, 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
New Jailbreak Tool Works on Most iPhones
Dark Reading Staff, Quick Hits
The Unc0ver team has released a tool that works on iOS 11 and later, and exploits a vulnerability that was recently under attack.
By Dark Reading Staff , 3/1/2021
Comment0 comments  |  Read  |  Post a Comment
Malware Exploits Security Teams' Greatest Weakness: Poor Relationships With Employees
Jason Meller, CEO & Founder, KolideCommentary
Users' distrust of corporate security teams is exposing businesses to unnecessary vulnerabilities.
By Jason Meller CEO & Founder, Kolide, 2/15/2021
Comment0 comments  |  Read  |  Post a Comment
How to Submit a Column to Dark Reading
Dark Reading Staff, Commentary
Have a new idea, a lesson learned, or a call to action for your fellow cybersecurity professionals? Here's how to submit your Commentary pieces to Dark Reading.
By Dark Reading Staff , 2/15/2021
Comment0 comments  |  Read  |  Post a Comment
Android App Infects Millions of Devices With a Single Update
Dark Reading Staff, Quick Hits
The popular Barcode Scanner app, which as been available on Google Play for years, turned malicious with one software update.
By Dark Reading Staff , 2/8/2021
Comment0 comments  |  Read  |  Post a Comment
Cartoon Caption Winner: Insider Threat
John Klossner, CartoonistCommentary
And the winner of Dark Reading's January cartoon caption contest is ...
By John Klossner Cartoonist, 2/8/2021
Comment0 comments  |  Read  |  Post a Comment
The Data-Centric Path to Zero Trust
Altaz Valani, Director of Insights Research, Security CompassCommentary
Data is an organization's most valuable asset, so a data-centric approach would provide the best value for organizations, now and in the future.
By Altaz Valani Director of Insights Research, Security Compass, 1/13/2021
Comment1 Comment  |  Read  |  Post a Comment
Mobile Endpoint Security: Still the Crack in the Enterprise's Cyber Armor
Joel Wallenstrom, CEO & President, WickrCommentary
A combination of best practices and best-in-class technology will help keep your enterprise from falling victim to ever-growing threats.
By Joel Wallenstrom CEO & President, Wickr, 12/30/2020
Comment0 comments  |  Read  |  Post a Comment
'Fingerprint-Jacking' Attack Technique Manipulates Android UI
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers explore fingerprint-jacking, a user interface-based attack that targets fingerprints scanned into Android apps.
By Kelly Sheridan Staff Editor, Dark Reading, 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
Keeping Cyber Secure at Christmas
IFSEC Global, StaffNews
Sylvain Cortes, Security Evangelist and cybersecurity expert at Alsid, highlights the need for security departments to raise awareness through their organizations over cyber threats this Christmas.
By Sylvain Cortes, Security Evangelist and cybersecurity expert , 12/8/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers Discover New Obfuscation-As-a-Service Platform
Ericka Chickowski, Contributing WriterNews
Researchers detail how a Android APK obfuscation service automates detection evasion for highly malicious apps.
By Ericka Chickowski Contributing Writer, 12/3/2020
Comment0 comments  |  Read  |  Post a Comment
Google Security Researcher Develops 'Zero-Click' Exploit for iOS Flaw
Jai Vijayan, Contributing WriterNews
A new patched memory corruption vulnerability in Apple's AWDL protocol can be used to take over iOS devices that are in close proximity to an attacker.
By Jai Vijayan Contributing Writer, 12/3/2020
Comment0 comments  |  Read  |  Post a Comment
Free Mobile App Measures Your Personal Cyber Risk
Steve Zurier, Contributing WriterNews
New app for Android and Apple iOS uses an algorithm co-developed with MIT to gauge security posture on an ongoing basis.
By Steve Zurier Contributing Writer, 12/2/2020
Comment0 comments  |  Read  |  Post a Comment
Ivanti Acquires MobileIron & Pulse Secure
Dark Reading Staff, Quick Hits
The company plans to use these acquisitions to strengthen and secure IT connections across remote devices and infrastructure.
By Dark Reading Staff , 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
Baidu Apps Leaked Location Data, Machine Learning Reveals
Robert Lemos, Contributing WriterNews
Several apps available on the Google Play Store, including two made by Chinese Internet giant Baidu, leaked information about the phone's hardware and location without the user's knowledge, research finds.
By Robert Lemos Contributing Writer, 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
Evidence-Based Trust Gets Black Hat Europe Spotlight
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
An FPGA-based system could change the balance of power between hardware attackers and defenders within IT security.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
Facebook Messenger Flaw Enabled Spying on Android Callees
Dark Reading Staff, Quick Hits
A critical flaw in Facebook Messenger on Android would let someone start an audio or video call without the victim's knowledge.
By Dark Reading Staff , 11/20/2020
Comment0 comments  |  Read  |  Post a Comment
Go SMS Pro Messaging App Exposed Users' Private Media Files
Dark Reading Staff, Quick Hits
The popular Android app uses easily guessable Web addresses when users send private photos, videos, and voice messages.
By Dark Reading Staff , 11/19/2020
Comment0 comments  |  Read  |  Post a Comment
Online Shopping Surge Puts Focus on Consumer Security Habits
Robert Lemos, Contributing WriterNews
Companies will have to tread a fine line between delivering security and a frictionless shopping experience, security firms say.
By Robert Lemos Contributing Writer, 11/18/2020
Comment0 comments  |  Read  |  Post a Comment
DARPA and Academia Jumpstart 5G IoT Security Efforts
Paul Shomo, Cybersecurity AnalystCommentary
With 5G IoT devices projected to hit 49 million units by 2023, researchers launch programs to keep IoT from becoming a blackhole of exfiltration.
By Paul Shomo Cybersecurity Analyst, 11/12/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Sure you have fire, but he has an i7!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27217
PUBLISHED: 2021-03-04
An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device. Out-of-bounds reads performed by aes_remove_padding() can crash the running proce...
CVE-2021-22128
PUBLISHED: 2021-03-04
An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality.
CVE-2021-23126
PUBLISHED: 2021-03-04
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret.
CVE-2021-23127
PUBLISHED: 2021-03-04
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes.
CVE-2021-23128
PUBLISHED: 2021-03-04
An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to 'random_bytes()' and its backport that is shipped within random_compat.