Mobile

News & Commentary
Can Android for Work Redefine Enterprise Mobile Security?
Satish Shetty, CEO, Codeproof TechnologiesCommentary
Google's new mobility management framework makes great strides in addressing security and device management concerns while offering diverse deployment options. Here are the pros and cons.
By Satish Shetty CEO, Codeproof Technologies, 2/13/2018
Comment1 Comment  |  Read  |  Post a Comment
Google Paid $2.9M for Vulnerabilities in 2017
Kelly Sheridan, Associate Editor, Dark ReadingNews
The Google Vulnerability Reward Program issued a total of 1,230 rewards in 2017. The single largest payout was $112,500.
By Kelly Sheridan Associate Editor, Dark Reading, 2/9/2018
Comment0 comments  |  Read  |  Post a Comment
Apple iOS iBoot Secure Bootloader Code Leaked Online
Dark Reading Staff, Quick Hits
Lawyers for Apple called for the source code to be removed from GitHub.
By Dark Reading Staff , 2/8/2018
Comment0 comments  |  Read  |  Post a Comment
Identity Fraud Hits All-Time High in 2017
Steve Zurier, Freelance WriterNews
Survey reports that the number of fraud victims topped 16 million consumers last year, and much of that crime has moved online.
By Steve Zurier Freelance Writer, 2/6/2018
Comment0 comments  |  Read  |  Post a Comment
Mastering Security in the Zettabyte Era
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Many businesses are ill-equipped to deal with potential risks posed by billions of connected devices, exponential data growth, and an unprecedented number of cyber threats. Here's how to prepare.
By Marc Wilczek Digital Strategist & CIO Advisor, 2/5/2018
Comment0 comments  |  Read  |  Post a Comment
3 Ways Hackers Steal Your Company's Mobile Data
Paul Martini, The CEO, co-founder and chief architect of ibossCommentary
The most effective data exfiltration prevention strategies are those that are as rigorous in vetting traffic entering the network as they are traffic leaving it.
By Paul Martini The CEO, co-founder and chief architect of iboss, 2/2/2018
Comment0 comments  |  Read  |  Post a Comment
700,000 Bad Apps Deleted from Google Play in 2017
Dark Reading Staff, Quick Hits
Google rejected 99% of apps with abusive content before anyone could install them, according to a 2017 security recap.
By Dark Reading Staff , 1/31/2018
Comment4 comments  |  Read  |  Post a Comment
Strava Fitness App Shares Secret Army Base Locations
Dark Reading Staff, Quick Hits
The exercise tracker published a data visualization map containing exercise routes shared by soldiers on active duty.
By Dark Reading Staff , 1/29/2018
Comment10 comments  |  Read  |  Post a Comment
Endpoint and Mobile Top Security Spending at 57% of Businesses
Dark Reading Staff, Quick Hits
Businesses say data-at-rest security tools are most effective at preventing breaches, but spend most of their budgets securing endpoint and mobile devices.
By Dark Reading Staff , 1/26/2018
Comment1 Comment  |  Read  |  Post a Comment
Dark Caracal Campaign Breaks New Ground with Focus on Mobile Devices
Jai Vijayan, Freelance writerNews
This is the first known global-scale campaign primarily focused on stealing data from Android devices, Lookout and EFF say.
By Jai Vijayan Freelance writer, 1/23/2018
Comment0 comments  |  Read  |  Post a Comment
Google Pays Researcher Record $112,500 for Android Flaw
Dark Reading Staff, Quick Hits
The bug bounty reward, given to a researcher who submitted a working remote exploit chain, is Google's highest for an Android bug.
By Dark Reading Staff , 1/19/2018
Comment1 Comment  |  Read  |  Post a Comment
Kaspersky Lab Warns of Extremely Sophisticated Android Spyware Tool
Jai Vijayan, Freelance writerNews
Skygofree appears to have been developed for lawful intercept, offensive surveillance purposes.
By Jai Vijayan Freelance writer, 1/16/2018
Comment0 comments  |  Read  |  Post a Comment
Top 3 Pitfalls of Securing the Decentralized Enterprise
Paul Martini, The CEO, co-founder and chief architect of iboss
Doubling down on outdated security practices while the number of users leveraging your enterprise network grows is a race to the bottom for businesses moving to distributed workflows.
By Paul Martini The CEO, co-founder and chief architect of iboss, 1/16/2018
Comment0 comments  |  Read  |  Post a Comment
Majority of Companies Lack Sufficient IoT Policy Enforcement Tools
Dark Reading Staff, Quick Hits
Shortfall exists despite nearly all global technology enterprise companies having security policies to manage IoT devices.
By Dark Reading Staff , 1/12/2018
Comment0 comments  |  Read  |  Post a Comment
Responding to the Rise of Fileless Attacks
Kelly Sheridan, Associate Editor, Dark ReadingNews
Fileless attacks, easier to conduct and more effective than traditional malware-based threats, pose a growing challenge to enterprise targets.
By Kelly Sheridan Associate Editor, Dark Reading, 1/11/2018
Comment1 Comment  |  Read  |  Post a Comment
Vulnerable Mobile Apps: The Next ICS/SCADA Cyber Threat
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers find nearly 150 vulnerabilities in SCADA mobile apps downloadable from Google Play.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/11/2018
Comment0 comments  |  Read  |  Post a Comment
Wi-Fi Alliance Launches WPA2 Enhancements and Debuts WPA3
Dawn Kawamoto, Associate Editor, Dark ReadingNews
WPA2 protocol enhancements bring stronger security protection and best practices, while new WPA3 protocol offers new security capabilities.
By Dawn Kawamoto Associate Editor, Dark Reading, 1/8/2018
Comment0 comments  |  Read  |  Post a Comment
Cyxtera Technologies to Acquire Immunity
Dark Reading Staff, Quick Hits
Deal will bring penetration testing products and services to Cyxtera's threat analytics portfolio.
By Dark Reading Staff , 1/8/2018
Comment0 comments  |  Read  |  Post a Comment
Uber's Biggest Mistake: It Wasn't Paying Ransom
Kirsten Bay, President and CEO, Cyber adAPTCommentary
Rather than scrambling to deal with attacks after the fact, companies need to focus on improving detection capabilities with tools that help them work within data laws, not outside of them.
By Kirsten Bay President and CEO, Cyber adAPT, 1/4/2018
Comment0 comments  |  Read  |  Post a Comment
In Mobile, It's Back to the Future
Michael Downs, Director of Telecoms Security, EMEA, at Positive TechnologiesCommentary
The mobile industry keeps pushing forward while overlooking some security concerns of the past.
By Michael Downs Director of Telecoms Security, EMEA, at Positive Technologies, 1/3/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
One in Three SOC Analysts Now Job-Hunting
Kelly Jackson Higgins, Executive Editor at Dark Reading,  2/12/2018
Encrypted Attacks Continue to Dog Perimeter Defenses
Ericka Chickowski, Contributing Writer, Dark Reading,  2/14/2018
Can Android for Work Redefine Enterprise Mobile Security?
Satish Shetty, CEO, Codeproof Technologies,  2/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: One agent too many was installed on Bob's desktop.
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.