Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Exploitation, Phishing Top Worries for Mobile Users
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
JamesInky
50%
50%
JamesInky,
User Rank: Apprentice
3/5/2020 | 10:24:33 AM
Re: Before it happens
The problem is with so many ways for every employee to be interacting with their work email the average phishing security doesn't extend to mobile without the need for everyone to adopt some plugin or app. Which is just unreasonable. 
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
2/29/2020 | 11:28:05 AM
Re: Before it happens
Definitely good advice but will it be headed. I always bring up the adage that unfortunately many of us don't learn until we are burnt by the stove. Instead of a smart person learns from their own mistakes but a brilliant person learns from others. 

Too often we operate under the assessment that this wont happen to me and due to that we don't protect ourselves as we should until its too late.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
2/29/2020 | 11:26:30 AM
Re: Loss
Good point! As you put it, outside of the low and slow attempts there are the more obvious destructive brick devices methodology that also has a direct cost associated with it.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
2/29/2020 | 11:25:00 AM
Re: Mobile
Yes with the Internet of Things. The inundation of the mobile footprint has become all too apparent. Phones, Tablets, Watches. So many devices now on the grid per person just amplifies the exposure footprint.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
2/29/2020 | 11:23:39 AM
Re: Business Perspective
Most definitely. It's surprising how often I have to anticipate, "Wait did they open the email on their phone or from their workstation? And if I detonate the malware in a sandbox is it sophisticated enough to target a mobile user."
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
2/29/2020 | 11:22:11 AM
Re: WhatsApp
I have to read more into that infiltration. I use WhatsApp all the time for convenience and some of its other more advanced functionalities. 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
2/28/2020 | 3:42:23 PM
Before it happens
Companies should learn to improve their security before they get breached This is a good advice. Cost of breach is always higher than cost of security environment for sure.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
2/28/2020 | 3:40:23 PM
Loss
A mobile security compromise can have a range of other consequences, including downtime, supply chain delays, lost business, damage to reputation, and regulatory fines. This is well-put. In addition to loss of data and reputation, getting back to business may take time and there is additional revenue loss.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
2/28/2020 | 3:38:16 PM
Mobile
The two trends less mobile malware, but more mobile-related compromises highlight that attackers are finding ways to compromise devices that do not rely on convincing a user to download malicious software. It may be because more people use mobile than desktop. Even if less mobile malware it is still big impact.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
2/28/2020 | 3:36:24 PM
Re: Business Perspective
many businesses phishing security precautions are sometimes not leveraged at the mobile level That is true, we sometime think our smart phones are more secure they tend to have vulnerabilities as well.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.