Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

News & Commentary
Why Supply Chain Attacks Are Destined to Escalate
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
In his keynote address at Black Hat USA on Wednesday, Matt Tait, chief operating officer at Corellium, called for software platform vendors and security researchers to do their part to thwart the fallout of software supply chain compromises.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/5/2021
Comment0 comments  |  Read  |  Post a Comment
NSO Group Spyware Used On Journalists & Activists Worldwide
Dark Reading Staff, Quick Hits
An investigation finds Pegasus spyware, intended for use on criminals and terrorists, has been used in targeted campaigns against others around the world.
By Dark Reading Staff , 7/19/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft: Israeli Firm's Tools Used to Target Activists, Dissidents
Kelly Sheridan, Staff Editor, Dark ReadingNews
Candiru sold spyware that exploited Windows vulnerabilities and had been used in attacks against dissidents, activists, and journalists.
By Kelly Sheridan Staff Editor, Dark Reading, 7/15/2021
Comment0 comments  |  Read  |  Post a Comment
IoT-Specific Malware Infections Jumped 700% Amid Pandemic
Dark Reading Staff, Quick Hits
Gafgyt and Mirai malware represented majority of IoT malware, new data from Zscaler shows.
By Dark Reading Staff , 7/15/2021
Comment0 comments  |  Read  |  Post a Comment
Why We Need to Raise the Red Flag Against FragAttacks
Amichai Shulman, CTO and Co-founder of AirEyeCommentary
Proliferation of wireless devices increases the risk that corporate networks will be attacked with this newly discovered breed of Wi-Fi-based cyber assault.
By Amichai Shulman CTO and Co-founder of AirEye, 7/13/2021
Comment0 comments  |  Read  |  Post a Comment
Cartoon Caption Winner: Sight Unseen
John Klossner, CartoonistCommentary
And the winner of Dark Reading's June contest is ...
By John Klossner Cartoonist, 7/9/2021
Comment0 comments  |  Read  |  Post a Comment
Fake Android Apps Promise Cryptomining Services to Steal Funds
Dark Reading Staff, Quick Hits
Researchers discover more than 170 Android apps that advertise cloud cryptocurrency mining services and fail to deliver.
By Dark Reading Staff , 7/7/2021
Comment0 comments  |  Read  |  Post a Comment
Secured-Core PCs May Mitigate Firmware Attacks, but Adoption Lags
Robert Lemos, Contributing WriterNews
Microsoft maintains that exploitation of recent Dell vulnerabilities would be blocked on ultra-secure PCs - but most systems do not have the technology yet.
By Robert Lemos Contributing Writer, 7/2/2021
Comment0 comments  |  Read  |  Post a Comment
Amazon Acquires Secure Messaging Platform Wickr
Dark Reading Staff, Quick Hits
AWS CISO Stephen Schmidt says the acquisition is strategic amid the proliferation of remote work.
By Dark Reading Staff , 6/25/2021
Comment0 comments  |  Read  |  Post a Comment
Survey Seeks to Learn How 2020 Changed Security
Dark Reading Staff, Quick Hits
Respondents to a new Dark Reading/Omdia survey will be entered into a drawing for a Black Hat Black Card.
By Dark Reading Staff , 6/23/2021
Comment0 comments  |  Read  |  Post a Comment
Name That Toon: Sight Unseen
John Klossner, CartoonistCommentary
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
By John Klossner Cartoonist, 6/14/2021
Comment11 comments  |  Read  |  Post a Comment
Many Mobile Apps Intentionally Using Insecure Connections for Sending Data
Jai Vijayan, Contributing WriterNews
A new analysis of iOS and Android apps released to Apple's and Google's app stores over the past five years found many to be deliberately breaking HTTPS protections.
By Jai Vijayan Contributing Writer, 6/11/2021
Comment0 comments  |  Read  |  Post a Comment
Healthcare Device Security Firm COO Charged With Hacking Medical Center
Dark Reading Staff, Quick Hits
Vikas Singla, chief operating officer of security firm that provides products and services to the healthcare industry, faces charges surrounding a cyberattack he allegedly conducted against Duluth, Ga.-based Gwinnett Medical Center.
By Dark Reading Staff , 6/10/2021
Comment0 comments  |  Read  |  Post a Comment
New Security Event @Hack to Take Place in Saudi Arabia
Dark Reading Staff, Quick Hits
The Saudi Federation of Cybersecurity, Programming, and Drones (SAFCSP) and Informa Tech will launch a multi-day event in Riyadh this November.
By Dark Reading Staff , 6/9/2021
Comment0 comments  |  Read  |  Post a Comment
FBI Issued Encrypted Devices to Capture Criminals
Dark Reading Staff, Quick Hits
A sting operation delivered devices into the hands of global criminals and used the intelligence gathered to stop drug crimes.
By Dark Reading Staff , 6/8/2021
Comment0 comments  |  Read  |  Post a Comment
Cartoon Caption Winner: Road Trip
John Klossner, CartoonistCommentary
And the winner of Dark Reading's cartoon caption contest is ...
By John Klossner Cartoonist, 6/7/2021
Comment0 comments  |  Read  |  Post a Comment
Most Mobile Apps Can Be Compromised in 15 Minutes or Less
Alan Bavosa, VP, Security Products, at AppdomeCommentary
In the name of releasing apps quickly and delivering a smooth user experience, mobile app security is often given short shrift.
By Alan Bavosa VP, Security Products, at Appdome, 5/28/2021
Comment0 comments  |  Read  |  Post a Comment
How Menlo Uses Isolation to Secure Mobile Devices in the Cloud
Terry Sweeney, Contributing EditorCommentary
SPONSORED: WATCH NOW -- Mobile devices like smartphones and tablets have emerged as popular targets for bad actors looking to break into to cloud-based networks, according to Poornima DeBolle, chief product officer for Menlo Security.
By Terry Sweeney Contributing Editor, 5/27/2021
Comment0 comments  |  Read  |  Post a Comment
Orange: Your Leaky Security is Coming from Inside the House!
Terry Sweeney, Contributing EditorCommentary
SPONSORED: Your home WiFi router may be screaming fast, but it's also a major point of vulnerability in this work-from-home era, says Charl van der Walt, head of security research at Orange Cyberdefense. And while Zero Trust offers some relief, he offers up some how-to advice to ensure it's properly deployed.
By Terry Sweeney Contributing Editor, 5/26/2021
Comment0 comments  |  Read  |  Post a Comment
Security Providers Describe New Solutions (& Growing Threats) at RSAC
Terry Sweeney, Contributing EditorCommentary
SPONSORED CONTENT: Watch now -- Leading security companies meet Dark Reading in the RSA Conference Broadcast Alley to talk about tackling insider threat, SOC complexity, cyber resilience, mobile security, attacker evasion, supply chain threats, ransomware, and more.
By Terry Sweeney Contributing Editor, 5/20/2021
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21742
PUBLISHED: 2021-09-25
There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages.
CVE-2020-20508
PUBLISHED: 2021-09-24
Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerability in the /account/register component, which allows attackers to hijack user credentials via a crafted payload in the E-Mail text field.
CVE-2020-20514
PUBLISHED: 2021-09-24
A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users.
CVE-2016-6555
PUBLISHED: 2021-09-24
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in ver...
CVE-2016-6556
PUBLISHED: 2021-09-24
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This iss...