In an increasingly digital world, the importance of mobile security cannot be overstated. With millions of apps available on Google’s Play Store and Apple’s App Store, users trust developers to safeguard their personal information. Unfortunately, this trust is often misplaced.
A key step in preventing unauthorized access to user data is encryption, especially when it comes to moving data from device to server and back again. If implemented incorrectly by app developers, it can expose users to a host of potential attack scenarios, including data theft, eavesdropping, and man-in-the-middle (MitM) attacks, just to name a few.
Read more…
Source: Symantec
Related:
- CISA Releases Six Industrial Control Systems Advisories
February 2, 2023
CISA released six Industrial Control Systems (ICS) advisories on February 2, 2023.These advisories provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-033-01 Delta Electronics DIAScreen ICSA-23-033-02 Mitsubishi Electric GOT2000 Series and GT SoftGOT2000 ICSA-23-033-03 Baicells Nova Read more… Source: U.S. ...
- New Sh1mmer ChromeBook exploit unenrolls managed devices
January 31, 2023
A new exploit called ‘Sh1mmer’ allows users to unenroll an enterprise-managed Chromebook, enabling them to install any apps they wish and bypass device restrictions. When Chromebooks are enrolled with a school or an enterprise, they are managed by policies established by the organization’s administrators. This allows admins to force-install browser extensions, apps, and to restrict how ...
- CISA Releases One Industrial Control Systems Advisory
January 31, 2023
CISA released one Industrial Control Systems (ICS) advisory on January 31, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations. Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- Exploit released for critical VMware vRealize RCE vulnerability
January 31, 2023
Horizon3 security researchers have released proof-of-concept (PoC) code for a VMware vRealize Log Insight vulnerability chain that allows attackers to gain remote code execution on unpatched appliances. VMware patched four security vulnerabilities in its vRealize log analysis tool last week, two being critical and allowing remote attackers to execute code on compromised devices. Read more… Source: Bleeping Computer
- ISC Releases Security Advisories for Multiple Versions of BIND 9
January 27, 2023
The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain (BIND) 9. A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and system failures. Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- Months after NSA disclosed Microsoft cert bug, datacenters remain unpatched
January 26, 2023
Most Windows-powered datacenter systems and applications remain vulnerable to a spoofing bug in CryptoAPI that was disclosed by the NSA and the UK National Cyber Security Center (NCSC) and patched by Microsoft last year, according to Akamai’s researchers. CryptoAPI helps developers secure Windows-based apps using cryptography; the API can be used, for instance, to validate certificates ...