In an increasingly digital world, the importance of mobile security cannot be overstated. With millions of apps available on Google’s Play Store and Apple’s App Store, users trust developers to safeguard their personal information. Unfortunately, this trust is often misplaced.
A key step in preventing unauthorized access to user data is encryption, especially when it comes to moving data from device to server and back again. If implemented incorrectly by app developers, it can expose users to a host of potential attack scenarios, including data theft, eavesdropping, and man-in-the-middle (MitM) attacks, just to name a few.
Read more…
Source: Symantec
Related:
- Apple disputes recent iOS zero-day claim
April 24, 2020
In a statement today, Apple said it “thoroughly investigated” a recent report about hackers exploiting three iOS vulnerabilities but “found no evidence they were used against customers.” Apple’s statement comes after on Wednesday, cyber-security firm ZecOps published a report detailing three iOS vulnerabilities that impacted the Apple Mail client. ZecOps said it found evidence of the bugs being used ...
- NSA shares list of vulnerabilities commonly exploited to plant web shells
April 23, 2020
The US National Security Agency (NSA) and the Australian Signals Directorate (ASD) have published a security advisory this week warning companies to search web-facing and internal servers for common web shells. Web shells are one of today’s most popular forms of malware. The term “web shell” refers to a malicious program or script that’s installed on ...
- Security researcher identifies new APT group mentioned in 2017 Shadow Brokers leak
April 22, 2020
Three years and eight days ago, on April 14, 2017, a mysterious group of hackers known as the Shadow Brokers published a collection of hacking tools that ended up changing the internet forever. Known as the “Lost in Translation” dump, this collection of files included tens of hacking tools and exploits stolen from the US National ...
- New iOS zero-days actively used against high-profile targets
April 22, 2020
Two zero-day vulnerabilities affecting iPhone and iPad devices were found by cybersecurity startup ZecOps after the discovery of a series of ongoing remote attacks that have targeted iOS users since at least January 2018. “The attack’s scope consists of sending a specially crafted email to a victim’s mailbox enabling it to trigger the vulnerability in the context of iOS ...
- Security researcher discloses four IBM zero-days after company refused to patch
April 21, 2020
A security researcher has published today details about four zero-day vulnerabilities impacting an IBM security product after the company refused to patch bugs following a private bug disclosure attempt. The bugs impact the IBM Data Risk Manager (IDRM), an enterprise security tool that aggregates feeds from vulnerability scanning tools and other risk management tools to let admins ...
- Many problems with cyber security of Schipihol’s border control: Court of Audit
April 20, 2020
Schiphol is very vulnerable to cyber attacks, the Court of Audit concluded after investigating the cyber security of the border control systems the Koninklijke Marechaussee uses at the airport. Two of the three systems are not properly protected against cyber attacks, NOS reports. Systems at Schiphol are hardly ever tested for how well they can stand ...