In an increasingly digital world, the importance of mobile security cannot be overstated. With millions of apps available on Google’s Play Store and Apple’s App Store, users trust developers to safeguard their personal information. Unfortunately, this trust is often misplaced.
A key step in preventing unauthorized access to user data is encryption, especially when it comes to moving data from device to server and back again. If implemented incorrectly by app developers, it can expose users to a host of potential attack scenarios, including data theft, eavesdropping, and man-in-the-middle (MitM) attacks, just to name a few.
Read more…
Source: Symantec
Related:
- Intel CPUs Vulnerable to Sensitive Data Leakage in NetCAT Attack
September 11, 2019
Researchers have identified a new side-channel attack impacting all modern Intel server processors made since 2012. The vulnerability could allow bad actors to sniff out encrypted passwords as they are being typed into a secure shell session (SSH); but, luckily, such an attack would be difficult to launch. The attack, disclosed on Tuesday and dubbed NetCAT (short for Network Cache ...
- Microsoft patches two zero-days in massive September 2019 Patch Tuesday
September 10, 2019
Microsoft has published today 80 security fixes across 15 products and services, as part of the company’s monthly batch of security updates, known as Patch Tuesday. Of the 80 vulnerabilities patched today, two are so-called zero-days — security flaws that had been exploited in the wild before Microsoft released fixes. The two zero-days are CVE-2019-1214 and CVE-2019-1215. Both are ...
- Uncovering IoT Threats in the Cybercrime Underground
September 10, 2019
Amid the growth of the internet of things (IoT), manufacturers and integrators are testing the limits of how the technology can be applied, as seen in how new forms of connected devices are hitting the market. Some applications play critical roles in industries while others provide more convenience for consumers. The wide spectrum of IoT ...
- Critical Exim Flaw Opens Millions of Servers to Takeover
September 9, 2019
Researchers are urging users to upgrade their Exim servers immediately after millions of servers were found to be vulnerable to a critical flaw that could allow a remote, unauthenticated attacker to take full control of them. Exim, which is free software used on Unix-like operating systems (including Linux or Mac OSX) serves as a mail transfer ...
- ‘USBAnywhere’ Bugs Open Supermicro Servers to Remote Attackers
September 3, 2019
Trivial-to-exploit authentication flaws can give an unsophisticated remote attacker ‘omnipotent’ control over a server and its contents. Authentication vulnerabilities in the baseboard management controllers (BMCs) of Supermicro X9-X11 servers have been discovered that allow a remote attacker to easily connect to a server and mount any virtual USB device of their choosing. The bugs, collectively dubbed USBAnywhere, ...
- Android Zero-Days Now Worth More Than iPhone Exploits
September 3, 2019
Exploit broker Zerodium has implemented a $2.5 million price tag for a zero-click 0-day in Android. An Android zero-day exploit is now worth more than one for the iPhone on the global cyberweapons market. Exploit acquisition vendor Zerodium said Tuesday that it is willing to pay a whopping $2.5 million for a zero-click Android zero-day with persistence. ...