In an increasingly digital world, the importance of mobile security cannot be overstated. With millions of apps available on Google’s Play Store and Apple’s App Store, users trust developers to safeguard their personal information. Unfortunately, this trust is often misplaced.
A key step in preventing unauthorized access to user data is encryption, especially when it comes to moving data from device to server and back again. If implemented incorrectly by app developers, it can expose users to a host of potential attack scenarios, including data theft, eavesdropping, and man-in-the-middle (MitM) attacks, just to name a few.
Read more…
Source: Symantec
Related:
- New “Goldoon” Botnet Targeting D-Link Devices
May 1, 2024
In April, FortiGuard Labs observed a new botnet targeting a D-Link vulnerability from nearly a decade ago, CVE-2015-2051. This vulnerability allows remote attackers to execute arbitrary commands via a GetDeviceSettings action on the HNAP interface. As a result, an attacker can create a crafted HTTP request with a malicious command embedded in the header. Fortinet IPS ...
- Cybersecurity researchers spotlight a new ransomware threat – be careful where you upload files
April 26, 2024
Today’s browsers are almost operating systems unto themselves. They can run software programs and encrypt files. These capabilities, combined with the browser’s access to the host computer’s files – including ones in the cloud, shared folders and external drives – via the File System Access API creates a new opportunity for ransomware. Imagine you want to ...
- Governments issue alerts after ‘sophisticated’ state-backed actor found exploiting flaws in Cisco security boxes
April 25, 2024
A previously unknown and “sophisticated” nation-state group compromised Cisco firewalls as early as November 2023 for espionage purposes — and possibly attacked network devices made by other vendors including Microsoft, according to warnings from the networking giant and three Western governments. A Cisco spokesperson declined to comment on which country the snooping crew – tracked as ...
- Almost every Chinese keyboard app has a security flaw that reveals what users type
April 24, 2024
Almost all keyboard apps used by Chinese people around the world share a security loophole that makes it possible to spy on what users are typing. The vulnerability, which allows the keystroke data that these apps send to the cloud to be intercepted, has existed for years and could have been exploited by cybercriminals and state ...
- Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400
April 22, 2024
This threat brief is frequently updated as new threat intelligence is available for us to share. The full update log is at the end of this post and offers the fullest account of all changes made. Updated April 19 to include information on observed levels of attempted exploitation and relative prevalence of those levels, with unsuccessful ...
- MITRE says it was hit by hackers exploiting Ivanti flaws
April 22, 2024
The not-for-profit research and development organization MITRE suffered a cyberattack early this year, with the attack apparently hindering some operations, but there was no talk of stolen data. In a breach notification published on the MITRE website late last week, CEO and president Jason Providakes explained what happened and what the organization was doing about it. Read ...