A widely used brand of GPS location-tracking devices - for keeping tabs on children, elderly relatives and pets - have security flaws that could allow anyone with an internet connection to track the devices' real-time location and historical movements, warns security firm Avast.
How do organizations know if their app and network security is sufficient to protect them from data breaches - or if their defenses are even working? Paul Dant of Arxan talks about the evolution of mobile/web app security.
Researchers at Kaspersky discovered malware hiding in advertising within a recent version of the popular CamScanner app for Android smartphones. Over the years, the app has been downloaded over 100 million times from the Google Play store.
Since at least 2016, hacked websites have targeted zero-day flaws in current versions of Apple iOS to surreptitiously implant data-stealing and location-tracking malware, says Google's Project Zero team. Apple patched the latest vulnerabilities in February.
Complex configurations don't mix well with rapidly spun-up components, and when your company uses multiple cloud providers to host your critical assets, the odds of a major security event get that much higher.
So how do you close visibility gaps and integrate conflicting datasets from different providers, and how...
Choice Hotels says about 700,000 guest records were exposed after one of its vendors copied data from its systems. Fraudsters discovered the unsecured database and tried to hold the hotel chain to ransom, which it ignored.
A flood of new technology is racing toward the financial services industry - most notably, increased automation for internal processes to improve margins, as well as the development of new software to create a complete and seamless customer experience in traditional, online, and mobile banking.
The U.S. Securities and Exchange Commission is investigating the exposure of personal and mortgage-related records from First American Financial Corp., according to security blogger Brian Krebs. First American spent $1.7 million on the incident in its second quarter, but investigations and lawsuits are looming.
The web, mobile, and API-based applications that power your digitally-connected organization are under attack by malicious automated bots and bad actors. Unfortunately, many of these attacks are undetectable by traditional security technologies. So how bad is the problem, and what can you do to protect yourself? ...
Apple is opening up its bug bounty program to all researchers, increasing the rewards and expanding the scope of qualifying products in a bid to attract tips on critical software flaws. The changes were announced at last week's Black Hat security conference in Las Vegas.
A new variant of the Ursnif Trojan is targeting vulnerable systems in an attempt to steal banking passwords and other credentials. The malware is spreading through infected Microsoft Word documents, and it has the ability to evade advanced security filters, according to security researchers at Fortinet.
A complete list of mobile app security testing requirements, right at your fingertips.
Download this white paper and to learn more about covering your bases with the answer to these three key questions:
What types of testing are necessary?
What are all the areas of coverage?
What additional requirements does...
We frequently talk to enterprise leaders tasked with implementing the right mobile app security testing solutions. Choosing the right solution depends on how many apps your organization develops, how frequently you push updates to those apps, how often you plan to test those apps, and what mobile app security metrics...
Researchers with Armis have disclosed 11 zero-day vulnerabilities in the VxWorks real-time operating system that is used in some 2 billion embedded devices. Of all the "Urgent/11" vulnerabilities, six of the flaws are considered critical.
Did you know that public exploits for business applications have increased 100 percent since 2015? Today, over 77 percent of the world's transactional revenue touches an ERP system, making these applications an attractive target for cyber criminals looking to profit from the highly-sensitive and regulated data that...