Security News
The ioXt Alliance announced that it is expanding its ioXt Compliance Program with a new mobile application profile with added requirements for VPN applications. Defined collaboratively by technology companies such as Google and Amazon, in partnership with security labs, NowSecure, NCC Group, DEKRA, Onward Security and 7layers, and aligned with the initiatives set forth by VPN Trust Initiative, these new security standards for the mobile app and VPN markets will bring transparency and visibility to consumer and enterprise buyers, to advance security in the IoT industry as a whole.
On Thursday the ioXt Alliance, an Internet of Things security trade group backed by some of the biggest names in the business, introduced a set of baseline standards for mobile apps, in the hope that IoT security may someday be a bit less of a dumpster fire. The announcement of the new Mobile Application Profile [PDF], a certification program covering best practices and requirements to keep mobile apps safer than the low bar of vendor discretion, comes from the collaboration of more than 20 ioXt member companies like Amazon, Comcast, Google, and others.
SmartBear has integrated TestComplete, its UI test automation tool, with BitBar, its native mobile device cloud. TestComplete users are now able to create a codeless mobile test and then use these tests in BitBar across devices.
Inkscreen announced that the company has signed a strategic reseller agreement with Vertosoft. Under the agreement, Vertosoft will offer Inkscreen's CAPTOR mobile camera app to federal, state and local government agencies to help their employees secure business photos and other work content captured on their personal devices.
Syniverse announced they are working together with Hitachi America to empower its digital solution with Syniverse CPaaS Concierge. Syniverse and Hitachi are collaborating to offer a real-time messaging and passenger journey optimization solution to the Capital Area Transit System, the regional transit authority for the Baton Rouge, La. metropolitan area.
The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses. Gemini shared a new sales thread on a Russian-language crime forum that included my ParkMobile account information in the accompanying screenshot of the stolen data.
Gartner predicted in 2018 that at least "80 percent of worker tasks" would shift to mobile devices by 2020. The mobile device that an employee uses to access their corporate data in platforms such as Google Workspace or Office 365 might be used later to browse social media or download a new app for personal use.
According to the Verizon Business Mobile Security Index 2021, the massive shift to remote work caused by the COVID-19 pandemic left many businesses knowingly vulnerable to attacks from employees' mobile devices. Of the more than 850 businesses surveyed for the report, 40% said mobile devices are their company's biggest IT security threat, yet 45% still sacrificed the security of mobile devices to enhance useability, meeting business needs or meeting project deadlines or productivity targets.
Mobile providers are exposing sensitive data Sensitive data is at significant risk via form data exposure: Forms used to capture credentials, banking details, passport numbers, etc. 100% of the websites are vulnerable to cross-site scripting: The most widespread website attack, which frequently results in significant sensitive data leakage.
Dear Readers, this has been long overdue, but at last I give you a more responsive, mobile-friendly version of KrebsOnSecurity. We tried to keep the visual changes to a minimum and focus on a simple theme that presents information in a straightforward, easy-to-read format.