Security News

Thousands of ISO certifications at risk of lapsing due to halted re-certification auditsThousands of valuable ISO management system certifications earned by UK companies may now be at risk because auditors from Certification Bodies may not have been able to attend organizations' premises to conduct essential re-certification audits during the current coronavirus pandemic. Kali Linux 2020.3 released: A new shell and a Bluetooth Arsenal for NetHunterOffensive Security has released Kali Linux 2020.3, the latest iteration of the popular open source penetration testing platform.

According to a recent report by Malwarebytes, mobile banking malware has surged over recent months, focused on stealing personal information and using weakened remote connections and mobile devices in a work-from-home environment to gain access to more valuable corporate networks. Securing mobile is a laborious task that requires mobile app developers to factor in several entities, including device manufacturers, mobile operating system developers, app developers, mobile carriers, and service providers.

ACA Compliance Group announced the launch of the mobile app version of its ComplianceAlpha platform for risk and compliance management. Designed to provide financial services firms with an on-the-go hub for compliance management, communication, resources, thought leadership, and future ComplianceAlpha functionality, ACA's ComplianceAlpha mobile app provides both employees and compliance teams with an easier, more accessible compliance experience.

Researchers have discovered an attack on the Voice over LTE mobile communications protocol that can break its encryption and allow attackers to listen in on phone calls. Dubbed ReVoLTE, the attack - detailed by a group of academic researchers from Ruhr University Bochum and New York University Abu Dhabi - exploits an implementation flaw in the LTE cellular protocol that exists at the level of a mobile base station.

KoolSpan and the National Geospatial-Intelligence Agency announced the availability of TrustCall, a secure mobile communications application, to all DoD and IC users for iOS and Android, via the GEOINT App Store. The threats are posed by systemic vulnerabilities in the global telecommunications infrastructure that readily enable interception and monitoring of mobile communications, both voice and data.

The Wall Street Journal has an article about a company called Anomaly Six LLC that has an SDK that's used by "More than 500 mobile applications." Through that SDK, the company collects location data from users, which it then sells. Anomaly Six is a federal contractor that provides global-location-data products to branches of the U.S. government and private-sector clients.

A series of vulnerabilities affecting Samsung's Find My Mobile could have been chained to perform various types of activities on a compromised smartphone, a researcher from Portugal-based cybersecurity services provider Char49 revealed at the DEF CON conference on Friday. Find My Mobile is designed to help users find lost Samsung phones.

The United States National Security Agency has issued new advice on securing mobile devices that says location services create a security risk for staff who work in defence or national security. The new guide [PDF], titled "Limiting Location Data Exposure", notes that smartphones, tablets and fitness trackers "Store and share device geolocation data by design."

A report released Monday by network monitoring provider Gigamon looks at the use of mobile devices on business networks and the risks posed by mobile malware and inadequate security. The report also offers several pieces of advice on protecting your organization from mobile threats.

A mobile spearphishing attack targeting "a small number of employees" is what led to the unprecedented, major attack earlier in the month on high-profile Twitter accounts to push out a Bitcoin scam. On the day of the attack, Twitter revealed that the accounts fell victim to a compromise of the company's internal systems by a group of unidentified hackers that managed to access Twitter company tools and secure employee privileges.