Google makes a big security change, but other companies must follow

Credit to Author: Evan Schuman| Date: Mon, 17 May 2021 03:05:00 -0700

In a wonderful cybersecurity move that should be replicated by all vendors, Google is slowly moving to make multi-factor authentication (MFA) default. To confuse matters, Google isn’t calling MFA “MFA;’ instead it calls it “two-step verification (2SV).”

The more interesting part is that Google is also pushing the use of FIDO-compliant software that is embedded within the phone. It even has an iOS version, so it can be in all Android as well as Apple phones.

To be clear, this internal key is not designed to authenticate the user, according to Jonathan Skelker, product manager with Google Account Security. Android and iOS phones are using biometrics for that (mostly facial recognition with a few fingerprint authentications) — and biometrics, in theory, provides sufficient authentication. The FIDO-compliant software is designed to authenticate the device for non-phone access, such as for Gmail or Google Drive.

To read this article in full, please click here

Read more

Social engineering, fake App Stores, hit iOS, Sophos warns

Credit to Author: Jonny Evans| Date: Thu, 13 May 2021 08:26:00 -0700

I didn’t entirely mean to focus on Apple device security for most of this week (see here and here), but new Sophos research should interest any enterprise working to enhance security awareness.

Breaking bad

The research looks at 167 counterfeit apps used to scam iOS and Android users. Those that impact Apple’s mobile OS particularly stood out, as they show the increasing sophistication of malware authors.

To read this article in full, please click here

Read more

Jamf adds zero trust security to the Apple enterprise

Credit to Author: Jonny Evans| Date: Wed, 12 May 2021 10:38:00 -0700

Read more

Enterprises need to get smart about iOS security

Credit to Author: Jonny Evans| Date: Tue, 11 May 2021 09:02:00 -0700

The XcodeGhost malware attack that allegedly affected 128 million iOS users is an excellent illustration of the kind of sophisticated attack all users should get ready to defend against as platforms become inherently more secure.

Designer label malware

XcodeGhost was an intelligent exploit that presented itself as a malware-infested copy of Xcode made available via websites targeting Chinese developers. Developers in the region downloaded it because it was easier to get than the real code because local networks wereunreliable.

To read this article in full, please click here

Read more

What is Smishing? The 101 guide

Credit to Author: Malwarebytes Labs| Date: Thu, 29 Apr 2021 18:51:13 +0000

Smishing is a combination of the words “phishing” and “SMS”, to indicate phishing sent across your mobile network in the form of a text.

Categories: Mobile

Tags:

(Read more…)

The post What is Smishing? The 101 guide appeared first on Malwarebytes Labs.

Read more

A highly sarcastic Android security warning

Credit to Author: JR Raphael| Date: Thu, 29 Apr 2021 06:38:00 -0700

Holy floppin’ hellfire, Henry! Have you heard? A terrifying new form of Android malware is running amok — stealing passwords, emptying bank accounts, and drinking all the grape soda from the refrigerators of unsuspecting Android phone owners.

We should all be quivering in our rainboots, according to almost all the information I’ve read on these here internets. Numerous adjective-filled news stories have warned me that the “scary new Android malware” is “spreading quickly,” targeting “millions” (millions!) of users, and occasionally even “kicking people square in the groin.” (All right, so I made that last part up. But you get the idea.)

To read this article in full, please click here

Read more

How long until Apple boots apps from its stores for privacy issues?

Credit to Author: Jonny Evans| Date: Wed, 28 Apr 2021 09:13:00 -0700

Apple will inevitably begin enforcing the privacy requirements it has put in place across its ecosystem, meaning developers who attempt to avoid or dissemble their way around these protections should expect action, including removal from the App Store.

What Apple is doing

Everyone recognizes how seriously Apple takes privacy. Statement by statement and all through iterative software and product releases, the company is making it crystal clear that it believes privacy is essential to achieve the potential of digital transformation.

To read this article in full, please click here

Read more

Rethinking mobile security in a post-COVID workplace

Credit to Author: Evan Schuman| Date: Mon, 26 Apr 2021 06:10:00 -0700

In the world of enterprise mobile security, sometimes horrible situations force security corner-cutting to preserve the company. And COVID-19 forcing companies to empty office buildings and move everything (and everyone) to remote locations and the cloud in March 2020 is the classic example. What led to the security shortcuts was not just the abrupt change to work from home, but the fact that companies typically had to make the transition in a few days.

Add to that increased problems with IoT security — especially as IoT devices in home environments accessed global systems via VPNs, sometimes spreading malware through the pipeline — and you have a mess. A recent Verizon mobile security report put it bluntly: “Almost half of respondents admitted that their company had knowingly cut corners on mobile device security. That’s an increase from our 2020 report when the figure was 46%. The proportion rises to two-thirds [67%] in our IoT sample. And of those remaining, 38% (27% IoT) came under pressure to do so. Another way of looking at this is that 68% came under pressure to cut corners and 72% of those succumbed.”

To read this article in full, please click here

Read more