This week we celebrate International Women’s Day! What better day for Girls Who Code to announce their inaugural Global Girls Summit happening October 11, and for Girl Scouts of USA to make note of the new cybersecurity badges coming later this year (September 2018)!
Now onto this week’s #MobSec5:
- Cybersecurity joins the mix of variables in M&A
- MoviePass app tracks your location – and the CEO is proud of it
- Android apps infected with Windows malware
Thanks for reading. Have a great weekend, be good, and stay safe.
Subscribe now to receive #MobSec5 updates each Friday in your inbox.
Android Security Bulletin—March 2018
(Android Open Source Project)
“The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.”
Cybersecurity Gets Added to the M&A Lexicon
“From the banks involved to the legal departments drafting the deal, the importance of an acquisition target’s security posture cannot be denied.”
Fortunately, you can quickly vet an acquisition target company’s mobile app vulnerabilities using NowSecure INTEL during due diligence and before the transaction is complete. NowSecure INTEL makes it simple to assess the security, compliance, and privacy of any app on the Apple® App Store® or Google Play™ to understand its risk profile and decide whether to allow use of the app within your environment. Want to see more?
>>> Request a free NowSecure INTEL mobile app security report.
“Everyone knew the MoviePass deal is too good to be true — and as is so often the case these days, it turns out you’re not the customer, you’re the product.”
“Android P could give even the most ardent iPhone fans a run for their money.”
Mobile malware evolution 2017
“For the last few years, rooting malware has been the biggest threat to Android users. These Trojans are difficult to detect, boast an array of capabilities, and have been very popular among cybercriminals.”
“Zscaler ThreatLabZ found hundreds of Android apps infected with Windows iframe malware on Google Play Store.”
The InfoSec Amnesty Q&A
“The reality is that there are a number of subjects in information security which many people who are otherwise quite competent professionals in the field are confused by. To try to alleviate this problem, I anonymously polled hundreds of infosec students and professionals about what topics they’re still having trouble wrapping their heads around. A few subjects and concepts rose to the top immediately: Blockchain, the Frida framework, DNSSEC, ASLR (and various associated bypasses), and PKI.”
We agree it’s tough to keep up with the ever-changing, increasingly complex threat landscape. NowSecure is lucky to have the creators of both OSS projects of Frida and Radare on staff to provide their first-hand expertise and help us build the best-of-breed automated mobile app security testing software available in the industry today. To get the latest updates on both R2 and Frida OSS projects and peek behind the curtains on the tools, check out our recent webinar led by NowSecure Research Team including David Weinstein, Ole André (Creator of Frida) and Sergi “Pancake” Àlvarez (Creator of Radare).
“But Onavo – and Facebook’s – primary interest isn’t on personal security. It’s about finding a way on users’ phones in order to monitor mobile activity and learn what new apps could be taking attention away from Facebook’s social network.”
Encryption 101: How to break encryption – Malwarebytes Labs
“Continuing on in our Encryption 101 series, we now look at what it takes to break encryption. In order for something as powerful as encryption to break, there needs to be some kind of weakness to exploit. That weakness is often a result of an error in implementation.”
LTE security flaws could be used for spying, spreading chaos
“A flight of new research papers show 4G LTE networks can be exploited for all sorts of badness.”
If you want to receive #MobSec5 updates each Friday in your inbox, subscribe now.