NowSecure had a great week at Jenkins World/DevOps World capped by the exciting debut of the NowSecure AUTO plug-in for automated mobile appsec testing in the Jenkins app store. The addition demonstrates our commitment to ease the process of shifting left by ensuring the security of mobile apps in the dev pipeline.
Your highlights from the week are as follows:
- Phishers infiltrate Google Play store with fake banking apps
- FBI warns of edtech cyberthreats that jeopardize student privacy
- WebKit vulnerability can crash iOS and macOS devices
- Implement best practices for overcoming SMS security issues
- Apple iOS 12 boasts enhanced security features
Subscribe now to receive #MobSec5 updates each Friday in your inbox.
Fake finance apps used by cybercrooks to phish online banks
(We Live Security)
“Cybercriminals have once again managed to wriggle their way on to the official Google Play store, this time by using bogus apps to phish six online banks and a cryptocurrency exchange.”
The malicious apps use obfuscation and were installed more than 1,000 times before being removed by Google. While these particular phishers targeted banking customers overseas, risky apps are a serious threat across the globe. We can’t stress enough that enterprises shouldn’t assume third-party Android and iOS apps are safe. Verify for yourself with a free NowSecure INTEL mobile app security report.
“The FBI goes on to warn that school-issued laptops and tablets or monitoring devices, such as in-school surveillance cameras and microphones, especially those with remote-access capabilities, are vulnerable to intrusion.”
“A security researcher has discovered a vulnerability in the WebKit rendering engine used by Safari that crashes and restarts the iOS operating system used by iPhones and iPads.”
Ransombile: Yet another reason to ditch SMS
“News like the Apple vs FBI case help spread the idea that if a mobile device is locked, encrypted and protected with a PIN or biometrics, it is secure. The truth is, major OS including iOS and Android help and encourage you to downgrade security on locked devices through certain features and insecure settings.”
Martin Vigo offers several useful suggestions for ensuring security of your mobile device. While we’re on the topic of recommendations, the NowSecure guide “Secure Mobile Development Best Practices” contains more than 50 useful tips for strengthening the security of your mobile apps. Download it today.
“Two-factor authentication is also getting a boost. iOS 12 will detect an authentication code sent via SMS text message or via an app and automatically fill it in. This will make 2FA significantly less onerous and probably improve adoption.”
If you want to receive #MobSec5 updates each Friday in your inbox, subscribe now.