How mobile use cases in financial services are affecting security

Financial services organizations are increasingly exposed to cyber threats, according to Wandera. The report “​Mobile Security in the Financial Services​,” includes analysis of six months of security data from 225 financial services customers with 50,0… Continue reading How mobile use cases in financial services are affecting security

Protect privacy and provide secure mobile access to corporate data

In this Help Net Security podcast, Mike Campin, VP of Engineering at Wandera, talks about how their solution solves a problem that every business is facing today, which is how to fully embrace the mobile and cloud revolution, whilst ensuring that their… Continue reading Protect privacy and provide secure mobile access to corporate data

A zombie game with 50,000 Play Store downloads is pulling sensitive data from Gmail

An Android game with more than 50,000 downloads from the Google Play Store attempts to collect scores of data from users’ Google accounts — including Gmail usernames and passwords — alongside other dubious behaviors, according to forthcoming research provided exclusively to CyberScoop. Researchers from the mobile security company Wandera have identified the app, called “Scary Granny ZOMBY Mod: The Horror Game 2019,” as a malicious program that launches persistent full-screen advertisements on users’ phones, and asks some to enter their Google credentials. Upon receiving a victim’s username and password, the program automatically logs into users’ Google accounts and collects personal data for a purpose that researchers are still trying to determine, according to Michael Covington, vice president of product at Wandera. “There is no doubt in my mind that this app is malicious and puts private user data at risk,” he said. “It’s logging into the profile section of your Gmail and […]

The post A zombie game with 50,000 Play Store downloads is pulling sensitive data from Gmail appeared first on CyberScoop.

Continue reading A zombie game with 50,000 Play Store downloads is pulling sensitive data from Gmail

Two-thirds of iOS apps don’t use App Transport Security

Most iOS apps don’t take advantage of App Transport Security​ (ATS), a networking security feature offered by Apple that ensures encrypted connections between apps and the servers they communicate with. The main reason, it seems, might be interru… Continue reading Two-thirds of iOS apps don’t use App Transport Security

Photos: Infosecurity Europe 2019 expo floor

Infosecurity Europe 2019 is taking place this week in London. Here’s a view of the expo floor, the featured vendors include: Qualys, Anomali, Wandera, Proofpoint, AlgoSec, Rapid7, Redscan, Splunk.
The post Photos: Infosecurity Europe 2019 expo fl… Continue reading Photos: Infosecurity Europe 2019 expo floor

The ‘permission’ question is much different for iOS and Android apps, researchers say

It’s 2019, and digital scammers are going mobile. Do you know what your permissions allow? An analysis of 30,000 iOS applications released Wednesday by Wandera shows that social networking, weather, and e-commerce apps request access to lots of valuable information about users. Sixty-two percent of the iOS apps examined sought permission to a user’s photo library, while 55 percent requested camera access and 51 percent wanted to know a mobile user’s location. While app developers said they sought user permissions for a number of reasons — typically for functionality or for marketing purposes — Wandera’s research demonstrates the different risks mobile-device users can be up against, depending on what’s in their pocket. While hackers may exploit Androids to steal financial information or mine for cryptocurrency, iOS apps may abuse user trust for reasons that are less clear-cut. The London-based company’s previous research found that most Android apps asked for permission to connect to technical functions, […]

The post The ‘permission’ question is much different for iOS and Android apps, researchers say appeared first on CyberScoop.

Continue reading The ‘permission’ question is much different for iOS and Android apps, researchers say

E-ticketing system exposes airline passengers’ personal information via email

At least eight airlines, including Southwest, use e-ticketing systems that could allow hackers to access sensitive information about travelers merely by intercepting emails, according to research published Wednesday by the mobile security company Wandera. The systems fail to secure customers’ personally identifiable information, including names, boarding passes, passport numbers and flight numbers, Wandera said. The email vulnerabilities still exist, Wandera found, even though researchers notified affected companies weeks ago, and despite growing corporate awareness about the risks associated with sacrificing security for convenience. The weakness is a check-in link that is emailed to customers, Wandera researchers found. Customer information is embedded in the links, allowing travelers to travel from their email to a website where they check in for a flight without needing to enter their username and password. However the links are unencrypted and re-usable, presenting a tempting target for hackers, according to Michael Covington, vice president of product at Wandera. […]

The post E-ticketing system exposes airline passengers’ personal information via email appeared first on CyberScoop.

Continue reading E-ticketing system exposes airline passengers’ personal information via email

iOS users are 18x more likely to be phished than to download malware

Phishing is the number one mobile threat affecting organizations. The Wandera’s Phishing Report 2018 shows that iOS users are 18x more likely to be phished than to download malware, and that 4000 new mobile phishing websites are launched every da… Continue reading iOS users are 18x more likely to be phished than to download malware

New Android malware steals user data, records audio and incurs phone charges

A newly discovered family of mobile malware can siphon sensitive data from unsuspecting victims’ phones, record audio and trick users into incurring premium charges on their phone bills. Mobile security company Wandera said in its report about the malware, called RedDrop, that it is “one of the most sophisticated pieces of Android malware” it has seen in wide distribution. RedDrop is hidden in a set of third-party apps — generally downloaded outside of official Android channels — that appear to provide some functionality, like calculators, image editors or games. The malware has invasive capabilities that Wandera says can be used to ultimately blackmail victims. Spyware in RedDrop can collect data such as local files and photos, device information and nearby Wi-Fi networks. It can also record audio from the device’s surroundings. RedDrop sends all this data to cloud storage services belonging to the attackers “to be used in their extortion schemes and as the foundation to […]

The post New Android malware steals user data, records audio and incurs phone charges appeared first on Cyberscoop.

Continue reading New Android malware steals user data, records audio and incurs phone charges