Mobile Threat Research
MITRE Adds Appthority as CVE Numbering Authority (CNA)
Seth Hardy | | Appthority, Appthority News, CNA, CVE, CVE Numbering Authority, enterprise app risks, enterprise mobile security, MITRE, Mobile Security, Mobile Threat Research
On Sep 7, 2018, MITRE announced that Appthority has joined 89 other organizations as a CVE Numbering Authority (CNA). Appthority is the first CNA that is focused on enterprise mobile threat research, ...
Appthority Discovers Thousands of Apps with Firebase Vulnerability Exposing Sensitive Data
Kevin Watkins | | data leakage, database, developers, enterprise security, Firebase, HospitalGown, mobile app risk, Mobile Security Insights, Mobile Security Tips, Mobile Threat Research, Security Research, vulnerability
Appthority has discovered a significant mobile data vulnerability related to Google Firebase which has resulted in the exposure of a wide range and large amounts of sensitive data through thousands of mobile ...
ZipperDown: Remote Code Execution Attack on iOS Apps
Su Mon Kywe | | .zip, Android vulnerability, insecure mobile apps, iOS Vulnerability, mitm, mobile app risk, Mobile Security Insights, mobile threat protection, Mobile Threat Research, Pangu Lab, Remote Code Execution, remote code execution attack, risky mobile apps, unencrypted wifi, unencrypted zip files, vulnearbilities, zip files, ZipperDown
On May 15, 2018, Pangu Lab announced the ZipperDown vulnerability, which allows a remote code execution attack on iOS apps. Although Pangu Lab did not disclose the details of the ZipperDown vulnerability, ...
RSA App Exposes User Data Due to Common Developer Mistake
Michael Bentley | | app secuirty, app vulnerabilities, app-security, dataprivacy, developer errors, hard-coded credentials, Mobile Security, Mobile Security Insights, Mobile Threat Research, rsa, RSA Conference 2018, Security Conference
Late last week security researchers found the RSA security conference exposing conference attendee data via vulnerabilities in its mobile app. Because a 3rd party developer had hard coded data – including security ...