Mobile insecurity

2011-06-01

Helen Martin

Virus Bulletin, UK
Editor: Helen Martin

Abstract

Report reveals lax security when it comes to hte use of mobile devices in the workplace.

Copyright © 2011 Virus Bulletin

A report compiled by McAfee and Carnegie Mellon University has revealed lax security when it comes to the use of mobile devices in the workplace.

A survey of more than 1,500 users of mobile devices and senior IT decision-makers found that, while 95% of organizations have a mobile security policy in place, only one in three employees are aware of such policies. The survey found that almost half of users store sensitive information on their mobile devices – whether personal or business-related – and that 40% of organizations have had mobile devices lost or stolen. Almost 60% of the lost or stolen devices were said to contain business-critical data.

Meanwhile, four in 10 organizations allow employees to access the Internet and download mobile apps freely using their mobile devices – a risky strategy given the potential for third-party apps to harbour malicious code.

Some of the risks associated with the use of mobile devices will be highlighted at VB2011 in Barcelona in presentations looking at Android malware (specifically the dangers associated with the Android Market and third-party apps) as well as cell phone money laundering. See http://www.virusbtn.com/conference/vb2011/ for details.

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest articles:

Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

Aditya Sood & Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited to compromise the C&C panel in order to gather threat intelligence, and present a model of mobile AppInjects.

Cryptojacking on the fly: TeamTNT using NVIDIA drivers to mine cryptocurrency

TeamTNT is known for attacking insecure and vulnerable Kubernetes deployments in order to infiltrate organizations’ dedicated environments and transform them into attack launchpads. In this article Aditya Sood presents a new module introduced by…

Collector-stealer: a Russian origin credential and information extractor

Collector-stealer, a piece of malware of Russian origin, is heavily used on the Internet to exfiltrate sensitive data from end-user systems and store it in its C&C panels. In this article, researchers Aditya K Sood and Rohit Chaturvedi present a 360…

Fighting Fire with Fire

In 1989, Joe Wells encountered his first virus: Jerusalem. He disassembled the virus, and from that moment onward, was intrigued by the properties of these small pieces of self-replicating code. Joe Wells was an expert on computer viruses, was partly…

Run your malicious VBA macros anywhere!

Kurt Natvig wanted to understand whether it’s possible to recompile VBA macros to another language, which could then easily be ‘run’ on any gateway, thus revealing a sample’s true nature in a safe manner. In this article he explains how he recompiled…


Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.