mobile device management | Breaking Cybersecurity News | The Hacker News

FileWave's mobile device management (MDM) system has been found vulnerable to two critical security flaws that could be leveraged to carry out remote attacks and seize control of a fleet of devices connected to it. "The vulnerabilities are remotely exploitable and enable an attacker to bypass authentication mechanisms and gain full control over the MDM platform and its managed devices," Claroty security researcher Noam Moshe  said  in a Monday report. FileWave MDM is a cross-platform mobile device management solution that allows IT administrators to manage and monitor all of an organization's devices, including mobile phones, tablets, laptops, workstations, and smart TVs. The platform functions as a channel to push mandatory software and updates, change device settings, and even remotely wipe devices, all of which is delivered from a central server. The two issues identified by the operational technology firm relate to an authentication bypass (CVE-2022-34907) a...

India-linked highly targeted mobile malware campaign, first unveiled two weeks ago , has been found to be part of a broader campaign targeting multiple platforms, including windows devices and possibly Android as well. As reported in our previous article , earlier this month researchers at Talos threat intelligence unit discovered a group of Indian hackers abusing mobile device management (MDM) service to hijack and spy on a few targeted iPhone users in India. Operating since August 2015, the attackers have been found abusing MDM service to remotely install malicious versions of legitimate apps, including Telegram, WhatsApp, and PrayTime, onto targeted iPhones. These modified apps have been designed to secretly spy on iOS users, and steal their real-time location, SMS, contacts, photos and private messages from third-party chatting applications. During their ongoing investigation, Talos researchers identified a new MDM infrastructure and several malicious binaries – designed...

The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture.  The solution is more complex. For this article, we'll focus on the device threat vector. The risk they pose is significant, which is why device management tools like Mobile Device Management (MDM) and Endpoint Detection and Response (EDR) are essential components of an organization's security infrastructure. However, relying solely on these tools to manage device risk actually creates a false sense of security. Instead of the blunt tools of device management, organizations are looking for solutions that deliver device trust . Device trust provides a comprehensive, risk-based approach to device security enforcement, closing the large gaps left behind by traditional device management solutions. Here are 5 of those limitations and how to ov...

Security researchers have uncovered a "highly targeted" mobile malware campaign that has been operating since August 2015 and found spying on 13 selected iPhones in India. The attackers, who are also believed to be operating from India, were found abusing mobile device management (MDM) protocol—a type of security software used by large enterprises to control and enforce policies on devices being used their employees—to contol and deploy malicious applications remotely. Exploiting Apple MDM Service to Remotely Control Devices To enroll an iOS device into the MDM requires a user to manually install enterprise development certificate, which enterprises obtained through the Apple Developer Enterprise Program. Companies can deliver MDM configuration file through email or a webpage for over-the-air enrollment service using Apple Configurator. Once a user installs it, the service allows the company administrators to remotely control the device, install/remove apps, in...

How many of you have an issue to forget your mobile phones? I guess, most of us. Sometimes in our homes, sometimes in our offices, sometimes in our cars and sometimes we even don't remember the exact place where we left our phones.  Now, Finding your phone is as simple as searching something on Google ... Instead of searching your phone everywhere, just ask Google where your phone is, and the search engine giant will answer you the exact place where you left your smartphone.  Sound's interesting! Google unveiled a new feature on Wednesday that lets you search for your Android smartphone or tablet using the search engine on your desktop computer. How does it work? Log-in to the same Google account on your desktop computer's browser that you use on your Android smartphone, but before that make sure you must have the latest version of the Google app installed on your smartphone. Now type " Find my phone " into Google's search engine, a...