Posts

NSA releases guidance on voice and video communications security

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


The National Security Agency (NSA) has released a new report giving organizations insight into the current best practices around the security of unified communications (UC) and voice and video over IP (VVoIP).

The report, titled Deploying Secure Unified Communications/Voice and Video over IP Systems, also looks at the potential risks to improperly secured UC/VVoIP systems.

Modern communications infrastructure in most organizations is tightly integrated with other IT networks, increasing the attack surface for hackers to gain access. The NSA said that UC/VVoIP devices would pose the same hacking risks to organizations through spyware, viruses, software vulnerabilities, or other malicious means if left inadequately secured.

“Malicious actors could penetrate the IP networks to eavesdrop on conversations, impersonate users, commit toll fraud and perpetrate denial of service attacks,” the NSA said in a statement.

“Compromises can lead to high-definition room audio and/or video being covertly collected and delivered to a malicious actor using the IP infrastructure as a transport mechanism.”

The report outlined the tips and tricks organizations should undertake to enhance security, such as segmenting voice and video traffic from data traffic and separate IP address ranges to limit access to a common set of devices.

In addition to using VLANs, administrators should also use access control lists and routing rules to limit access to devices across VLANs. According to the NSA, this makes it more difficult for a malicious actor to access open services on phones and servers from outside the VLAN.

Another best practice the NSA outlined is implementing layer 2 protections and address resolution protocol (ARP) and IP spoofing defenses. It also recommended only using switches with these protections. 

The NSA also said that PSTN gateways should authenticate all UC/VVoIP connections and not allow calls directly from IP phones without the UC/VVoIP server’s permission.

The agency also urged organizations to use only vendor-signed patches downloaded from trusted sources. 

The NSA said taking advantage of a UC/VVoIP system’s benefits, such as cost savings in operations or advanced call processing,…

Source…

Intertrust Releases 2021 Report on Mobile Finance App Security | Business

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


SAN FRANCISCO–(BUSINESS WIRE)–Jun 2, 2021–

Intertrust, the pioneer in digital rights management (DRM) technology and leading provider of application security solutions, today released its 2021 State of Mobile Finance App Security Report. The report reveals that 77% of financial apps have at least one serious vulnerability that could lead to a data breach.

This report comes at a time where finance mobile app usage has rapidly accelerated, with the number of user sessions in finance apps increasing by up to 49% over the first half of 2020. Over the same period, cyberattacks against financial institutions rose by 118%, according to VMware.

The study’s overall findings suggest that while the COVID-19 pandemic accelerated the world’s shift to digital financial channels and innovative technologies like mobile contactless payments, mobile financial application security is not keeping up.

Cryptographic issues pose one of the most pervasive and serious threats, with 88% of analyzed apps failing one or more cryptographic tests. This means the encryption used in these financial apps can be easily broken by cybercriminals, potentially exposing confidential payment and customer data and putting the application code at risk for analysis and tampering.

Other main findings include:

  • One or more security flaws were found in every app tested
  • 84% of Android apps and 70% of iOS apps have at least one critical or high severity vulnerability
  • 81% of finance apps leak data
  • 49% of payment apps are vulnerable to encryption key extraction
  • Banking apps contain more vulnerabilities than any other type of finance app
  • Nearly three-quarters of high severity threats could have been mitigated using application protection technologies such as code obfuscation, tampering detection, and white-box cryptography

The report analyzed over 150 mobile finance applications split evenly between iOS and Android and delivers insights from four major financial sectors: payments, banking, investment/trading, and lending. The apps investigated originated in the U.S., UK, EU, Southeast Asia, and India. They were analyzed using an array of static application security testing (SAST) and dynamic…

Source…

Intertrust Releases 2021 Report on Mobile Finance App Security


SAN FRANCISCO–(BUSINESS WIRE)–Intertrust, the pioneer in digital rights management (DRM) technology and leading provider of application security solutions, today released its 2021 State of Mobile Finance App Security Report. The report reveals that 77% of financial apps have at least one serious vulnerability that could lead to a data breach.

This report comes at a time where finance mobile app usage has rapidly accelerated, with the number of user sessions in finance apps increasing by up to 49% over the first half of 2020. Over the same period, cyberattacks against financial institutions rose by 118%, according to VMware.

The study’s overall findings suggest that while the COVID-19 pandemic accelerated the world’s shift to digital financial channels and innovative technologies like mobile contactless payments, mobile financial application security is not keeping up.

Cryptographic issues pose one of the most pervasive and serious threats, with 88% of analyzed apps failing one or more cryptographic tests. This means the encryption used in these financial apps can be easily broken by cybercriminals, potentially exposing confidential payment and customer data and putting the application code at risk for analysis and tampering.

Other main findings include:

  • One or more security flaws were found in every app tested
  • 84% of Android apps and 70% of iOS apps have at least one critical or high severity vulnerability
  • 81% of finance apps leak data
  • 49% of payment apps are vulnerable to encryption key extraction
  • Banking apps contain more vulnerabilities than any other type of finance app
  • Nearly three-quarters of high severity threats could have been mitigated using application protection technologies such as code obfuscation, tampering detection, and white-box cryptography

The report analyzed over 150 mobile finance applications split evenly between iOS and Android and delivers insights from four major financial sectors: payments, banking, investment/trading, and lending. The apps investigated originated in the U.S., UK, EU, Southeast Asia, and India. They were analyzed using an array of static application security testing (SAST) and dynamic application…

Source…

Nokia Mobile releases May Security update for Nokia 6.1 Plus & 5.1 Plus. Size, markets, changelog


Nokia Mobile has now released the May security update 2021 for Nokia 6.1 Plus and Nokia 5.1 Plus. Check below for the May Security update size, list of markets and the update changelog for Nokia 6.1 Plus and Nokia 5.1 Plus.

For all software update news related to other Nokia smartphones click here. If you want to track May security update roll-out to Nokia smartphones you can do it here.

On the basis of tips received from our readers, we will collate a list of markets for the Nokia 6.1 Plus and Nokia 5.1 Plus for which May security update is now available. So, do let us know if you have received the update in the comments section. You can also try the VPN trick for getting the update and see if it works.

List of markets:

  • Nokia 6.1 Plus and Nokia 5.1 Plus in India

Nokia 6.1 Plus May security update size:

The update size for Nokia 6.1 Plus is 20.62 MB. You will either be prompted to download this update or you can check by going to Settings and searching system updates and then by checking for the update.

 Nokia 5.1 Plus May security update size:

The update size for Nokia 5.1 Plus is 24.46 MB. You will either be prompted to download this update or you can check by going to Settings and searching system updates and then by checking for the update.

Nokia 6.1 Plus & 5.1 Plus May security update changelog:

Nokia 6.1 Plus and Nokia 5.1 Plus are receiving only the May Android security patch with the update. Here is what the May security update addresses as mentioned by Google on its official Security bulletin page.

The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.

Nokia smartphone users are much more interested in release of Android 11 update to their smartphone. The OS update has been released to many Nokia smartphones recently. You can track Android 11 update roll-out to Nokia…

Source…