ICSA Labs Security Testing Blog

ICSA Labs Highlights Key Security Trends Affecting Enterprises and Consumers in 2015

Security and privacy challenges are top of mind for everyone, as the Internet of Things and mobile device (and associated application) adoption continues to permeate every major industry. I sat down with our security experts at ICSA Labs to learn more about what major security technology trends they see impacting businesses and their customers in 2015. Here’s what they had to say:

Q&A: George Japak of ICSA Labs Offers Advice around NCSA Month

This month marks the 11th anniversary of National Cyber Security Awareness Month (NCSAM) where raising awareness about cybersecurity is a top priority for both the public and private sector.

Testing Built-In Mobile Device Security Functions

Mobile device manufacturers build an array of security features into smartphones and tablets. I suspect that the majority of us take for granted that these protections function and we assume that they will work properly when needed (e.g., remote wipe). But will they?

For several years, ICSA Labs has performed mobile device security testing on behalf of several mobile device manufacturers and mobile network carriers. Mobile devices are tested before they are available to users.

Will the Promise of Hybrid Mobile Apps Outweigh New Security Concerns?

The promise and benefit of hybrid mobile apps is that they can operate on many devices from Apple to Blackberry, from Microsoft to Samsung and everything in between. Typically written in HTML5 and JavaScript, hybrid mobile apps include a native container to facilitate access to the device’s native features. Gartner forecasts that hybrid mobile apps will account for half of all mobile apps by 2016.

But are they safe?

ICSA Labs new certification option - Malicious URL testing module

When ICSA Labs first started testing and certifying Anti-Virus products more than 20 years ago, there were only “hundreds” of malware samples circulating monthly in the world. Since then, the malware landscape has changed dramatically and today there are over 100,000 new samples appearing every day.

The XP-ocalypse Has Started

Over the weekend, Microsoft announced that there was a new zero-day vulnerability, affecting all versions of the Internet Explorer Web browser. It’s not widespread yet, and is just now being used in targeted attacks, but we may be confident that the developers of exploit kits are sharpening their pencils as we speak, and therefore, it won’t be too long before the exploit is in widespread use.

Heartbleed Potentially Effects All Security Products, Not Just Websites

Unless you have been off the grid for the last few days you have undoubtedly heard about the OpenSSL vulnerability known as the Heartbleed (http://heartbleed.com) bug.  Heartbleed is a vulnerability that allows "anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software."

Coffee for Smartphone Users. Is It Enough to Awaken Us?

It’s been reported in the news that the Starbuck’s payment app saves usernames, passwords and location data in plain text right on consumer’s smartphones. Any devious person with a little know-how can get access to this information and use it to get one caffeine fix after another ad infinitum.

Of course this is not good news. But it is more than that.  This should be a wake-up call – not just for those of us who like to pay for coffee with our smartphones.

Cryptolocker

One of my friends recently received an alert from her sheriff’s office, warning her about something called Cryptolocker. The language in the alert was quite alarming, and she wanted my opinion.

I told her that Cryptolocker was indeed real and is the criminal’s monetization scheme-du-jour. While it is a real pain if you got nailed by it, basic security practices would keep you perfectly safe.