Quokka.io

I'm excited to be speaking for one of the most technical and globally respected cybersecurity events, Black Hat Middle East and Africa 2024. I will be sharing my experience and insights from the cyber space to over 40,000 cybersecurity experts and 450+ world-class exhibitors. 📅 Save the dates: 26-28 November 2024 📍 Riyadh Exhibition & Convention Center, Malham, Saudi Arabia Don’t miss your chance to be part of it. Register now to secure your spot: https://lnkd.in/e9PgeKYR #BlackHatMEA #BlackHat_At_Malham

85% of leaders in the financial segment agree that using mobile-based services are essential for staying innovative and relevant to consumers. However, as the use of mobile banking apps continues to grow, so do the cyberthreats. Strong security measures are crucial to protect user data and prevent fraud. Read our blog post to learn about best practices for securing mobile banking apps. Link in the comments. #mobilebanking #cybersecurity #bankingapp

🎉 Congratulations to the NVTC Cyber50 Company Honorees! Adlumin | ArmorText | Caveonix | Corsha | Cynalytica | Gunnison Consulting Group, Inc. | GuidePoint Security | Intelligent Waves | Mastercard | Quokka.io | RegScale | Shift5 | ShorePoint Inc | Telos Corporation | Tenable | Two Six Technologies | Valiant Solutions, LLC | Walacor Corporation #NVTC #WhereTechThrives #NVTCCyber2024

🎉 Congratulations to the NVTC Cyber50 Rising Stars! Melissa Andrews | Robert Carloff | Chris Christianson | Ian Y. Garrett | Chris Gogoel | Cory Jackson | Ali Jafari | Gayatri Joshi | Brian McCord | Jordan Sembower | Ronak Shah | Jeremy Snyder | Min Xu Ph.D, CISSP #NVTC #WhereTechThrives #NVTCCyber2024

As we close out Cybersecurity Awareness Month and with Halloween just around the corner, let’s shine a light on those lurking threats that can haunt your mobile infrastructure if left unaddressed. Check out our most recent blog post to understand why securing the entire mobile ecosystem—from developing secure apps to protecting your workforce—is more critical than ever. Link in the comments. #CybersecurityAwarenessMonth #mobileappsecurity

Loren Smith thanks to you and the Federal Mobility Group Vincent Sritapan, Lilian Herrera, Gema Howell, and Suro Sen for the opportunity to brief on these threats. Continued awareness of both basic and advanced threats in mobile can help government and private citizens defend themselves and be safer when working on their mobile devices or even browsing the App Store for their personal lives. If you’re seeing this post and interested in seeing the briefing or content shared please reach out to me or my Quokka.io colleagues!

Just wrapped up an insightful webinar with Quokka.io on Emerging Mobile Threats: Unknown Malware & Colluding Apps! In this session, we dove into two pressing mobile threats: unknown malicious apps and colluding applications. With new malware increasingly able to bypass traditional signature-based detection (used by many top mobile security tools), both public and private sectors are facing greater risks. We explored how these applications use unmonitored app-to-app communication channels, which remain undetectable by on-device security tools and even the core OS, creating potential avenues for data exposure. Thank you to everyone who made this session impactful: Chris Gogoel, Ilya Dreytser, Lilian Herrera, Vincent Sritapan, Gema Howell, Loren Smith, Suro Sen #QuokkaIo #FederalMobilityGroup #MobileSecurity #Cybersecurity #Innovation #PublicSector

Does anyone have mobile applications with Ads? If so, you should take a look at this. Mobile application security and privacy are important to ensuring the protection of the enterprise and the employee. Here's a great article by KrebsonSecurity that will scare you and is definitely worth your time reading. https://lnkd.in/e3YE4t85 #MobileSecurity

Sloppy mobile apps are making the news for introducing security risks in their code. What’s a “sloppy app”? Just this month, we wrote about the risks that arise from mobile app code that doesn't follow security protocols and creates vulnerabilities that attackers can exploit. This week Elizabeth Montalbano reported in Dark Reading that researchers at Symantec found  several popular Android and iOS apps containing cloud services credentials, such as Azure Blob Storage, AWS, and Twilio, in *plain text* in their code. Quokka’s app intelligence solutions found those and additional coding issues such as hard-coded initialization vectors used in encryption, vulnerabilities to SQL injection attacks, and Webviews that allow access to local files In the wrong hands, these security risks created by sloppy coding can be exploited to exfiltrate sensitive data, putting enterprise and customer data at risk. For example, our automated analysis found that the app for tinnitus relief mentioned in the research, not only contains hard-coded cloud storage credentials for managing various assets and sound files, but also several other high risk issues. This could lead to unauthorized access and data breaches. And if this app is on mobile devices used for work, the exploit could compromise enterprise information. Given the rise of such apps in the app stores, we recommend enterprises use a proactive app vetting solution to ensure apps used in their workforce don't have such vulnerabilities. For more about sloppy apps and how Quokka’s Contextual Mobile Security Intelligence solutions can help you protect your organization, read more at the link in comments. https://lnkd.in/eiV-KHxH

🚨 **Chatty Apps: A New Risk for Enterprises 🚨 In today’s world, mobile apps now surpass traditional endpoints—meaning the risks they introduce are multiplying just as fast. One emerging threat that should be on every enterprise’s radar? Chatty apps📲—those sneaky mobile apps that can interact with SMS and MMS services without user authorization. 💬 What’s the risk? These apps can send messages, make calls, or even subscribe users to paid services—all without permission. What starts as a minor annoyance can lead to major privacy breaches, financial exploitation, and malware infiltration. ❓ Why should organizations care? Chatty apps can violate data privacy, spread malware, and trick users into phishing schemes. For organizations managing sensitive data, the risks can escalate quickly. 🔍 What can you do? The key lies in mobile security intelligence—having the insights and tools to detect and mitigate the risks posed by chatty apps before they compromise your devices and data. By integrating mobile security intelligence into your SOC, you can stay ahead of these threats, ensuring your enterprise remains secure. 📢 Share with your network! Help educate others on the risks of chatty apps and how to protect against them. Together, we can build a more secure mobile ecosystem. https://lnkd.in/gbb47UtB.. #MobileSecurity #CybersecurityAwareness #EnterpriseSecurity #MobileThreats #ChattyApps