Latest news with #Jamf
Associated Press
2 days ago
- Business
- Associated Press
Jamf unveils 2025 Security 360 Report: A strategic look at Mac and mobile security risks
Report identifies phishing, infostealers, and OS vulnerabilities as top concerns for organizations HONG KONG SAR - Media OutReach Newswire - 19 June 2025 -Jamf (NASDAQ: JAMF), the standard in managing and securing Apple at work, today released its Security 360 Report, separated into analyses for mobile and macOS environments. The report spotlights the risks organizations are facing and offers insights for security leaders to consider when protecting their organizations at the user, device, application and network levels. 'Our goal with this research is to inform security leaders about the risks impacting their organizations – whether those risks impact Mac or mobile – and provide tangible recommendations for safeguarding their organizations against increasingly sophisticated attacks,' said Josh Stein, VP of Product Strategy at Jamf. 'Age-old threats like phishing remain extremely prevalent and cannot be can threats skyrocketing in popularity like infostealers. Jamf remains deeply committed to continuous threat research to not only protect our customers but also contribute valuable insights to the broader security community.' Threat trends facing mobile environments For many employees, mobile devices are the sole devices used at work. Regardless of occupation, the modern workplace is about empowering employees to connect from anywhere, at any time and on any device. This requires raising awareness about the most pervasive threats facing mobile devices and taking tangible steps to keep bad actors at bay. Jamf's mobile device threat analysis is structured into four categories found to be the highest priorities for organizations worldwide. Mobile phishing With mobile devices keeping us connected everywhere, attackers' reach continues to expand. Over 12 months, Jamf identified approximately 10 million phishing attacks, discovered that 25% of organizations were impacted by a social engineering attack, and 1 in 10 users clicked on a malicious phishing link. Training programs can be extremely valuable in mitigating phishing attacks, as can adopting a layered approach with zero-trust methodology. Vulnerability management Jamf discovered that 32% of organizations operate at least one device with critical vulnerabilities and 55.1% of mobile devices used at work are running on a vulnerable operating system (OS). Both Apple and Google routinely provide security updates to patch known vulnerabilities, and the best way to mitigate damage is to update devices accordingly. Application risk and malware Earlier this year, Jamf published research on a Transparency, Consent and Control (TCC) bypass vulnerability affecting iOS devices and published a demonstration of how a 'sideloaded' app (an app from a third-party app store) can infringe on users' privacy. The harsh reality is that using the latest OS is still not enough to protect your organization – good security practices must extend to the application layer as well. Malware and spyware High-profile users such as journalists, politicians and diplomats are often targeted by mercenary spyware attacks. Just last year, Apple sent notices of spyware compromise to users in approximately 100 countries. While malware is not as pervasive on mobile devices, when discovered, it is found to be extremely advanced and targeted. Organizations must treat mobile like every other endpoint and avoid getting complacent about the threat of mobile malware. Threat trends facing macOS environments What began as a machine for executives and creatives is becoming increasingly ingrained into the daily operations of enterprises across all industries worldwide. The threat landscape for Mac is more diverse than ever, and bad actors are only getting more creative with their attack methodologies. Jamf's Mac threat report analyzes the threat landscape affecting Macs and organizes the findings into three main categories: Application risk and malware Jamf discovered that infostealers accounted for 28.36% of all Mac malware Jamf examined, skyrocketing from accounting for just 0.25% in last year's report. Jamf's research is aligned with these findings. Employees of organizations in high-profile industries (like crypto), must remain vigilant from both a training and security tool standpoint. Vulnerability management Jamf Threat Labs has dispelled the myth that Mac is invincible multiple times, including just last year when the team discovered a vulnerability inGatekeeper, a crucial component blocking apps downloaded from the internet that don't have a valid developer ID. Having the right controls and training is crucial for mitigating risks caused by vulnerabilities on macOS. Social engineering With Macs becoming more common at work, the attack surface continues to expand. Phishing is typically thought of as email-specific, which is far from the truth. In fact, Jamf Threat Labs published research discussing a campaign from the Democratic People's Republic of Korea (DPRK) that uses LinkedIn messaging as an initial lure. Training employees in the various forms of phishing that can impact the Mac environment is critical for avoiding fallout. Methodology Jamf examined 1.4 million devices protected by Jamf. The analysis was carried out in the first quarter of 2025, revisiting the prior 12-month period and spanning globally across 90 countries and multiple platforms – specifically, iOS and iPadOS and Android devices for mobile as well as Macs. The analysis in this report is informed by Jamf's Threat Intelligence, a broad collection of insights that are derived from original threat research, real-world usage metrics, along with news analysis and data feeds. Hashtag: #Jamf The issuer is solely responsible for the content of this announcement. About Jamf Jamf's purpose is to simplify work by helping organizations manage and secure an Apple experience that end users love and organizations trust. Jamf is the only company in the world that provides a complete management and security solution for an Apple-first environment that is enterprise secure, consumer simple and protects personal privacy. To learn more, visit
The Sun
2 days ago
- Business
- The Sun
Jamf unveils 2025 Security 360 Report: A strategic look at Mac and mobile security risks
HONG KONG SAR - Media OutReach Newswire - 19 June 2025 - Jamf (NASDAQ: JAMF), the standard in managing and securing Apple at work, today released its Security 360 Report, separated into analyses for mobile and macOS environments. The report spotlights the risks organizations are facing and offers insights for security leaders to consider when protecting their organizations at the user, device, application and network levels. 'Our goal with this research is to inform security leaders about the risks impacting their organizations – whether those risks impact Mac or mobile – and provide tangible recommendations for safeguarding their organizations against increasingly sophisticated attacks,' said Josh Stein, VP of Product Strategy at Jamf. 'Age-old threats like phishing remain extremely prevalent and cannot be can threats skyrocketing in popularity like infostealers. Jamf remains deeply committed to continuous threat research to not only protect our customers but also contribute valuable insights to the broader security community.' Threat trends facing mobile environments For many employees, mobile devices are the sole devices used at work. Regardless of occupation, the modern workplace is about empowering employees to connect from anywhere, at any time and on any device. This requires raising awareness about the most pervasive threats facing mobile devices and taking tangible steps to keep bad actors at bay. Jamf's mobile device threat analysis is structured into four categories found to be the highest priorities for organizations worldwide. Mobile phishing With mobile devices keeping us connected everywhere, attackers' reach continues to expand. Over 12 months, Jamf identified approximately 10 million phishing attacks, discovered that 25% of organizations were impacted by a social engineering attack, and 1 in 10 users clicked on a malicious phishing link. Training programs can be extremely valuable in mitigating phishing attacks, as can adopting a layered approach with zero-trust methodology. Vulnerability management Jamf discovered that 32% of organizations operate at least one device with critical vulnerabilities and 55.1% of mobile devices used at work are running on a vulnerable operating system (OS). Both Apple and Google routinely provide security updates to patch known vulnerabilities, and the best way to mitigate damage is to update devices accordingly. Application risk and malware Earlier this year, Jamf published research on a Transparency, Consent and Control (TCC) bypass vulnerability affecting iOS devices and published a demonstration of how a 'sideloaded' app (an app from a third-party app store) can infringe on users' privacy. The harsh reality is that using the latest OS is still not enough to protect your organization – good security practices must extend to the application layer as well. Malware and spyware High-profile users such as journalists, politicians and diplomats are often targeted by mercenary spyware attacks. Just last year, Apple sent notices of spyware compromise to users in approximately 100 countries. While malware is not as pervasive on mobile devices, when discovered, it is found to be extremely advanced and targeted. Organizations must treat mobile like every other endpoint and avoid getting complacent about the threat of mobile malware. Threat trends facing macOS environments What began as a machine for executives and creatives is becoming increasingly ingrained into the daily operations of enterprises across all industries worldwide. The threat landscape for Mac is more diverse than ever, and bad actors are only getting more creative with their attack methodologies. Jamf's Mac threat report analyzes the threat landscape affecting Macs and organizes the findings into three main categories: Application risk and malware Jamf discovered that infostealers accounted for 28.36% of all Mac malware Jamf examined, skyrocketing from accounting for just 0.25% in last year's report. Jamf's research is aligned with these findings. Employees of organizations in high-profile industries (like crypto), must remain vigilant from both a training and security tool standpoint. Vulnerability management Jamf Threat Labs has dispelled the myth that Mac is invincible multiple times, including just last year when the team discovered a vulnerability in Gatekeeper, a crucial component blocking apps downloaded from the internet that don't have a valid developer ID. Having the right controls and training is crucial for mitigating risks caused by vulnerabilities on macOS. Social engineering With Macs becoming more common at work, the attack surface continues to expand. Phishing is typically thought of as email-specific, which is far from the truth. In fact, Jamf Threat Labs published research discussing a campaign from the Democratic People's Republic of Korea (DPRK) that uses LinkedIn messaging as an initial lure. Training employees in the various forms of phishing that can impact the Mac environment is critical for avoiding fallout. Methodology Jamf examined 1.4 million devices protected by Jamf. The analysis was carried out in the first quarter of 2025, revisiting the prior 12-month period and spanning globally across 90 countries and multiple platforms – specifically, iOS and iPadOS and Android devices for mobile as well as Macs. The analysis in this report is informed by Jamf's Threat Intelligence, a broad collection of insights that are derived from original threat research, real-world usage metrics, along with news analysis and data feeds.
Techday NZ
3 days ago
- Techday NZ
Jamf report finds phishing & infostealers surge on Apple devices
Jamf has released its Security 360 Report, highlighting significant security trends and risks for mobile and Mac devices within organisational environments worldwide. The report, which examines both mobile and macOS platforms, identifies phishing, infostealers, and operating system vulnerabilities as major concerns and areas where enterprises need to focus their cybersecurity efforts. According to Josh Stein, Vice President of Product Strategy at Jamf, the aim of the research is to help security professionals understand and manage the challenges posed by both longstanding and emerging threats. "Our goal with this research is to inform security leaders about the risks impacting their organizations – whether those risks impact Mac or mobile – and provide tangible recommendations for safeguarding their organizations against increasingly sophisticated attacks," said Josh Stein, VP of Product Strategy at Jamf. "Age-old threats like phishing remain extremely prevalent and cannot be overlooked…nor can threats skyrocketing in popularity like infostealers. Jamf remains deeply committed to continuous threat research to not only protect our customers but also contribute valuable insights to the broader security community." Mobile threats The report notes that mobile devices are frequently the sole tools used by employees to access work resources, emphasising the need for robust defences across a variety of threat vectors. Jamf segmented its analysis of mobile device threats into four key areas: phishing, vulnerability management, application risk and malware, and spyware. Phishing attacks remain especially prevalent, with Jamf identifying approximately 10 million such attacks in the past year. The company reported that 25% of organisations experienced a social engineering incident and that one in ten users clicked on a malicious phishing link. The report suggests security training programmes and the adoption of layered, zero-trust security models can help mitigate these risks. In terms of vulnerability management, Jamf found that 32% of organisations had at least one device with critical vulnerabilities, and that 55.1% of mobile devices in use within workplaces were running on a vulnerable operating system. The company highlighted the importance of timely updates to patch known vulnerabilities, as provided by both Apple and Google. The research further discussed application risk, referencing Jamf's previous identification of a Transparency, Consent and Control (TCC) bypass flaw on iOS. The company demonstrated how side-loaded apps can compromise user privacy and emphasised the need for security controls that extend beyond just keeping operating systems up to date. Spyware and advanced malware were identified as threats that, though less frequent than on some platforms, are extremely sophisticated when they do emerge. High-profile individuals, including journalists, politicians, and diplomats, are at particular risk, with Apple sending compromise notifications to users in around 100 countries last year. The report recommends treating mobile devices with the same level of security as other endpoints in the enterprise environment. Threats to macOS Mac devices, which were once principally used by executives and creatives, have become common fixtures in enterprises across a range of sectors. According to the report, this proliferation has broadened the attack surface and increased the diversity of threats targeting the platform. Jamf outlined three principal areas of concern for macOS: application risk and malware, vulnerability management, and social engineering. Infostealers have become the dominant form of malware on Macs, accounting for 28.36% of all Mac malware analysed by Jamf, compared to just 0.25% in the previous year's findings. The report singles out employees in industries such as cryptocurrency as needing to be particularly alert, advocating for both ongoing training and adequate technological defences. The report also addresses myths about macOS security, noting that vulnerabilities persist despite perceptions of invulnerability. Jamf highlighted a recently discovered flaw in Gatekeeper, a mechanism intended to stop unverified apps from being run. The report notes the requirement for both effective technical controls and regular employee training to counter risks posed by software vulnerabilities. Social engineering threats, including phishing, exploit the widespread adoption of Macs in the workplace. Jamf cited campaigns that use professional social media platforms such as LinkedIn as initial attack vectors, rather than the email channels typically associated with phishing. The company recommends comprehensive employee training on all forms of phishing relevant to Mac users. Methodology The findings in the Security 360 Report are based on the analysis of 1.4 million devices protected by Jamf, conducted in the first quarter of 2025. The scope of analysis covered the previous year, included users in 90 countries, and spanned multiple mobile and desktop platforms, including iOS, iPadOS, Android, and macOS devices. The report draws on Jamf's proprietary Threat Intelligence, incorporating data from original research, device usage metrics, and analysis of news and external data feeds.
Daily Mirror
13-06-2025
- Daily Mirror
Everyone with an Android phone put on red alert - check for update 'immediately'
Android phone owners must make sure their devices are fully up to date. If your chosen phone is powered by Android then you'd be wise to head to your settings and check for the latest update without delay. It's been confirmed that a new patch has been released and, although it's as not critical as last months upgrade, users are being urged to install it without delay. 'Although the latest Android security bulletin does not list any vulnerabilities currently known to be under exploitation, we still strongly recommend that Android users update their devices immediately,' said Adam Boynton, Senior Security Strategy Manager EMEIA at security firm Jamf. 'The majority of the fixes are within the Android framework, which provides the foundation for building Android applications and is therefore an attractive target for cybercriminals. Exploiting the most severe vulnerability could allow an attacker to gain elevated access and administrative rights.' The most urgent upgrades from Google are ones that have been given the dreaded "zero day" rating. These flaws mean cyber crooks are aware of the glitch and are actively exploring it. Luckily that's not the case this month but Android users should still be on high alert and make sure their phones are fully updated. That's because anyone running older Android software versions is technically open to attack. There are four vulnerabilities located within the Android system component, caused by improper input validation,' Jamf's Boynton said. 'CVE-2025-26453, CVE-2025-26445, and CVE-2025-26441 could allow a local application to gain access to sensitive information, while exploitation of CVE-2025-26443 could allow a local application to execute arbitrary code. 'The release provides a window of opportunity to get ahead of cybercriminals; it appears that none of the vulnerabilities addressed in the June security bulletin have yet to be exploited in the wild, making this the perfect time to patch all supported devices.' Pixel phones will almost certainly get this latest patch first with the manufactures such as Samsung, OnePlus, Sony, Xiaomi, Honor then following after. Android firms are getting better at supporting phones for longer, too. Samsung, Google and Honor all offer seven years of updates for many of their latest phones, though other companies are lagging behind. If you have quite an old Android phone, it may have stopped receiving free security updates - a reason for you to consider upgrading to a newer supported handset.
Techday NZ
09-06-2025
- Business
- Techday NZ
Jamf unveils AI-powered tools for Apple device security
Jamf has introduced new artificial intelligence-driven management and security features for Apple devices used in the workplace, expanding its platform with updates focused on automation, compliance, and identity management. These advancements are designed to help organisations deploy, manage, and secure Apple devices at scale, with Jamf highlighting the platform's use of artificial intelligence to enhance IT administrators' productivity and decision-making capabilities. Jamf's new AI Assistant comes with two newly launched features—search skill and explain skill—which are now available in beta. The search skill enables IT administrators to perform natural language inventory queries, allowing for swift identification of devices based on specific criteria. This reduces the reliance on manual filtering, helping IT teams speed up tasks such as troubleshooting, compliance auditing, and managing device fleets. The explain skill is aimed at demystifying complex aspects of mobile device management. It translates detailed configurations and policies into clear, accessible language, which Jamf says will help administrators make informed decisions, streamline troubleshooting, and manage policies with increased confidence. Support for Apple's evolving Declarative Device Management framework has also been enhanced through the general availability of Jamf Blueprints. This tool consolidates policies, profiles, and restrictions into a single workflow designed to simplify and expedite device configuration. By supporting nine different declaration types, Blueprints seeks to reduce the complexity involved in device setup and streamline management across Apple fleets. As part of this release, Configuration Profiles within Blueprints have entered beta. This framework is designed to deliver all available MDM keys more quickly and efficiently, providing IT teams with greater control and flexibility over their environment. Jamf's Self Service+, its latest end-user portal for macOS, has also received updates. First launched earlier this year, Self Service+ now offers expanded identity management features, including the ability to view account details, change passwords, and initiate workflows such as temporary admin access. All these functions are designed to be fully auditable and compliant with organisational requirements. According to Jamf, these enhancements are designed to streamline onboarding, reduce IT involvement in routine tasks, and foster a more security-aware, self-sufficient workforce. In response to the growing adoption of Macs in enterprise settings, Jamf has introduced new integrated security features. The Compliance Benchmarks feature is now generally available in Jamf Pro, building on the macOS Security Compliance Project. This allows IT teams to automate workflows that ensure endpoint hardening. Jamf reports that hundreds of organisations have already adopted Compliance Benchmarks to help prepare for compliance requirements and reduce security risk. Jamf has added malware detection to its App Installers service, leveraging Jamf Threat Labs to scan every application in the Jamf App Catalogue before deployment. This layer of security is intended to enhance supply chain protections, with the supported app library now including frequently used tools such as iTerm and VLC media player, sourced directly from original software vendors. Vulnerability management has also been expanded with enhanced reporting features designed to identify risky apps across devices, integrating with major SIEM platforms. This provides IT and information security teams with a unified view of software risks, helping to streamline organisational remediation efforts. To improve the experience for both administrators and end users, Jamf has introduced App Switcher in Jamf Account. The tool enables administrators to navigate the platform more easily, aiming to accelerate workflows and further unify the management environment. Looking forward, Jamf's network relay service is scheduled for release soon. This service enables Macs and mobile devices to securely access essential services during onboarding, eliminating the need for traditional VPN or zero-trust network access solutions. According to Jamf, this capability is designed to give IT teams full control over initial network connectivity and facilitate a seamless, secure onboarding process for users.
