Why privacy and integrity matters in a mainframe network

Mainframes are the foundation for many critical systems, from bank databases to municipal systems for local governments. It's estimated that 70% of Fortune 500 companies have mainframes in their infrastructure. This hardware holds a lot of sensitive data, which puts it in a vulnerable position. Privacy and data integrity must be maintained for the mainframe systems to ensure that this information isn't accessed without authorisation, altered, or stolen.

By Christopher Nichols, 06 January 2020, 0 comments. Categories: Ecosystem, Enterprise, Security.

App developers may be forced to disclose any foreign involvement

The US government is considering forcing app developers to disclose any foreign involvement after a string of concerns about how users' data is being collected.

One notable example is video sharing app TikTok. The app is developed by Beijing-based ByteDance and concerns have been raised about how much user data is being sent back to China.

Similar concerns have also been raised about viral hit FaceApp which many people have used to make their face appear old, young, or a different gender. FaceApp is...

By Ryan Daws, 16 December 2019, 1 comment. Categories: Android, Apple, App Stores, Ethics, Industry, iOS, Mobile, Platforms, Security.

Utopia looks to create a 'self-regulating society' with P2P ecosystem and mineable cryptocurrency

The vitality of the Internet is such that any reference to Maslow’s hierarchy of needs, first published in 1943, today usually comes with a half-joking reference to Wi-Fi. Indeed, you would not be reading this piece now without it. Yet one particularly promising area for distributed ledger technologies (DLT) is around user and data privacy for Internet usage.

Meet Utopia. The product, which launches today from anonymous group of networking enthusiasts who call themselves The 1984 Group,...

By Developer, 12 December 2019, 1 comment. Categories: Development Tools, Ecosystem, Industry, Marketing, Platforms, Security.

StrongSalt’s new Open Privacy API offers ‘encryption as a service’

Encryption as a service provider StrongSalt has released its Open Privacy API to improve the security of developers’ applications.

StrongSalt was founded by Ed Yu, the former founding engineer of cybersecurity giant FireEye. Back in September, StrongSalt raised $3 million in seed funding from Valley Capital Partners.

Claiming it wants to “do for encryption what Stripe has done for payments and Twilio has done for communications,” StrongSalt offers APIs and SDKs for most of the leading cloud...

By Ryan Daws, 10 December 2019, 0 comments. Categories: API, Cloud, Hacking, Industry, Platforms, Security.

Sophos launches a security analysis platform for developers

British cybersecurity firm Sophos has launched a new threat intelligence and analysis platform for developers.

SophosLabs Intelix helps developers to build more secure applications through simple API calls. Developers can use an API call to assess the risk of things like files, IP addresses, URLs, and more.

Sophos claims the platform is continuously updated and features petabytes of...

By Ryan Daws, 06 December 2019, 0 comments. Categories: API, Hacking, Industry, Platforms, Security.

Apple removes 18 iOS apps for fraudulent advertising activity

Apple has removed 18 iOS apps after determining they were being used to earn money for cybercriminals by conducting ad fraud.

The apps were found to be secretly clicking adverts to earn the attacker cash. While such conduct is not intrusive and may not even be noticeable by the user, it can slow down the device, use more data, and/or drain the battery faster.

Security researchers at Wandera discovered 17 of the infected apps which spanned a wide range of categories including productivity, utilities, and...

By Ryan Daws, 04 November 2019, 0 comments. Categories: Advertising, Apple, App Stores, iOS, Mobile, Monetisation, Platforms, Security.

Apple’s September event developer updates: iOS 13, watchOS 6, Apple Arcade, and more

The Apple September event may not be as important for developers as the WWDC back in June, but there is still plenty for folks to be getting on with, from updates to OS app development, gaming, and more.

First of all, developers are now invited to submit updated applications for iOS 13, arriving this time next week. A post on...

By James Bourne, 13 September 2019, 0 comments. Categories: Gaming, iOS, Security.

Google will pay hackers to discover bugs in apps with over 100m installs

Google has announced changes to its bounty program in a bid to tackle vulnerabilities found in popular Android apps.

Just this week, CamScanner, an app with over 100 million installs, was removed from the Play Store after it was caught spreading malware.

Discovered by Kaspersky researchers, CamScanner's recent versions shipped with the malicious Trojan Dropper module which extracted and ran another malicious module from an encrypted file that is...

By Ryan Daws, 30 August 2019, 0 comments. Categories: Android, Industry, Mobile, Platforms, Security.

DRM system Denuvo is coming to Android as ‘Mobile Game Protection’

Controversial DRM technology provider Denuvo is coming to Android as the aptly-named  ‘Mobile Game Protection’.

Denuvo’s parent company, Irdeto, made the announcement today promising to help counter the scourge of hacked games.

Beyond piracy reducing the revenue available for a game’s developers, cracked games can pose a security risk to users. The in-game experience for users can also be affected, with hacks potentially providing ways to gain an unfair advantage over legitimate...

By Ryan Daws, 21 August 2019, 0 comments. Categories: Android, Gaming, Industry, Mobile, Security.

Google Play Protect fails AV-Comparatives' anti-malware test

Google’s built-in malware protection for Android has failed a test conducted by security researchers at AV-Comparatives.

AV-Comparatives is an independent lab which tests anti-malware solutions against known malicious applications.

For its Android test, AV-Comparatives pitted security products from ten popular vendors against a test set of 3,601 malicious apps. 

A built-in security solution is somewhat expected to not perform as well as dedicated products, but Google Play Protect fell way behind...

By Ryan Daws, 30 July 2019, 0 comments. Categories: Android, Mobile, Platforms, Security.

Google will closely vet first-time Android developers for security

Google has announced plans to closely vet Android developers without a track record in a bid to boost platform security.

Android security has vastly improved since its early days but that hasn’t prevented some rogue developers from abusing Google’s platform.

Sameer Samat, VP of Android Product Management, wrote in a blog post:

“From the outset, we’ve sought to craft Android as a completely open...

By Ryan Daws, 16 April 2019, 2 comments. Categories: Android, App Stores, Industry, Mobile, Platforms, Security.

PWNED: Researcher uses broken API to print message on GPS watches

A German security researcher printed the word “PWNED!” on hundreds of GPS watches to prove a point about a broken API.

Christopher Bleckmann-Dreher discovered a vulnerability in an API used by Austrian GPS watch manufacturer Vidimensio.

The firm’s watches are used by a wide range of the population from the elderly down to children, and it affected over 20 models.

Dreher alerted Vidimensio to the problem but it was ignored for over a year. Given the potential for much greater risk in the...

By Ryan Daws, 03 April 2019, 0 comments. Categories: API, Hacking, Security.

Report: Open source breaches have increased by 71 percent

A report from Sonatype highlights that open source breaches have increased by a whopping 71 percent along with several other security findings.

This report is the largest DevOps survey conducted by Sonatype with 5,558 people sharing their views. Participants were from most of the major sectors but primarily in the technology and banking/financial industries.

Respondents’ primary reason for implementing security across the development lifecycle is for risk management (34.77%) purposes, followed by...

By Ryan Daws, 04 March 2019, 0 comments. Categories: Hacking, Industry, Security.

Apple revokes Facebook’s enterprise developer certificate

Apple has put Facebook on the naughty step and revoked its enterprise developer certificate following a data-snooping app scandal.

For those who expected Facebook’s apparent disregard for data privacy to have culminated with the Cambridge Analytica scandal of 2018, you may want to think again.

News broke yesterday that Facebook paid users as young as 13 to install a ‘research’ app that collects data of phone and web...

By Ryan Daws, 31 January 2019, 0 comments. Categories: Apple, Ethics, Facebook, Industry, Mobile, Platforms, Security.

Microsoft goes password-less through FIDO2 certification

Microsoft has enabled functionality for sign-on using either a FIDO2 device or biometric tool Windows Hello – thus potentially paving the way to kill off the password.

The move will mean users can more seamlessly sign in to a variety of applications, from Outlook, Skype and Office, to OneDrive, Cortana and Xbox Live.

Writing in a blog post confirming the move, Alex Simons,...

By Developer, 21 November 2018, 0 comments. Categories: Microsoft, Security.

Fortnite developer and Google have an Epic spat over vulnerability​​​​​​​

Fortnite developer Epic is not too pleased with the way in which Google publicly disclosed a security vulnerability with the game’s Android installer.

Rather than pay the 30 percent cut which Google takes from distributing games through its Play Store, Epic decided to bypass the official app store in favour of its own installer.

Sideloading games poses an increased risk to consumers as it bypasses many of...

By Ryan Daws, 28 August 2018, 0 comments. Categories: Android, Gaming, Hacking, Industry, Platforms, Security.

Google's new API improves biometric authentication in Android P

Google has announced a biometric authentication API which enables developers to improve the security of their apps.

Biometrics has become a favoured and quick security method for users. While there are certainly more secure methods of authentication, few are so fast and unintrusive.

Vishwath Mohan, Security Engineer at Google, wrote in a blog post:

“Biometric authentication mechanisms are becoming increasingly popular, and it's...

By Ryan Daws, 22 June 2018, 0 comments. Categories: Android, API, Hacking, Platforms, Security.

Microsoft and Google say they have found a fourth Meltdown-Spectre variant

Bad news, everyone. If you thought we were out of the woods when it comes to the Meltdown / Spectre CPU security flaws, then think again. Researchers from Microsoft and Google have identified a previously unknown fourth variant of the processor design issues that made front page news when they were discovered last year.

Like its predecessors, variant 4 (or CVE-2018-3639, to give its full name) describes a processor design issue that could allow malicious software to discover hidden information, such as a...

By William Judd, 22 May 2018, 0 comments. Categories: Hacking, Security.