Microsoft goes password-less through FIDO2 certification

Microsoft has enabled functionality for sign-on using either a FIDO2 device or biometric tool Windows Hello – thus potentially paving the way to kill off the password.

The move will mean users can more seamlessly sign in to a variety of applications, from Outlook, Skype and Office, to OneDrive, Cortana and Xbox Live.

Writing in a blog post confirming the move, Alex Simons,...

By Developer, 21 November 2018, 0 comments. Categories: Microsoft, Security.

Fortnite developer and Google have an Epic spat over vulnerability​​​​​​​

Fortnite developer Epic is not too pleased with the way in which Google publicly disclosed a security vulnerability with the game’s Android installer.

Rather than pay the 30 percent cut which Google takes from distributing games through its Play Store, Epic decided to bypass the official app store in favour of its own installer.

Sideloading games poses an increased risk to consumers as it bypasses many of...

By Ryan Daws, 28 August 2018, 0 comments. Categories: Android, Gaming, Hacking, Industry, Platforms, Security.

Google's new API improves biometric authentication in Android P

Google has announced a biometric authentication API which enables developers to improve the security of their apps.

Biometrics has become a favoured and quick security method for users. While there are certainly more secure methods of authentication, few are so fast and unintrusive.

Vishwath Mohan, Security Engineer at Google, wrote in a blog post:

“Biometric authentication mechanisms are becoming increasingly popular, and it's...

By Ryan Daws, 22 June 2018, 0 comments. Categories: Android, API, Hacking, Platforms, Security.

Microsoft and Google say they have found a fourth Meltdown-Spectre variant

Bad news, everyone. If you thought we were out of the woods when it comes to the Meltdown / Spectre CPU security flaws, then think again. Researchers from Microsoft and Google have identified a previously unknown fourth variant of the processor design issues that made front page news when they were discovered last year.

Like its predecessors, variant 4 (or CVE-2018-3639, to give its full name) describes a processor design issue that could allow malicious software to discover hidden information, such as a...

By William Judd, 22 May 2018, 0 comments. Categories: Hacking, Security.

Binary scans find vulnerabilities in one in five Android apps

Research conducted by binary-level security and compliance testing company Insignary has found vulnerabilities in one in five Android apps.

Insignary tested 700 of the most popular Android apps on the Google Play Store for the research. Their Clarity system was put to work for the first time analysing APKs for known open source vulnerabilities.

Here are some of the key findings:

  • The binary scans indicate that the Android apps available on Google Play Store by the top software vendors contain versions of open source components with security vulnerabilities. Out of the 700 APK files scanned, 136 contain security vulnerabilities.

  • 57% of the...

By Ryan Daws, 24 April 2018, 0 comments. Categories: Android, Platforms, Security.

Mimecast rolls out new API developer portal to extend business and cyber resilience

Email and data security provider Mimecast has rolled out a new application programming interface (API) developer portal to extend business and cyber resilience for email with a constant, scalable and uniform API.

The Mimecast API developer portal is already processing a huge number of requests every day and is a key enabler for multiple Mimecast services and applications. Mimecast customers and partners need to visit the portal to take advantage of Mimecast security and archive data and integrate to existing...

By Developer, 05 April 2018, 0 comments. Categories: API, Cloud, Security.

GitHub was hit with the world’s largest DDoS attack

It went down for five minutes.

Yes, unlike the last record-breaking DDoS attacks, which caused disruption to major services for days — GitHub was able to quickly mitigate the attack so that few users would have even been aware of the downtime.

The attack was launched on Wednesday last week and GitHub was unavailable from 17:21 to 17:26 UTC. In

By Ryan Daws, 02 March 2018, 0 comments. Categories: Development Tools, Git, Hacking, Industry, Platforms, Security.

ParseDroid vulnerabilities threatened most Android development tools

A collection of vulnerabilities known as ParseDroid put users of popular Android development tools at risk.

Research from Check Point has discovered several vulnerabilities in downloadable and cloud-based Android development tools which all Java/Android programmers use to build their companies business applications. Even security analysts and reverse-engineers use some of the affected softwares to conduct their work.

By Ryan Daws, 07 December 2017, 0 comments. Categories: Android, Development Tools, Security.

How can developers improve software security? Move to DevSecOps and ‘think like an attacker’

Developers today frequently find themselves between a rock and a hard place. The business may not place security at the top of its priorities, but we all know how vital it is – and in today’s agile and DevOps working environments, developers cannot afford to finish applications and then leave the tidying up to the security team.

A new report from Veracode issued today argues that while developers do care about security, and are getting better at it, more work still needs to be done –...

By James Bourne, 28 November 2017, 0 comments. Categories: Development Tools, Security.

The IoT spin cycle: Security challenges which continue to plague device manufacturers

In March this year, a curious issue was discovered on the Miele Professional PG 8528, a professional medical washer, that caught the attention of news outlets: “The corresponding embedded webserver "PST10 WebServer" typically listens to port 80 and is prone to a directory traversal attack;” the security flaw statement revealed, “therefore, an unauthenticated attacker may be able to exploit this issue to access sensitive information to aid in subsequent attacks. A Proof of...

By Adam Cecchetti, 20 October 2017, 0 comments. Categories: Devices, IoT, Security, Testing.

Report discusses how Java apps are susceptible to widespread attacks from known security defects

A recently released study conducted by CA Veracode has found that the majority of Java applications contain at least one vulnerable component, making them predisposed to widespread attacks.

The research, titled “2017 State of Software Security Report” - which involved CA Veracode’s base of more than 1,400 customers – revealed that less than 28% of companies conduct regular composition analysis to understand which components are built into their applications.

There were many...

By Developer, 19 October 2017, 0 comments. Categories: Java, Security.

Google launches security features while report shows iOS threats outpacing Android

Google has cracked down on security with the launch of Play Protect and other new defense mechanisms while a report has been released which shows iOS malware growth outpacing that of Android.

After the Google Docs phishing attack, the company has been ramping up its security in recent months. This started back in May with the implementation of machine learning to improve the detection of phishing messages – and the company now estimates it can block spam and malicious content with a 99.9 percent...

By Ryan Daws, 20 July 2017, 0 comments. Categories: Android, iOS, Platforms, Security.

Elastic Beam unveils AI-powered software platform to protect API infrastructures from attacks

Elastic Beam has announced the launch of API Behavioral Security (ABS), an artificial intelligence (AI)-powered software platform that can detect and block cyberattacks that target APIs to compromise corporate data and systems – in public clouds, hybrid clouds, or on premise.

ABS does not require any predefined policies, security rules, or attack signatures, and is capable of stopping new and constantly changing attacks.

Securing APIs is important because they provide an easy access into...

By Developer, 11 July 2017, 0 comments. Categories: API, Development Tools, Security.

Wetherspoons decided it’s safer to delete customer data

Pub chain JD Wetherspoons has quite a fanbase in the UK, but the company has decided it’s safer to delete all its customer data than risk it being hacked.

Several high-profile hacks in recent months have brought to light the seriousness of data leaks resulting from databases being hacked. Beyond the disrepute which can have an impact on future custom, individuals and companies also have to face a potential fine resulting from increasingly strict data protection regulations.

Wetherspoons’ decision...

By Ryan Daws, 30 June 2017, 0 comments. Categories: Security.

Game Development: Managing the rules of the game

(Image Credit: iStockPhoto/Gladkikh)

The rules of the gaming industry are changing. In a highly-competitive market, game makers need to ensure they’re not only developing products which meets the needs of an increasingly demanding market, but that also stand up to the rigours of security. Be it online gaming or gambling, users are sharing sensitive data such as personal information or credit card details which means they...

By Gábor Marosvári, 21 April 2016, 0 comments. Categories: Gaming, Hacking, Security.

HTML5 security: Cross domain messaging

(c)iStock.com/Miha Perosa

HTML5 is one of the emerging technologies for next generation web applications and has brought a lot of new features to the web. HTML5 applications are also widely used in the mobile app world. But along with the features, HTML5 has brought various new attack vectors as well.

Before going ahead with the security concepts of cross domain messaging, let us understand the basics of how cross domain messaging is implemented in HTML5.

Cross domain messaging

Due to the same origin policy...

By Srinivas, 27 January 2016, 0 comments. Categories: Development Tools, HTML5, Security.

Oracle's new API deals with Java EE security problems

(Image Credit: iStockPhoto/Hramovnick)

Oracle's staff are fully-aware that security in Java EE hasn't been taken as seriously as it should have, but are working to fix these problems in the new Java EE security API (JSR 375) which is a proposal for baking better security into the environment. 

Java's development environment is notorious when it comes to security problems, at...

By Ryan Daws, 06 November 2015, 0 comments. Categories: API, Java, Security.