Salesforce breach let hackers steal Google customer data
Monday, August 25, 2025 by Richard Harris
In June, one of Google’s corporate Salesforce instances was affected by activity consistent with the UNC6040 campaign described in the post. Google responded by conducting an impact analysis and implementing mitigation steps. The affected instance stored contact information and related notes for small and medium-sized businesses. Investigators confirmed that data ...
Your AI chat isn't safe
Monday, August 4, 2025 by Austin Harris
ChatGPT users are facing unexpected privacy risks as shared conversations with the AI tool have started appearing in Google search results. The issue stems from ChatGPT’s “shared link” feature, which allows users to generate public URLs for individual conversations. While the feature was originally intended for collaboration, those shared URLs are now ...
iOS fitness app Fitify exposes 138K user private photos
Friday, July 25, 2025 by Austin Harris
Fitify’s publicly accessible Google cloud storage bucket has exposed hundreds of thousands of files. Some of the files were user-uploaded progress pictures that individuals upload to track their body changes over time. After Cybernews contacted the company, the unprotected instance was closed.
iOS fitness app Fitify exposes 138K user private photos: Key takeawa...
API security risks report exposes Netflix and Wordpress
Monday, November 27, 2023 by Richard Harris
Wallarm, the end-to-end API and app security company, announced the release of its Q3-2023 Wallarm API ThreatStats report. The quarterly report details the surge in threats centered around APIs and uncovers critical vulnerabilities, like injections and API data leaks, that have recently impacted leading firms, including Netflix, VMware, and SAP.
The new report i...
Mitigating API attacks in 2022
Wednesday, January 5, 2022 by Richard Harris
Nathanael Coffing, co-founder and CSO of Cloudentity, is also a board member. Nathanael has over 20 years of management and architecture experience across identity, security, microservices, and IT domains. Prior to founding Cloudentity, he founded OrchIS.io and helped build numerous technology startups leveraging his experience at Sun, Oracle, Imperva, Washington Mutual...
Low code platform Zenity lands $5M in funding
Wednesday, December 8, 2021 by Austin Harris
Zenity exited stealth mode with a $5 million seed funding round, led by Vertex Ventures and UpWest, and backed by top executives such as the former CISO of Google, Gerhard Eschelbeck, and former CIO of SuccessFactors, Tom Fisher. With Zenity, businesses can promote citizen development and adopt Low-Code/No-Code platforms while avoiding critical data exfiltration or disr...
Vanta launches Automated ISO 27001 Certification and HIPAA Compliance
Tuesday, July 13, 2021 by Brittany Hainzinger
Vanta announced public availability for two new certification standards that help secure the internet and protect consumer data. Vanta provides automated compliance audits and continuous security monitoring through a robust SaaS platform, enabling companies to achieve industry standardization in weeks instead of months.
The rise of data leaks and privacy concerns hav...
How to avoid mobile phone apps from leaking your personal data
Wednesday, November 18, 2020 by Brittany Hainzinger
Most people have dozens of mobile phone apps installed on their phone, tablet, or even their smartwatch. In fact, the average person has about 60 to 90 mobile phone apps on their phone. Out of all those apps, many of them could be leaking your personal data. How can you protect yourself? One of the primary ways is by installing a VPN, but there are other ways, too. Here...
Data Privacy Day 2020 is here
Tuesday, January 28, 2020 by Richard Harris
Data Privacy Day is here, and with the recent implementation of the California Consumer Privacy Act, the timing could not be better to discuss the importance of taking steps to protect sensitive data while also keeping personal data private and secure.
Similar to GDPR, CCPA will have a profound impact on data privacy and protection, making this year’s Data Priv...
Loopring's decentralized exchange protocol technical design released
Thursday, April 18, 2019 by Richard Harris
Loopring has announced the technical design of its protocol 3.0, following a period of comprehensive research and development. The release represents a significant milestone for the Loopring protocol, combining innovative blockchain technologies and zero-knowledge cryptography in order to dramatically increase throughput and bring fully-functional decentralized exc...
Why app analytics tools can get your app removed
Friday, February 8, 2019 by Richard Harris
Apple has recently started to crack down on developers that aren’t disclosing how they are capturing analytics from their users, as reported by Techcrunch and a few other sources. Analytics that includes everything from taps and swipes, to what screens users are on, length of time inside apps, and more. Some embedded SDK's developer use even record user sessio...
Mesosphere DC OS 1.12 is now available
Thursday, November 1, 2018 by Austin Harris
Mesosphere announced the general availability of Mesosphere Kubernetes Engine (MKE), Mesosphere DC/OS 1.12 and the public beta of Mesosphere Jupyter Service (MJS). Mesosphere Kubernetes Engine is the only software platform that delivers pure Kubernetes-as-a-Service on multi-cloud and edge with high-density resource pooling, yet without the need for virtualization. DC/OS...
The differences between web apps and native apps
Thursday, October 18, 2018 by Richard Harris
Even in 2018, years past the origional question, the debate rages on across the land, in office spaces and conference rooms every day - should we build a full-blown native mobile app, or is distributing over the web good enough?
By now everyone knows the “mobile-first” mentality because statistics like 50% of web searches being done from a mobile dev...
Enterprise security report says mobile workers put data at risk
Wednesday, October 10, 2018 by Austin Harris
According to a new study titled Greatest Mobile Security Threats in the Enterprise, a significant lack of visibility into devices and networks is putting businesses at risk for data leakage and phishing attacks. The study, conducted by Enterprise Mobility Exchange and commissioned by NetMotion Software, showed that nearly 50 percent of mobile workers spend the majority ...
Making a mobile game that sticks this season
Wednesday, December 27, 2017 by Nelson Rodriguez
‘Tis the season to be gaming. With dozens of new titles expected to hit the shelves, app stores and console and PC marketplaces this holiday season, it’s critical that developers level up their strategies for a successful game launch to earn a hefty slice of this year’s holiday gaming sales pie.After building a terrific game, a successful holiday launch hinges on provid...
The shifting power dynamics of news on the Web
Monday, December 11, 2017 by Andrew Betts
Over the last several years, control of news on the web has drastically shifted. Social networks and search are increasingly how we find content, and our old loyalties to our favorite publications are giving way to consumption of content from varied and ever changing sources. Large, respectable publishers are still vital to a healthy news industry and indeed a healthy d...
Explaining graph databases to a developer
Tuesday, October 17, 2017 by Richard Harris
Organizations are increasingly beginning to grasp onto the power of graph databases, which helps them unlock business value within connections, influences and relationship within their data. Graph databases enable new applications to adapt to changing business needs and existing applications to scale with the business.To learn more about how organizations can implement ...
Automated Security as a Service platform by ShiftLeft launches
Monday, October 16, 2017 by Austin Harris
ShiftLeft Inc. has introduced an automated Security as a service (SECaaS) for cloud software that creates custom security and threat detection for each application it supports. With ShiftLeft, organizations can now secure their cloud applications as part of their continuous integration pipeline, rather than merely reacting to threats discovered in production. ShiftLeft ...
iOS 11 security implications
Thursday, July 13, 2017 by Richard Harris
Apple’s iOS 11 won’t be released until this fall, but its in public beta now - available for both developers and enterprising consumers alike to test it out. Beta versions inherently come with bugs, but some features of the operating system will continue to pose problems after the market-ready version is released. Richard Stiennon, Chief Strategy Officer of Blancco Tech...
SpotX has released support for DigiTrust in its Direct AdOS
Tuesday, July 4, 2017 by Austin Harris
Video ad serving platform, SpotX, has released support for DigiTrust in its Direct AdOS, used by broadcasters and digital media owners. By providing publishers with a means of selling their inventory with similar audience recognition capability as Facebook and Google, SpotX publishers will increase yield and decrease data leakage from their browser-based properties. The...
Enterprise threat dubbed HospitalGown infests thousands of apps
Tuesday, June 6, 2017 by Richard Harris
Appthority, an enterprise mobile threat protection company, published research on a newly discovered backend data exposure vulnerability, dubbed HospitalGown, that highlights the connection between mobile apps and insecure backend databases containing enterprise data. Appthority documented more than 1,000 apps with this vulnerability, and researched in detail 39 applica...
8 cyber security predictions for what's to come in AsiaPacific
Thursday, December 29, 2016 by Austin Harris
Cyber security received heightened interest in 2016 due to a spate of cyber attacks in the region. These included cyber attacks on the database of 55 million voters at the Philippines Commission on Elections (COMELEC), the National Payment Corporation of India (NPCI), US$81 million cyber heist at the Bangladesh Central Bank and the massive data leaks as shown by the Yah...
Intel Security Enhances Unified Defense Architecture
Thursday, November 3, 2016 by Richard Harris
Intel Security has announced an enhanced unified defense architecture designed to empower organizations to more effectively protect a new digital economy of trust, time and money. No longer is our economy a physical one, but one of connected networks and systems where cybercriminals have put us on the defensive. This new second economy, has put us in a world where ...
IT Governance of Sensitive Files on Corporate and BYOD Mobile Devices
Monday, June 20, 2016 by Jeff Steuart
Mobile content has brought new agility and efficiency to just about every enterprise. "Mobile communication and collaboration is accelerating and improving enterprise productivity and growth like no other universal technology since the dawn of the Web 25 years ago,” says Josh Bohls, Founder, Inkscreen. But these advantages come at a cost.Says Bohls, “Ask any o...
Five Common Mobile App Security Vulnerabilities And How to Fix Them
Saturday, April 30, 2016 by Seth Jaslow
Mobile app security leaves much to be desired. That was the conclusion of a 2016 Hewlett Packard Enterprise (HPE) study which found that a staggering 96 percent of 36,000 mobile apps failed at least one of 10 privacy checks. Three years ago, a similar HPE study found that 97 percent of 2,000 apps reviewed held insecure private information. As mobile app usage conti...
Secure Mobile Access for BYOD
Friday, March 4, 2016 by Paul Andersen
If you are an IT manager responsible for defining your organization’s approach to BYOD, there are hundreds, if not thousands, of articles and guides available on the topic. Unfortunately, most BYOD articles overlook a technology that has been the workhorse for secure remote access for more than a decade: SSL VPN.Originally designed for secure remote PC and laptop access...
Security Brief Protecting Against the OWASP Mobile Top 10
Thursday, January 7, 2016 by Stuart Parkerson
There are over 1.6 million Android apps in the Google Play store. Over 1.5 million apps are in the Apple App Store. For mobile app hackers, today’s mobile environment has never offered a more fertile landscape to phish for user information or implant mobile malware. And never in history has more information been available to exploit.To understand how mobile application ...
CodeLathe's FileCloud Adds Microsoft Azure File Storage as Storage Option
Tuesday, January 5, 2016 by Stuart Parkerson
CodeLathe’s FileCloud has added support for Microsoft Azure File Storage as a backend file storage option. The FileCloud platform allows businesses and managed service providers to host their own end-to-end file sync, share and mobile access solution with the ability to deploy the high available, redundant and scalable FileCloud on Azure Cloud infrastructure.Azure File ...
New Mobile Security Report Shows Most Apps Have Critical Vulnerabilities
Tuesday, November 10, 2015 by Richard Harris
Checkmarx and AppSec Labs have released a new mobile app security titled “The State of Mobile Application Security 2014-2015”. Among the findings of the report is that the typical app is exposed to an average of 9 different vulnerabilities. The report also indicates in situations where vulnerabilities are built into the code or application logic, the vulnerability of iO...
Mobile Devices Are the Weakest Link for Enterprise Mobility Solutions
Tuesday, December 9, 2014 by Chirag Shivalker
The time has come when the fact is accepted and discussed at large, the one that we have been trying to resist since long. We all are aware that today mobile Apps for Enterprise Management consider mobility at their core. It has given new peripheries to businesses by transforming operations – better engagement with customers – and of course an innovative appro...
Android App Developers Need to Check Their Apps for Heartbleed Vulnerability
Thursday, April 24, 2014 by Stuart Parkerson
A report from FireEye, a company that provides a virtual machine-based software security platform protecting companies against cyber attacks, has found that 150 million downloads of Android apps contain OpenSSL libraries vulnerable to Heartbleed.Heartbleed allows attackers to steal sensitive information from vulnerable websites by sending crafted SSL heartbeat mess...
Juniper Networks Unveils SDK for Virtual Private Network (VPN) Connectivity for Enterprise Mobile
Wednesday, December 4, 2013 by Stuart Parkerson
Juniper Networks has released the Junos Pulse AppConnect software development kit (SDK) that enables per-application virtual private network (VPN) connectivity from both Apple iOS and Google Android devices to Juniper's Junos Pulse Secure Access Service. Driven by the explosion of the BYD movement, the new introduction allows enterprises to protect against corporate dat...
