Dangers of quantum hacking
Tuesday, February 11, 2020 by Richard Harris
Active Cypher has built a password-hacking quantum computer to demonstrate the dangers of quantum hacking.
Using $600 worth of hardware parts easily purchased online or at a local electronics store, Active Cypher’s founder and CTO, Dan Gleason, created a portable quantum computer dubbed QUBY (named after qubits, the basic unit of quantum information). QUBY runs...
Microsoft DART team tracks 77k active web shells
Thursday, February 6, 2020 by Brittany Hainzinger
In a blog post promoting the capabilities of its commercial security platform, Microsoft said that on a daily basis the company's security team detects and tracks on average around 77,000 active web shells, spread across 46,000 infected servers.
According to ZDNet, these numbers are staggering, since the 77,000 figure is far larger than any previous reports about...
StrandHogg Android vulnerability identified
Thursday, December 5, 2019 by Freeman Lightner
Promon, a Norwegian app security company, has identified tangible evidence of a dangerous Android vulnerability that allows malware to pose as any legitimate app, granting hackers access to private SMS’ and photos, steal victims’ log-in credentials, track movements, make and/or record phone conversations, and spy through a phone’s camera and microphone...
FTC cracks down on comprehensive data security for Utah company
Thursday, November 14, 2019 by Richard Harris
A Utah-based technology company has agreed to implement a comprehensive data security program to settle Federal Trade Commission allegations that the company failed to put in place reasonable security safeguards, which allowed a hacker to access the personal information of a million consumers.
InfoTrax Systems, L.C., provides back-end operation services to multi-leve...
Token4Hope charity project releases source code on GitHub
Thursday, September 5, 2019 by Richard Harris
DECENT announces that the Token4Hope charity project is releasing its official source code on GitHub. Implemented together with Wiener Hilfswerk, HumanVenture, and Collective Energy, the pilot stage of Token4Hope is responsible for helping nearly 50 destitute families acquire funds to buy victuals and services through an innovative donation platform. The intent is to he...
Zeroday vulnerability announced byMcAfee at Defcon
Monday, August 19, 2019 by Richard Harris
At DEFCON, McAfee has announced the discovery of a zero-day vulnerability in a commonly used Delta industrial control system.
The vulnerability found in the Delta enteliBUS Manager could allow malicious actors complete control of the operating system, enabling remote manipulation of access control systems, boiler rooms, temperature control for critical systems and mo...
Finding website risk levels and reputations gets easier for IT admins
Monday, May 13, 2019 by Richard Harris
NetMotion Software announced NetMotion Reputation, a subscription service that identifies the risk profile and usage categories of hundreds of millions of web domains. Reputation allows IT teams to get visibility into user behavior, including a better understanding of access to risky or inappropriate cloud applications and websites. Customers can also block access if an...
Prevoty offers new Autonomous Application Protection capabilities
Friday, March 1, 2019 by Christian Hargrave
Imperva announced the expansion of its application security offerings with two new Autonomous Application Protection capabilities.
The update extends customers’ visibility into how applications behave and how users interact with sensitive information. With this expanded view across their business assets, customers will have deeper insights to understand and mit...
UK parliamentary report says Facebook should be regulated
Monday, February 18, 2019 by Christian Hargrave
Facebook and its executives have been labeled "digital gangsters" in a UK parliamentary report that calls for the company to be regulated, after an 18-month long investigation. The 180-page document says that Facebook willfully broke data privacy and competition laws.
A summary of the UK parliamentary report finds
Compulsory Code of Ethics for te...
Join us for a free mobile app security threats webinar on Tuesday
Friday, December 7, 2018 by Richard Harris
In 2016, a record 3 billion Yahoo accounts were hacked, and Uber reported that hackers stole the information of over 57 million accounts. Then in 2017, 412 million user accounts were taken from Friendfinder’s sites, and 147.9 million consumers were affected by the Equifax Breach. In 2018, Under Armor said that that it's My Fitness Pal app was hacked, affecting...
AI for cybersecurity
Tuesday, November 27, 2018 by Richard Harris
As organizations struggle to deal with the growing sophistication of hackers and the influx in data breaches, it's becoming clear that AI could be a critical tool for automatically defending applications from cyber attacks - but there are challenges to overcome. Ivan Novikov, the CEO of AI security company Wallarm, offers some insight below on how AI can be utilized...
30,000 blacklisted apps hosted on the Google Play Store report finds
Friday, September 21, 2018 by Richard Harris
RiskIQ has released its Mobile Threat Landscape Q2 2018 Report, which analyzed 120 mobile app stores and more than two billion daily scanned resources. The findings show a spike in blacklisted apps headlined by Trojans and Adware, as well as a fascinating shift in tactics by mobile threat actors.
For the second year in a row, RiskIQ observed a sharp increase in black...
Fortnite for Android is a trailblazing risk for mobile banking
Tuesday, August 14, 2018 by Sam Bakken
CEO Tim Sweeny of Epic Games, the publisher of the wildly popular Fortnite game, is on a mission to “advance the openness of all platforms” - not to mention side-step Google’s 30% take of developer proceeds - by distributing Fortnite for the Android platform via their website rather than the Google Play store. I applaud a maverick challenging the statu...
Detect eavesdropping in your mobile app with TrustKit
Wednesday, July 11, 2018 by Christian Hargrave
Data Theorem, Inc. announced the availability of TrustKit Analytics, a new service for the TrustKit community that delivers advanced security insights. In addition, the company announced that since TrustKit’s release in 2015, it has identified more than 100 million eavesdropping attempts on iOS and Android applications, where apps in active mode have blocked 100 p...
Avoid mobile cybersecurity threats by checking the source
Thursday, July 5, 2018 by Sam Bakken
Earlier this month IT news organizations around the globe reported that Epic Games’ popular Fortnite game was being counterfeited and malicious actors were, in fact, lacing the imposter apps with malware.
We’re only human, and people unwittingly let their guard down in anticipation of something they're passionate about, or when they think they might b...
Questioning the future of privacy and the safety of personal identity
Thursday, June 28, 2018 by Richard Harris
While consumers and businesses expand their use of social media and electronic services to record levels, many of America’s most knowledgeable security professionals don’t believe that individuals will be able to protect their privacy and online identity, even with precautionary measures and new regulations such as GDPR.
These findings and more are outlin...
Mobile Threat Landscape reports steady decrease in blacklisted apps
Friday, June 1, 2018 by Christian Hargrave
RiskIQ has released its Mobile Threat Landscape Q1 2018 Report, which analyzed 120 mobile app stores and more than two billion daily scanned resources. The findings showed that taking advantage of the popularity and volatility of the cryptocurrency landscape is paying off for threat actors via the mobile attack vector and that malicious apps leveraged by nation-state ac...
FTP vulnerabilities and what you can do
Thursday, May 24, 2018 by Richard Harris
File Transfer Protocol or (FTP) for short is old, and when I say old - I mean 1971 old when it was initially published as RFC 114. It defines a way clients can transfer files to a server. Typically gated with a password and either sent clear text, or over SSL/TLS/SFTP, it’s a rock solid way to get files sent to their destination and is widely supported. But in today’s w...
ZipperDown vulnerability puts thousands of iOS apps at risk
Tuesday, May 22, 2018 by Christian Hargrave
ZipperDown vulnerability has put at risk potentially thousands of iOS apps on the market. Pangu Lab recently found that a vulnerability previously discovered in OAuth security is now being exploited by hackers to run malicious code on iOS applications. Casey Ellis, CTO of Bugcrowd, recently spoke on the matter, giving an in-depth technical overview of ZipperDown to deve...
Oracle Autonomous Data Warehouse Cloud launched for GA
Sunday, April 1, 2018 by Richard Harris
Oracle has announced the availability of a new service based on its Autonomous Database named Oracle Autonomous Data Warehouse Cloud. Autonomous Data Warehouse Cloud, uses machine learning to deliver performance, security capabilities, and availability with no human intervention, at "half the cost of Amazon Web Services."Autonomous Data Warehouse Cloud delivers all of t...
Progressive web apps vs native apps: Showdown in 2018
Thursday, March 1, 2018 by Andrew Gazdecki
Apps have become an integral part of any brand's digital marketing efforts. You'd be hard-pressed to find a company that hasn't, at the very least, thought about developing an app. It would be even more difficult to find a company willing to deny the tremendous impact that an app can have on a brand's engagement and customer experience.
Thursday, February 15, 2018 by Richard Harris
DNS security and why mobile app developers should care
Monday, February 5, 2018 by Richard Harris
DNSSEC is a DNS security extension specification for securing information provided by DNS. DNS has been a part of the global internet since the 1980s, but its authentication mechanisms are fairly weak. As a result, DNS is vulnerable to a form of attack called cache poisoning. Cache poisoning is a man-in-the-middle attack that implants false DNS information to redirect e...
Bitcoin exchange apps are risky claims new report
Monday, January 29, 2018 by Christian Hargrave
RiskIQ claims that the app stores are hosting 661 blacklisted Bitcoin apps which leave users open to hackers. They analyzed 18,408 apps across 20 app stores (mostly Android based), but including Apple, Google Play, SameAPK, and APKPlz.Fabian Libeau, EMEA VP of RiskIQ, warned anybody considering downloading such software to be extremely cautious and to research eac...
Dataguise recognized in MarketsandMarkets datacentric security report
Thursday, January 25, 2018 by Christian Hargrave
Dataguise was cited a new report titled Data-Centric Security Market Global Forecast to 2022 published by IT research firm MarketsandMarkets. In the report, analysts forecast the global data-centric security market to grow from USD $1.79 Billion in 2016 to USD $5.83 Billion by 2022, at a compound annual growth rate (CAGR) of 23.1%. The report indicates that sensitive da...
Cisco releases security connector app for iOS devices
Tuesday, January 2, 2018 by Christian Hargrave
Cisco announced the availability of Cisco Security Connector, a security app designed to give enterprises the deepest visibility and control over network activity on iOS devices, now in the App Store.Apple has designed iOS to be secure from the ground up and to be simple, intuitive, and powerful for users. By using iPhones and iPads with iOS 11 and Cisco Security Connec...
The shifting power dynamics of news on the Web
Monday, December 11, 2017 by Andrew Betts
Over the last several years, control of news on the web has drastically shifted. Social networks and search are increasingly how we find content, and our old loyalties to our favorite publications are giving way to consumption of content from varied and ever changing sources. Large, respectable publishers are still vital to a healthy news industry and indeed a healthy d...
SlashNext launches AI internet threat protection system
Thursday, November 9, 2017 by Christian Hargrave
SlashNext announced the company’s broad market release of the SlashNext Internet Access Protection System to protect organizations from cross platform social engineering and phishing, malware, exploits and callback attacks. The system goes beyond first generation signature-based and second generation sandbox-based technologies and deploys artificial intelligence and cog...
DevSecOps is important and here is why
Friday, October 20, 2017 by Richard Harris
In the digital age, securing your development projects against malicious hackers can be quite the challenge. And when you take security and try to scale security to an enterprise, the challenge seems insurmountable. Evident by the frequent hacking incidents we see come through the news.Enter DevSecOps. DevSecOps is a methodology that interweaves the aspects of DevOps an...
Mobile mesh networking apps via new SDK from RightMesh
Wednesday, October 18, 2017 by Richard Harris
A big hurdle for software developers is how to reach the estimated 4 billion people, who currently lack Internet access. Without an Internet connection, huge swaths of potential users are unable to discover, download, and use their applications. The majority of these unconnected people live in developing countries, but approximately 96% of the global population live in ...
Node.js just got better enterprise security
Monday, October 9, 2017 by Christian Hargrave
At Node.js Interactive North America, npm, Inc. announced new enterprise-grade security features for users of npm and the npm Registry: two-factor authentication for publishing packages and read-only authentication tokens. With more than 550,000 packages for mobile, IoT, front end, back end and robotics, npm is the first software registry to provide two-factor authentic...
Stop the menace of Android rooting malware attacks with RASP
Monday, September 25, 2017 by Frederik Mennes
One of the key security issues facing organizations that support Android devices is the risk of rooting malware. A number of malware families on the Android mobile OS attempt to obtain root access once installed because the elevated privileges gained come in handy to perform malicious activities.
What you need to know about Tordow v2.0 and Pegasus
Tips for securing container deployments
Friday, September 1, 2017 by Richard Harris
Container deployments are still susceptible to the regular threats that other types of deployments are - including DDoS and cross-site scripting attacks. In fact, hackers often take advantage of compromised containers to scan sensitive data, download malware, or privilegeunauthorized access to any of your containers, hosts or data centers.Fei Huang is the CEO of NeuVect...
The future of cybersecurity in machine learning
Sunday, July 30, 2017 by Richard Harris
McAfee, a cybersecurity company, has announced several new innovations that expand machine learning and automation capabilities to strengthen human-machine teams. Plus, McAfee announces support of OpenDXL.com, a new, independent collaboration portal that offers forums and free apps, giving OpenDXL users easy access to ideas and resources available for application integr...
HUMANOBOT can discover nonhuman activities trying to commit fraud
Tuesday, July 25, 2017 by Christian Hargrave
SecuredTouch's HUMANOBOT behavioral biometrics tech has recently fine-tuned its platform to better detect non-human activities like bots and emulators trying to commit fraud. HUMANOBOT detects non-human behavior generated by bots, malware, and automated scripts and stops fraud-focused emulators within mobile applications.The system recognizes these behaviors using advan...