EU says Apple breached DMA regulations
Wednesday, July 10, 2024 by Richard Harris
The AP is among outlets reporting that Apple becomes first target of EU’s new digital competition rules aimed at big tech, reporting: “European Union regulators leveled their first charges under the bloc’s new digital competition rulebook, accusing Apple of preventing app makers from pointing users to cheaper options outside its App Store. The European...
Developers and brands must make mobile apps far more secure
Tuesday, January 17, 2023 by Christian Hargrave
The bad guys are still breaking digital windows and kicking down digital doors, so to speak, and will continue well into 2023 and beyond!
Consumers through experience or gut instinct will demand that their mobile app providers deliver key security features including trying to stop the increasingly prevalent "man-in-the-middle" attacks. The latest techn...
First multiTEE security platform for mobile app developers emerges
Tuesday, March 5, 2019 by Christian Hargrave
Trustonic says it will expand support to include Huawei’s Trusted Execution Environment (TEE) on its mobile application security platform, Trustonic Application Protection (TAP). Until now, TAP has enabled app developers to build apps secured by both strong application shielding for iOS and Android, and hardware-based protection for the 1.7 billion Android devices...
Join us for a free mobile app security threats webinar on Tuesday
Friday, December 7, 2018 by Richard Harris
In 2016, a record 3 billion Yahoo accounts were hacked, and Uber reported that hackers stole the information of over 57 million accounts. Then in 2017, 412 million user accounts were taken from Friendfinder’s sites, and 147.9 million consumers were affected by the Equifax Breach. In 2018, Under Armor said that that it's My Fitness Pal app was hacked, affecting...
5 app development tips to help you avoid disaster
Wednesday, November 28, 2018 by Joe Hanson
Mobile app development: it’s easy and straightforward in the lab, but once your app is deployed to the wild, all bets are off. You need to deliver seamless, fast experiences for users on low-powered devices, in any number of network environments.
When it comes to building mobile apps, uncontrollable user behavior can lead you down the path to death by 1000 pape...
Fortnite for Android is a trailblazing risk for mobile banking
Tuesday, August 14, 2018 by Sam Bakken
CEO Tim Sweeny of Epic Games, the publisher of the wildly popular Fortnite game, is on a mission to “advance the openness of all platforms” - not to mention side-step Google’s 30% take of developer proceeds - by distributing Fortnite for the Android platform via their website rather than the Google Play store. I applaud a maverick challenging the statu...
Detect eavesdropping in your mobile app with TrustKit
Wednesday, July 11, 2018 by Christian Hargrave
Data Theorem, Inc. announced the availability of TrustKit Analytics, a new service for the TrustKit community that delivers advanced security insights. In addition, the company announced that since TrustKit’s release in 2015, it has identified more than 100 million eavesdropping attempts on iOS and Android applications, where apps in active mode have blocked 100 p...
Avoid mobile cybersecurity threats by checking the source
Thursday, July 5, 2018 by Sam Bakken
Earlier this month IT news organizations around the globe reported that Epic Games’ popular Fortnite game was being counterfeited and malicious actors were, in fact, lacing the imposter apps with malware.
We’re only human, and people unwittingly let their guard down in anticipation of something they're passionate about, or when they think they might b...
The battle of biometric security coming in 2018
Friday, November 3, 2017 by Kevin Tussy
Fingerprint sensors first appeared in smart devices in 2007 and then gained momentum as a 4-digit PIN code replacement in 2013's Apple iPhone 5S. Hailed as the future of authentication by some, fingerprint's security weaknesses were quickly exposed by the children of sleepy dads, cats' paws and gummy bears. Still, the lure of convenience today and the promise of securit...
Stop the menace of Android rooting malware attacks with RASP
Monday, September 25, 2017 by Frederik Mennes
One of the key security issues facing organizations that support Android devices is the risk of rooting malware. A number of malware families on the Android mobile OS attempt to obtain root access once installed because the elevated privileges gained come in handy to perform malicious activities.
What you need to know about Tordow v2.0 and Pegasus
The To...
NoSQL databases can now use Hackolade's CLI
Tuesday, August 8, 2017 by Richard Harris
With GDPR quickly approaching, Hackolade has announced its Command Line Interface (CLI) to help companies with the pending GDPR (General Data Protection Regulation) regulatory compliance (scheduled for May 25, 2018), along with overall corporate data governance needs. The CLI is currently available for the following NoSQL databases: MongoDB, Couchbase, DynamoDB, and Azu...
With DevOps security must work differently
Tuesday, June 27, 2017 by Richard Harris
Because “software is eating the world,” as Mark Andreessen famously noted, application security gets harder every day; every line of code written opens organizations to new vulnerabilities and breaches. Furthermore, legacy solutions, such as static analysis, dynamic analysis and web application firewalls have failed to keep pace with Agile and DevOps practices. Teams ne...
App Verify SDK gets update for new iOS capabilities
Wednesday, June 21, 2017 by Richard Harris
TeleSign, an end-to-end communications platform as a service (CPaaS), has announced new iOS capabilities for its mobile app verification service, App Verify. App Verify for iOS is a lightweight software development kit (SDK) that enables mobile app developers to streamline the onboarding account verification process to assist with increasing conversions and providing id...
Why runtime application selfprotection is critical for app security
Tuesday, June 20, 2017 by David Strom
Today most of us go about implementing security from the outside in. The common practice is to start by defining a perimeter and trying to defend it with various security tools. Even though perimeters have been porous for more than a decade, we still can’t give up this notion that if we build a better wall we can keep our enterprises safer.Certainly that is where most e...
Invisible payments inside mobile apps problem
Monday, June 19, 2017 by Richard Harris
Have you ever wondered how Uber automatically charges you for your ride without making you pull out your credit card or sign a receipt? "Invisible payments" like these are a growing trend and aside from ride sharing, the technology is now being implemented by companies with Amazon and major restaurant chains. For brands, invisible payments enhance the consumer experienc...
DevSecOps will help security and developers play nice
Thursday, June 15, 2017 by Richard Harris
Veracode, a security software company acquired by CA Technologies, has announced the results of a study examining the relationships between application developers and security teams.The study, conducted in conjunction with Enterprise Strategy Group (ESG), shows that despite the pervasive belief that security and development teams have conflicting priorities, initiatives...
Enterprise threat dubbed HospitalGown infests thousands of apps
Tuesday, June 6, 2017 by Richard Harris
Appthority, an enterprise mobile threat protection company, published research on a newly discovered backend data exposure vulnerability, dubbed HospitalGown, that highlights the connection between mobile apps and insecure backend databases containing enterprise data. Appthority documented more than 1,000 apps with this vulnerability, and researched in detail 39 applica...
Get mobile printing up and running: What CIOs need to know
Wednesday, May 24, 2017 by Brent Richtsmeier
Enterprise workplace infrastructure is changing. Gartner found that total mobile sales into the enterprise globally are greater than 200,000 per year, while PCs are half that. The PC installed base has been on a steady decline since 2014, while the mobile installed base is on the rise - meaning mobile is set to surpass the PC installed base in 2017.However, even as more...
Route the Internet faster with Argo from Cloudflare
Monday, May 22, 2017 by Richard Harris
Cloudflare has announced Argo, a service that intelligently routes traffic across the Internet for a faster, more reliable, and more secure online experience.The Internet is inherently unreliable. Its massive collection of networks from different providers experiences delays and outages all the time. Internet users experience these problems as slowness reaching websites...
Improve mobile app security by turning it into code
Monday, May 8, 2017 by Jeff Williams
Why is application security such a pain? One of the hard problems with application security is that there are a zillion different ways that things can go wrong. Far more than any one person can be expert in. It's unfair to think that a software developer, who is already supposed to be expert in all the latest software languages, frameworks and best practices, should als...
NodeSource N|Solid for Alpine Linux
Wednesday, April 19, 2017 by Christian Hargrave
NodeSource, the Node.js company, has announced the release of NodeSource N|Solid for Alpine Linux, the newest addition to its enterprise-grade Node.js platform that enables a secure, reliable and extensible platform for Node.js applications. The latest release makes it easier for teams using Docker containers with the popular Alpine Linux distribution to leverage the en...
DOD releases PostgreSQL security technical implementation guide
Friday, March 24, 2017 by Richard Harris
Crunchy Data, a provider of open source PostgreSQL, has announced the publication of a PostgreSQL Security Technical Implementation Guide (STIG) by the U.S. Department of Defense (DoD), making PostgreSQL the first open source database with a STIG. Crunchy Data collaborated with the Defense Information Systems Agency (DISA) to evaluate PostgreSQL against the DoD’s securi...
Intentbased mobile app security: It's harder than you think
Thursday, March 23, 2017 by John Morello
Recently, intent-based security has become a buzzword and a commonly used phrase in the developer community. However, this new wave of security is much more than just a catchphrase. The concept of intent-based security adds a new level of protection to applications in containerized environments, specifically by understanding what the app is intended to do and looking fo...
ImmuniWeb Mobile launches to offer better mobile security testing
Wednesday, March 15, 2017 by Richard Harris
High-Tech Bridge announces the launch of ImmuniWeb Mobile as part of ImmuniWeb Application Security Testing Platform. The new offering will provide comprehensive assessment of iOS and Android mobile applications, mobile infrastructure backend and data channel encryption. All ImmuniWeb Mobile packages are provided with a zero false-positives SLA. The mobile application s...
Iris Scanning and the Future of Mobile Security
Wednesday, September 14, 2016 by Dr. Salil Prabhakar
The promise of iris scan technology has been shown in sci-fi movies for decades. Various governments use it to secure borders, defense facilities, banks use it to authenticate high value transactions, secure access to safes and vaults. Recent advancements in the evolving mobile biometrics field has brought iris recognition technology to our hands – to our mobi...
Cloud Security Alliance Issues Mobile Application Security Testing Report
Monday, August 1, 2016 by Stuart Parkerson
The Cloud Security Alliance has released a new report surrounding its Mobile Application Security Testing Initiative. The purpose of the report is to provide the Alliance’s insight into building out a roadmap for establishing a more secure cloud ecosystem to protect mobile applications.The Alliance’s Mobile Application Security Testing (MAST) Initiative offers...
Being Ready for a MobileFirst Business Strategy
Sunday, July 31, 2016 by Sravish Sridhar
If your business isn’t talking about its mobile strategy yet, it’s only a matter of time. According to 451 Research, 40 percent of companies will prioritize the mobilization of general business apps over the next two years, compared to just mobilizing field service and sales teams. Companies recognize mobility offers huge business benefits, from driving customer satisfa...
Application Security Market to Triple in the Next 5 Years
Wednesday, May 11, 2016 by Stuart Parkerson
A new market research report has been published by MarketsandMarkets which predicts that the global application security market size is expected to triple, growing from $2.24 Billion in 2016 to $6.77 Billion by 2021. The report is titled “Application Security Market by Component (Solutions, Services), Solutions (Web Application Security, Mobile Application Security), Te...
Five Common Mobile App Security Vulnerabilities And How to Fix Them
Saturday, April 30, 2016 by Seth Jaslow
Mobile app security leaves much to be desired. That was the conclusion of a 2016 Hewlett Packard Enterprise (HPE) study which found that a staggering 96 percent of 36,000 mobile apps failed at least one of 10 privacy checks. Three years ago, a similar HPE study found that 97 percent of 2,000 apps reviewed held insecure private information. As mobile app usage conti...
Department of Homeland Security Creates Mobile Application Playbook
Tuesday, April 26, 2016 by Richard Harris
The U.S. Department of Homeland Security (DHS), Office of the Chief Technology Officer (OCTO), has created The Mobile Application Playbook (MAP), a DHS sponsored reference guide to assist federal agencies with the planning, management, and execution of mobile application projects.The MAP publication provides a roadmap for creating mobile applications and is designed to ...
A Developer's Perspective on Mobile Security in the Age of BYOD
Thursday, March 31, 2016 by Joe Schulz
With the cost savings of BYOD continuing to lure organizations to adopt this approach, the number of companies allowing employee-owned devices is still on the rise, as well. In early 2015, Tech Pro Research announced that 74 percent of organizations either already allow or were planning to allow employees to bring their own devices to work. At the time of this writing, ...
New Mobile Security Report Shows Most Apps Have Critical Vulnerabilities
Tuesday, November 10, 2015 by Richard Harris
Checkmarx and AppSec Labs have released a new mobile app security titled “The State of Mobile Application Security 2014-2015”. Among the findings of the report is that the typical app is exposed to an average of 9 different vulnerabilities. The report also indicates in situations where vulnerabilities are built into the code or application logic, the vulnerability of iO...
Mocana Atlas Platform Now Integrates with Apperian Mobile Application Management Solution
Wednesday, April 22, 2015 by Stuart Parkerson
Mocana has announced that it has integrated its Mocana Atlas solution with the Apperian mobile application management (MAM) platform to provide security for managed and unmanaged device on the Apperian platform.Apperian’s MAM platform provides fine-grained security and dynamic policy controls at the individual app level, ensuring safe app deployment. The new integration...
New Flexera Report Highlights Dangers of Unchecked Employee BYOD Mobile Apps
Wednesday, March 25, 2015 by Richard Harris
A new Flexera Software/IDC Survey Report - The BYOD Trojan Horse: Dangerous Mobile App Behaviors & Back-Door Security Risks – indicates that enterprises are not doing nearly enough to understand which mobile app behaviors hitting their networks and data are risky, nor are they testing apps for those risky behaviors to ensure proper enforcement of their BYOD policies...
NowSecure App Testing (formerly ViaLab) Launches New Mobile Application Security Testing Suite
Friday, January 23, 2015 by Richard Harris
NowSecure App Testing (formerly ViaLab) has announced its new mobile application security testing suite, available in both a free and paid version.The mobile application security testing suite speeds up the process of identifying vulnerabilities and risks for third-party and custom mobile apps. The platform helps developers locate problems such as Heartbleed before they...
