Three API security risks in the wake of the Facebook breach
Facebook recently pledged to improve its security following a lawsuit that resulted from a 2018 data breach. The breach, which was left open for more than 20 months, resulted in the theft of 30 million authentication tokens and almost as much personally identifiable information. A “View As” feature that enabled developers to render user pages…
Security risks for e-scooters and riders exposed
Micromobility vehicles, such as e-scooters, zip in and out of traffic. For this reason, micromobility is seen as an alleviating trend to help tackle traffic congestion. However, a research out of UTSA finds e-scooters have risks beyond the perils of potential collisions. Computer science experts at UTSA have published the first review of the security…
Developers Still Don’t Properly Handle Sensitive Data
Open-source software projects continue to struggle with handling sensitive information, according to automated scans of hundreds of millions of commits to code repositories. Software-security toolmaker DeepCode found that four of the seven vulnerabilities classes with the greatest impact on the security of software projects had to do with failures to protect data. The categories of…
Government Agency Partners on New Tool for Election Security
Arlo the auditing tool may play a key role in securing next year’s elections. The open source tool, created by VotingWorks in partnership with the Cybersecurity and Infrastructure Security Agency (CISA) and departments from a number of states, is intended to provide an easy way to perform the calculations needed for the audit: determine how…
Blacklisted apps increase 20%, attackers focus on tax-branded key terms
In 2018, global app spending hit $101 billion and is expected to surpass that this year. Mobile is a significant portion of the overall corporate attack surface where security teams often suffer from a lack of visibility. For the second consecutive quarter, blacklisted apps increased with a 20% spike, accounting for over 2% of all…
About 50% of Apps Are Accruing Unaddressed Vulnerabilities
The latest edition of Veracode’s annual “State of Software Security” study released this week shows that many enterprise organizations are at increased breach risk because of aging, unaddressed application security flaws. Veracode recently analyzed data from application security tests on more than 85,000 applications and found that, on average, companies fix just 56% of all…
Researchers Turn Alexa and Google Home Into Credential Thieves
“Alexa, steal my passwords.” It’s not a phrase a user is likely to utter, but security researchers in Germany have shown that it’s possible for malicious apps — Alexa “skills” and Google Home “actions” — to launch phishing attacks on users, forward the compromised credentials to criminals, and do it all in apps approved for…
All apps on Google Play are safe: Fact or fiction?
We always recommend downloading Android apps from official stores and nowhere else. But that doesn’t mean there are no viruses in the Google Play. It is true, however, that you’ll find fewer of them in the official store than on third-party sites, and they get removed on a regular basis. How Google monitors the security…
Facebook Offers Rewards for Instagram Data Abuse Reports
In April 2018, following the Cambridge Analytica scandal, Facebook announced the launch of a bug bounty program focusing on the misuse of private information. The social media giant has been offering between $500 and tens of thousands of dollars for reports of apps that collect and transfer personal data. This program has now been expanded…
Orgs Doing More App Security Testing but Fixing Fewer Vulns
Enterprise organizations are scanning more applications for security vulnerabilities than ever before, but, troublingly, they are remediating fewer of their discoveries because of the sheer volume. As it has for the past 13 years, WhiteHat Security recently analyzed data from the results of application security tests the company performed at customer locations last year. The…
