Security firm SourceDNA has revealed a number of iOS apps that are violating Apple’s App Store policy that use private APIs to obtain a user’s private data. The apps all had one thing in common: They used the Youmi advertising SDK from China. “We found 256 apps (est. total of 1 million downloads) that have … continue reading
Illumio has announced new partnerships with Docker and Mesosphere to provide its adaptive security tooling to container users. The Illumio Adaptive Security Platform brings security controls and monitoring into the development process, to be managed as part of the software development life cycle. Alan Cohen, chief commercial officer of Illumio, said that his company’s platform … continue reading
Microsoft announced several new products that cover containers, security and Internet of Things. Those products, announced at AzureCon, will be applicable to Microsoft’s Azure product line. “We live in a connected world, and the intelligent cloud is powering it all,” said Scott Guthrie, executive vice president of Microsoft’s Cloud and Enterprise Division. “As data and … continue reading
Man-in-the-middle attacks are nothing new. But when that man-in-the-middle attack includes cookie injections, things get messy. Security researcher Xiaofeng Zheng published a PDF describing the methods used to make such an attack work in August. In the PDF, Zheng detailed the lack of security around cookies. “The same-origin policy is a corner stone of Web … continue reading
Apple has removed a bevy of malicious applications from its iTunes App Store today. While there is no official word on how many applications were removed, according to Reuters, Chinese security firm Qihoo 360 Technology wrote on its blog that it has detected 344 tainted apps in the App Store. These apps were all infected … continue reading
Continuing its commitment to cloud security, Microsoft today announced it has acquired Adallom, which specializes in identity and access management. According to a Microsoft blog post by Takeshi Numoto, Microsoft corporate vice president of cloud and enterprise marketing, Adallom provides a cloud access security broker that gives visibility and control over access to data. (Related: … continue reading
A couple of years ago, loyal readers of this column will remember I wrote of getting into a crash with a wrong-way driver. That kicked off a column about information sharing and data management, where I posited what a wonderful world it would be if as soon as the crash occurred, the police, my body … continue reading
Ask any business leader if they’re OK relaxing their mobile security standards and they’ll quickly tell you it’s not an option. But as mobile apps transition from standalone experiences to integral parts of an overall physical/digital ecosystem, securing them becomes more complex and more dynamic—a job well beyond the duties of mobile app developers. Mobile … continue reading
Researchers from Georgia Tech have discovered an emerging class of C++ bugs, and Facebook has awarded them US$100,000 for their efforts. The bugs are rooted in a new method for identifying “bad casting” vulnerabilities in C++ programs casted dynamically or statically at runtime. The researchers, who presented their findings at the USENIX Security ’15 conference, … continue reading
Researchers from IBM’s X-Fore Application Security team have discovered a new serialization vulnerability that affect more than 55% of Android phones. According to the researchers, the vulnerability could allow attacks to perform arbitrary code execution and gain access to a user’s device. The vulnerability is nestled within the Android platform, and it affects Android Jelly … continue reading
Your teams have taken a lot of time to ensure your super secret systems are super secret, right? Thanks to Black Hat 2015, all that work to prove a system is secure and reliable is going to have to be redone. Christopher Domas, security researcher at the Battelle Memorial Institute, metaphorically dropped the mic and … continue reading
Microsoft has released an early look at its open-source Windows 10 Bridge for iOS. Previously known as “Project Islandwood,” the bridge allows iOS developers to build and run apps on Windows. The version currently available to the open-source community is a work in progress, and Microsoft is encouraging feedback and code contributions before the final … continue reading
