In its 2015 report, the Open Web Application Security Project (OWASP) identified SQL injection and cross-site scripting among its Top 10 software vulnerabilities. Again. If it feels as if you’ve been reading this same story for the last decade, it’s because you have. So why is it that we can build intelligent robots, fling unmanned … continue reading
BlackBerry does not want to be forgotten. Although the company may have fallen off most mobile phone users’ radars, the company is trying to make sure it stays relevant in today’s mobile world. The company announced it has launched a new initiative to help improve the security of mobile and Internet of Things (IoT) devices. … continue reading
Google recently released a report that provides insight into the Android’s security, revealing that it was able to cut the overall rate of potentially harmful application installs by 50% in 2014. “That’s why we built Android the way we did—with multiple layers of security in the platform itself and in the services Google provides,” wrote … continue reading
Security researches have exposed a software vulnerability in Dropbox’s SDK for Android. The bug could allow hackers to connect apps from a mobile device to their own Dropbox account without a user knowing. The vulnerability, which was discovered by IBM’s X-Force application research team, impacts Dropbox SDK versions 1.5.4 through 1.6.1. “The response from Dropbox … continue reading
Security researchers have revealed a new software vulnerability that is leaving Apple and Google users open to a hack attack. The vulnerability, Factoring RSA export keys (also known as the FREAK attack), was found in SSL/TLS—the protocol meant to provide secure Web connections. According to the miTLS team, composed of Inria (a research organization in … continue reading
At the IBM InterConnect conference in Las Vegas this week, IBM announced modular mobile solutions, a new hybrid cloud initiative, enterprise and developer cloud services, and IBM Enterprise Containers. IBM laid out plans to develop half a dozen native, HTML5 or hybrid-optimized apps on the IBM MobileFirst platform to build and deploy mobile apps, or … continue reading
Despite the efforts to defend against software vulnerabilities, businesses are still being compromised through known security issues. HP Security Research just released its 2015 Cyber Risk Report, which revealed a majority of bugs exploited in 2014 took advantage of code written years ago, and 44% of known breaches came from vulnerabilities that are two to … continue reading
Google has announced the release of its Cloud Security Scanner into beta. The new tool is designed to help developers scan for two common vulnerabilities: cross-site scripting and mixed content. According to the company, there was a need for the scanner because other security scanners are often hard to set up, not well suited for … continue reading
Google wants to remind developers that they have until April 20 to migrate to newer Google Data APIs. The ClientLogin shutdown date is scheduled for that date, and all apps that rely on it will stop working. The company recommended developers switch to OAuth 2.0 to minimize user disruption. “Password-only authentication has several well-known shortcomings, … continue reading
A new report from Alcatel-Lucent’s Motive Security Labs has revealed that 16 million mobile devices infected with malicious software. “The simple fact is mobile consumers don’t take the necessary security precautions to protect their devices, and even when they do, malware can easily evade detection by device security-based anti-virus,” wrote Kevin McNamee, director of Motive … continue reading
Developers can get their hands on the first build of Windows 10 Technical Preview for phones. Microsoft has announced the first build is available for Windows Insiders. “This is the earliest publicly available preview we’ve ever done for Windows on phones,” wrote Gabe Aul, engineering general manager at Microsoft, on the company’s blog. “This preview … continue reading
Facebook is trying to combat the threat of malware and security through collaboration. The company just announced ThreatExchange, an API-based platform designed for organizations to share security threat information. The idea for ThreatExchange manifested about a year ago through a discussion about a botnet causing a malware attack across a group of technology companies’ services. … continue reading
