Security News
Infosec bods from Check Point have discovered that popular apps are still running outdated versions of Google's Play Core library for Android - versions that contained a remote file inclusion vulnerability. They found that the Play Core Library, an in-app update and streamlining feature offered to Android devs, could be abused to "Add executable modules to any apps using the library".
Starting January 2021, developers of Chrome extensions will have to certify their data use and privacy practices and provide information about the data collected by the extension(s), "In clear and easy to understand language," in the extension's detail page in the Chrome Web Store. "You'll need to provide information about your app's privacy practices, including the practices of third-party partners whose code you integrate into your app, in App Store Connect," Apple told app developers.
Mobile app developers accused by Facebook of deploying "Malicious" SDKs to scrape users' data from the social network have hit back, telling London's High Court that nearly all their apps were "Not capable" of harvesting data from Facebook itself. Haltas has now hit back, claiming that all but three of his apps couldn't possibly scrape data from Facebook because they didn't use the Login with Facebook feature.
Through most of 2020 bans on Chinese apps have meant geopolitical strife, but China yesterday revealed it has started banning some of its own apps. A ban on 34 apps was among the nuggets of news revealed, with their banishment from local app stores the result of a departmental trawl of 320,000 apps offered in local download-marts.
Speaking at the 2020 Disclosure conference, Jones outlined how the trust many developers put in their software stacks and shared code, paired with a disturbing lack of online savvy, can make them easy pickings for hackers. "Systems are generally hardened - they have patches, they have firewalls, they have monitoring," Jones explained, "But [some] developers will run literally any bullshit they find on Stack Overflow. They keep credentials lying about, they're obviously going to have the source code and some production data sitting on their hardware as well."
At this week's Build virtual event, Microsoft announced new Identity and Azure features meant to improve security for both application developers and enterprise customers. This week, Microsoft announced two new additions to Azure Security Center: the availability of Azure Secure Score API to customers, and the public availability of suppression rules for Azure Security Center alerts, which are meant to reduce alerts fatigue.
One of the internet's most popular free operating systems allowed attackers to bypass its authentication controls.
It shut down that access in April 2018, or at least thought it did. At least 11 improperly accessed data in the last two months.
Well, their version of it won't, they claim Chrome devs have had a little rant about "misinformation", repeating that DNS-over-HTTPS (DoH) won't yet be introduced by default in upcoming builds of...
You'll have to tag those for cross-site use from February Google is asking developers to get ready for more secure cookie settings to be implemented in Chrome 80 that is planned for release in...