Security News

Mobile app developers accused by Facebook of deploying "Malicious" SDKs to scrape users' data from the social network have hit back, telling London's High Court that nearly all their apps were "Not capable" of harvesting data from Facebook itself. Haltas has now hit back, claiming that all but three of his apps couldn't possibly scrape data from Facebook because they didn't use the Login with Facebook feature.

Through most of 2020 bans on Chinese apps have meant geopolitical strife, but China yesterday revealed it has started banning some of its own apps. A ban on 34 apps was among the nuggets of news revealed, with their banishment from local app stores the result of a departmental trawl of 320,000 apps offered in local download-marts.

Speaking at the 2020 Disclosure conference, Jones outlined how the trust many developers put in their software stacks and shared code, paired with a disturbing lack of online savvy, can make them easy pickings for hackers. "Systems are generally hardened - they have patches, they have firewalls, they have monitoring," Jones explained, "But [some] developers will run literally any bullshit they find on Stack Overflow. They keep credentials lying about, they're obviously going to have the source code and some production data sitting on their hardware as well."

At this week's Build virtual event, Microsoft announced new Identity and Azure features meant to improve security for both application developers and enterprise customers. This week, Microsoft announced two new additions to Azure Security Center: the availability of Azure Secure Score API to customers, and the public availability of suppression rules for Azure Security Center alerts, which are meant to reduce alerts fatigue.

One of the internet's most popular free operating systems allowed attackers to bypass its authentication controls.

It shut down that access in April 2018, or at least thought it did. At least 11 improperly accessed data in the last two months.

Well, their version of it won't, they claim Chrome devs have had a little rant about "misinformation", repeating that DNS-over-HTTPS (DoH) won't yet be introduced by default in upcoming builds of...

You'll have to tag those for cross-site use from February Google is asking developers to get ready for more secure cookie settings to be implemented in Chrome 80 that is planned for release in...

Except one – a 'your phone is now my phone' bug reported months ago and still not fixed Google this week emitted the September edition of its monthly Android security updates – and has left at...

Developer account cracked due to credential reuse, source tampered with and released to hundreds of programmers An old version of a Ruby software package called rest-client that was modified and...