Security News

A full 70 percent of applications being used today have at least one security flaw stemming from the use of an open-source library. Most JavaScript applications contain hundreds of open-source libraries - some have more than 1,000 different libraries.

If you use the Nextcloud mobile app, you'll want to password protect it to ensure you don't leave your sensitive data open for anyone to see. Given that I have the mobile app on my Google Pixel 4 linked to my on-site Nextcloud server, I thought it would behoove me to give that app an added layer of protection.

According to the Verizon Mobile Security Index 2020, 43% of organizations said they knowingly cut corners on mobile security in 2019 to "Get the job done." And that was before the global pandemic. This will be a struggle for many organizations unless they have mobile security professionals embedded in their development teams, and as I mentioned earlier, mobile security professionals are in short supply.

Zimperium, the global leader in mobile security, announced a strategic partnership with ZecOps, the leading agentless automated Digital Forensics and Incident Response provider, enhancing Zimperium's offering with ZecOps' advanced mobile forensics capabilities. "Through our partnership with ZecOps, Zimperium is now the only company that can provide companies and government agencies with on-device, machine learning-based threat detection and automated digital-rich forensics for incident response efforts."

PDI, a global provider of enterprise resource planning, fuel pricing, supply chain logistics, and loyalty solutions for the convenience retail and petroleum wholesale industries, announced it is adding a new employee self-service mobile app to its PDI Enterprise Workforce software. PDI Employee Self-Service provides c-store employees real-time access to accurate shift coverage, schedule transparency and pay stub information.

Any developer currently using image importers or other image handling libraries should read this document to see how to use the Image I/O framework instead. In other words, instead of laboriously adding support for dozens of different image formats to your app by writing code for each new filetype one-by-one, you can just use ImageIO functions and let the operating system take care of figuring out what image type it is, whether it's supported, and how to read it in. You don't need to worry, or even care, whether it's JPEG, GIF, PNG, BMP, TIFF or even a file format you've never heard off such as KTX. So the drawcard here for a security researcher is the juxtaposition of the word fuzzing, which means going all-out to find weirdly-corrupted files that reveal bugs in the underlying code, and the word ImageIO, which refers to the core code that gets triggered pretty much any time any iPhone app encounters an image file.

Although the use of applications has steadily increased, the difference in the ways that web and mobile applications are protected is not widely understood. Many companies that have been using security tools for their web application may feel that moving these security tools to mobile may be difficult, but it isn't.

Guardsquare, the mobile application security platform, announced the launch of ThreatCast, a cloud-based mobile application threat intelligence expansion to its platform. ThreatCast delivers a single dashboard interface to threat intelligence from Guardsquare's cutting-edge products for layered mobile app security-DexGuard for Android and iXGuard for iOS. With a multi-layered approach to application protection and a mobile security console, ThreatCast provides all the tools needed to assess threats in real time and the intelligence to protect mobile applications against suspicious activities and malicious users.

Cybereason Mobile MDR gives enterprises a managed solution that will detect and prevent suspicious activity on mobile devices, while through Cybereason Mobile it provides access to a team of iOS and Android analysts, 24x7x365, for efficient discovery, triaging and mitigation of mobile incidents. "Cybereason Mobile," Cybereason's Maor Franco told SecurityWeek, "Can be configured to enforce preventative actions when a new threat is identified to stop the spread of malware across the enterprise, using mobile as a way into the network. In this case, mobile is even riskier. The attacker doesn't require a back door in the network when using the infected mobile device to enter through the front door."

The DHS is partnering with BlueRISC Inc to develop Cloud-based Root-of-Trust technology to keep agency email separate and secure on corporate-owned, personally enabled devices, even when the user operates personal email from the same device. "The EPRIVO Enterprise 2.0 email system ensures the confidentiality of email in transit, in cloud storage at an email service provider, and when stored on the mobile device, providing both physical and cryptographically based protections," said Kris Carver, BlueRISC Technical Director.