A week in security (September 9 – 15)

Credit to Author: Malwarebytes Labs| Date: Mon, 16 Sep 2019 15:35:21 +0000

A roundup of the security news from September 9–15, including locking down AWS, mobile malware, phishing threats, and more.

Categories:

Tags:

(Read more…)

The post A week in security (September 9 – 15) appeared first on Malwarebytes Labs.

Read more

How to take full advantage of Android 10's privacy-reclaiming powers

Credit to Author: JR Raphael| Date: Tue, 10 Sep 2019 08:23:00 -0700

Well, gang, it’s here. In case you’ve been hibernating over the past week (or maybe just, ahem, on an unfortunately timed week off), Google brought Android 10 into this wacky ol’ world of ours this past Tuesday.

There’s really only so much to say about the Android 10 basics at this point — because, quite frankly, it’s the same software we’ve seen evolving in plain view over the past several months.

Yes, Android 10 has new gestures for getting around your phone. Yes, it has a new system-wide switch for making the entire operating system dark. And yes, it has a nifty new Focus Mode for limiting distractions on an app-by-app basis.

To read this article in full, please click here

Read more

Why Apple’s little ‘Find My’ Tile competitor is big news

Credit to Author: Jonny Evans| Date: Thu, 05 Sep 2019 04:42:00 -0700

Read more

3 Google privacy tips for Mac and iOS users

Credit to Author: Jonny Evans| Date: Thu, 15 Aug 2019 04:15:00 -0700

Alternative search engines such as DuckDuckGo are attracting growing numbers of privacy focused users, but there’s no doubt that Google dominates the industry, even on Apple products. Fortunately, there are several ways to make your Google activity more private.

Do you have a Google account? (You probably do)

Do you use Gmail? Did you one use Google +? Perhaps you employ Google Drive, Google Docs or any of the company’s other products. If so, you have a Google account.

To read this article in full, please click here

Read more

Why blockchain-based voting could threaten democracy

Credit to Author: Lucas Mearian| Date: Mon, 12 Aug 2019 03:00:00 -0700

Public tests of blockchain-based mobile voting are growing.

Even as there’s been an uptick in pilot projects, security experts warn that blockchain-based mobile voting technology is innately insecure and potentially a danger to democracy through “wholesale fraud” or “manipulation tactics.”

The topic of election security has been in the spotlight recently after Congress held classified briefings on U.S. cyber infrastructure to identify and defend against threats to the election system, especially after Russian interference was uncovered in the 2016 Presidential election.

To read this article in full, please click here

Read more

Apple announces a new iPhone (and you can’t have it)

Credit to Author: Jonny Evans| Date: Fri, 09 Aug 2019 06:55:00 -0700

Apple has announced a new iPhone for 2020, but it will only be made available to a select group of security researchers – along with huge bounties to anyone informing the company of a new OS vulnerability.

Probably the world’s most exclusive iPhone

Ivan Krstić, Apple’s head of security engineering provided big insights into Apple’s platform security during his presentation at Black Hat U.S. 2019.

To read this article in full, please click here

Read more

Many VPN apps on Apple’s App store can’t be trusted, researcher warns

Credit to Author: Jonny Evans| Date: Thu, 08 Aug 2019 05:50:00 -0700

I’m told Apple is at last looking into the privacy and security of free VPN apps made available across its platforms, following a report from researcher, Simon Migliano.

Who owns your VPN service?

The researcher has flagged up several concerns that really should be recognized by anyone choosing a VPN service from both the Apple and Google App Stores:

  • Ownership: Migliano claims that almost 60 percent of the most popular VPN apps are actually owned (sometimes opaquely) by Chinese companies.
  • Privacy: The researcher also found that as many as 77% of these VPN apps may have what he calls “serious privacy flaws”,including no privacy policy at all, generic policies with no mention of VPN or no detailed logging policy.
  • Data protection: Migliano claims Apple is not enforcing its third-party data-sharing ban against VPN apps, with 80 percent of the top free VPN apps “in breach of the rules”, he said. Many are sharing data with third parties, he claims.

That last allegation is particularly concerning.

To read this article in full, please click here

Read more

Almost half of tested free Android antivirus apps fail. That might prove very useful to IT.

Credit to Author: Evan Schuman| Date: Thu, 08 Aug 2019 03:00:00 -0700

One of the problems with enterprise mobile BYOD efforts is that corporate apps — and lots of corporate data, including sensitive intellectual property — must coexist on the same device with whatever employees choose to download on the personal side. That’s far from ideal, but even worse is if employees choose to download a second antivirus program. Unlike doubling up on most apps (two VPNs, two word processors, two email programs, etc.), antivirus programs often conflict and fight each other, generating false positives and other bad results.

Unlike two deadbolts on a door, doubling up on security not only doesn’t work with antivirus, it can actually sharply weaken security. This all assumes that both antivirus programs are professional, effective and well-intentioned. But that’s often not the case. There are quite a few free antivirus programs out there, and they are disproportionately the ones employees opt to download. After all, if the company has already installed a high-level antivirus on the phone, why would an employee pay to install a second? But a free antivirus program is much more tempting.

To read this article in full, please click here

Read more

Slack beefs up mobile security controls for Enterprise Grid

Credit to Author: Matthew Finnegan| Date: Tue, 06 Aug 2019 08:00:00 -0700

Slack today unveiled new security capabilities for Enterprise Grid customers, including tighter controls for admins who oversee mobile device access.

Enterprise Grid was launched in 2017 for Slack’s biggest customers, with additional features to support large-scale deployments. Among the 150 organizations now using Enterprise Grid are Capital One, IBM and Target. 

Slack has continued to build out security and compliance features for the software since its introduction, including the addition of enterprise key management last September.  

To read this article in full, please click here

Read more

Apple suspends Siri snooping (and promises more control for the rest of us)

Credit to Author: Jonny Evans| Date: Fri, 02 Aug 2019 04:27:00 -0700

Read more

Mobile Menace Monday: Dark Android Q rises

Credit to Author: Gleb Malygin| Date: Mon, 29 Jul 2019 17:55:12 +0000

The Android Q operating system is being developed with privacy and security in mind. We take a look at both, examining new features intended for giving users better control of their devices and data.

Categories:

Tags:

(Read more…)

The post Mobile Menace Monday: Dark Android Q rises appeared first on Malwarebytes Labs.

Read more