Category Archives: Uncategorized

Google pushed developers to fix security flaws in 275,000 Android apps

Over the past two years, Google has pressured developers to patch security issues in more than 275,000 Android apps hosted on its official app store. In many cases this was done under the threat of blocking future updates to the insecure apps.

Since 2014, Google has been scanning apps published on Google Play for known vulnerabilities as part of its App Security Improvement (ASI) program. Whenever a known security issue is found in an application, the developer receives an alert via email and through the Google Play Developer Console.

When it started, the program only scanned apps for embedded Amazon Web Services (AWS) credentials, which was a common problem at the time. The exposure of AWS credentials can lead to serious compromises of the cloud servers used by apps to store user data and content.

To read this article in full or to leave a comment, please click here


Source: Infoworld.com | Security

Google Cloud Platform finally offers key management service

Google is finally giving administrators the ability to manage their encryption keys in Google Cloud Platform (GCP) with its Cloud Key Management Service (KMS). Google is the last of the three major cloud providers to provide the key management service, as Amazon and Microsoft already have similar offerings.

The Cloud KMS, currently in beta, helps administrators manage the encryption keys for their organization without having to maintain an on-premise key management system or deploy hardware security modules. With Cloud KMS, administrators can manage all the organization’s encryption keys, not only the ones used to protect data in GCP.

Administrators can create, use, rotate, and destroy AES-256 symmetric encryption keys via the Cloud KMS API. Multiple versions of a key can be active at any time for decryption, but only one primary key version can be used for encrypting new data. The rotation schedule can be defined to automatically generate a new key version at fixed time intervals. There’s also a built-in 24-hour delay when trying to destroy keys to prevent accidental or malicious loss. Cloud KMS integrates with GCP’s Cloud Identity Access Management and Cloud Audit Logging services so that administrators can manage permissions for individual keys and monitor usage.

To read this article in full or to leave a comment, please click here


Source: Infoworld.com | Security

IDG Contributor Network: What is behind far too many security leaks? Laziness

When the PCI Security Council last month rolled out new, and quite useful, scoping/segmentation guidelines for retailers, the council’s CTO made an interesting comment.

“For years, we have preached the need to simplify and minimize the footprint of cardholder data,” said Troy Leach in a statement. “One way to accomplish this is through good segmentation. It allows an organization to focus their attention on a limited number of assets and more readily address security issues as they arise. As a result, it should also reduce the level of effort to comply with PCI DSS.”

To read this article in full or to leave a comment, please click here


Source: Computerworld.com | Security

How to set up your Android phone for ultimate privacy

It’s not an exaggeration to say that your smartphone is the most personal device you have. The fact it’s always with you, however, sure does generate a lot of information about your habits.

Your location history, Google searches, web browsing habits, app usage, and even recordings of your voice talking to the Google Assistant.

Yes, your phone and the Google services powering it are incredibly useful in many tangible ways. And if you use a strong password and two-factor authentication, your information is likely safer on Google’s servers than just about anywhere else.

To read this article in full or to leave a comment, please click here


Source: Infoworld.com | Security

How much is a data breach going to cost you?

It is going to cost yaImage by ThinkstockA recent IBM study found that the average cost of a data breach has hit $4 million—up from $3.8 million in 2015. There are countless factors that could affect the cost of a data breach in your organization, and it’s virtually impossible to predict the exact cost. You might be able to estimate a range with the help of a data breach calculator, but no single tool is perfect.To read this article in full or to leave a comment, please click here
Source: Computerworld.com | Security

The CSO guide to top security conferences

There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts.To read this article in full or to leave a comment, please click here(Insider Story)
Source: Computerworld.com | Security

Adobe Acrobat Reader DC security update installs Chrome spyware

The latest version of the venerable (and oh-so-holey) PDF viewing routine, Acrobat Reader DC 15.023.20053, released this week, looks for information about your Google Chrome surfing habits. Without your knowledge or consent, the security patch installs a Chrome browser extension that’s spyware, pure and simple.

The situation’s a little more complex, but for most people using Adobe Acrobat Reader, Chrome spyware comes along for the ride.

If you haven’t looked at the Adobe Acrobat Reader lately — I haven’t used it in years, due to security concerns — this latest privacy twist warrants your attention. Unfortunately, there are three distinct versions of Acrobat Reader making the rounds, and this spyware “feature” affects only one of them.

To read this article in full or to leave a comment, please click here


Source: Infoworld.com | Security