Loading...

Week In Review – What Happened In Mobile Advertising This Week

Loading...

Here’s an overview of some of last week’s most interesting news and articles:

Fooling security tools into believing malicious code was signed by Apple

Loading...

Security, incident response, and forensics processes and personnel use code signing to weed out trusted code from untrusted code. To undermine a code signing implementation for a major OS would break a core security construct that many depend on for day to day security operations.

Patch management is not just IT’s responsibility, get your whole team on board

Patching is everyone’s responsibility whether they realize it or not. A successful patch program includes executive buy-in (not exceptions) and involves partnering with the business.

Vulnerability in GnuPG allowed digital signature spoofing for decades

A vulnerability affecting GnuPG has made some of the widely used email encryption software vulnerable to digital signature spoofing for many years. The list of affected programs includes Enigmail and GPGTools.

Overview: Microsoft June 2018 Patch Tuesday

The June 2018 updates fix 50 vulnerabilities, 12 of which are critical.

Zero Trust Security: Never trust, always verify

Zero Trust Security assumes that untrusted actors already exist both inside and outside the network. Trust must therefore be entirely removed from the equation. In this podcast, Barry Scott, CTO, EMEA at Centrify, talks about how you can secure every user’s access to apps, endpoints and infrastructure through single sign-on, multi-factor authentication and privileged access security.

Apple prohibits developers from using, selling users’ Contacts

According to new rules recently published by Apple, iOS app developers must refrain from creating a database of the information gleaned from users’ Contacts and to sell it on.

Google removes inline installation option for Chrome extensions

Google is shutting down an often used vector for delivering malicious Chrome extensions to users by removing the inline installation option.

How third-party risk affects your GDPR compliance

In this podcast, Darron Gibbard, Chief Technical Security Officer EMEA at Qualys, discusses third-party risk and how it affects the GDPR compliance of your organization.

Securing microservices and containers: A DevOps how-to guide

There is a simple reason for developers adopting the cloud and cloud-native application architectures. These “tools and methods” allow developers to accelerate innovation and feature delivery in the service of meeting business demands and keeping their enterprise competitive. While these tools and methods make noticeable improvements for DevOps teams, their new operational model creates security concerns and headaches for security practitioners.

New trends advance user privacy

Privacy and security online are one of the top concerns of Americans, especially after numerous massive data breaches (Equifax, Yahoo, Uber) that happened in the past couple of years.

French company fined 250,000 euros for a data leak

CNIL, the French data protection authority, has decided to impose a 250,000 euro fine on Optical Center, a French company selling eye and hearing aids, because it failed to secure the data of customers that ordered products via its website.

Researcher hacks smart fingerprint padlock in mere seconds

The Tapplock one “smart” padlock, which received many rave reviews by tech-focused news sites and YouTubers, can be forced to open in under two seconds with a smartphone.

Don’t start the blockchain revolution without making security a top priority

McAfee released a report detailing the numerous cybersecurity risks associated with blockchain-based cryptocurrencies, and asserts the necessity of making cybersecurity a top priority as industry builds out the foundations for the widespread implementation of blockchain technologies.

Dixons Carphone breach: Personal and payment card info compromised

Dixons Carphone, the multinational electrical and telecommunications retailer that holds over 2,000 stores across the UK, Ireland and mainland Europe, has suffered a security breach.

Has paying the ransom become business as usual?

Radware released its 2018 Executive Application and Network Security Report. For the first time in the survey’s five-year history, a majority of executives (53%) reported paying a hacker’s ransom following a cyber attack.

US repeals net neutrality rules, what happens now?

Net neutrality rules have been officially repealed in the US last Monday, as the Restoring Internet Freedom Order by the Federal Communications Commission went into effect.

VMware plugs RCE hole in remote management agent

VMware has fixed a critical remote code execution vulnerability in VMware AirWatch Agent for Android and Windows Mobile, and is urging users to upgrade to the newest versions of the software (8.2 and 6.5.2, respectively). The iOS version is not affected.

How employee behavior impacts cybersecurity effectiveness

Whether accidental or intentional, an employee’s online activities can make or break a company’s cybersecurity strategy.

New infosec products of the week​: June 15, 2018

A rundown of infosec products released last week.


Trending Hairstyles

Source : https://www.helpnetsecurity.com/2018/06/17/week-in-review-digital-signature-spoofing-securing-microservices/

Week in review: Digital signature spoofing, securing microservices
Think the hog farm next door stinks? Lawmakers limit neighbors from making a big stink in court.
The Cybersecurity 202: Trump associates may need a lesson on how to use their encrypted apps
Google Is in Europe’s Cross Hairs Again: DealBook Briefing
Rihanna calls out Snapchat for controversial game: 'You let us down!'
Frayed Connections in Orford: Physical Altercation at Meeting Raises Questions of Civility
OMG! This Stuff Really Happened in 2011
This Man Was Supposed To Become Steve Jobs 2.0 — Here’s What Happened Instead
Google met with the UK government to explain why ads keep appearing next to extremist YouTube videos — here's what happened
Google met with the UK government to explain why ads keep appearing next to extremist YouTube videos — here's what happened