Thousands of Android apps leak hard-coded secrets
Thousands of Android apps have hard-coded secrets which means that a malicious actor -- and not necessarily a very skilled one -- could gain access to API keys, Google Storage buckets and unprotected databases and more.
Research from Cybernews shows that over half of 30,000 investigated apps are leaking secrets that could have huge repercussions for both app developers and their customers.
Enterprises increase their SaaS usage but neglect security risks
A new study of SaaS usage among enterprises across the US, UK and Europe shows 74 percent report more than half of their applications are now SaaS-based, and 66 percent are spending more on SaaS applications today than a year ago.
The study by cybersecurity asset management company Axonius shows the increase in SaaS applications has resulted in more complexity and increased security risk in 66 percent of organizations, but 60 percent rank SaaS security fourth or lower on their list of current security priorities, and only 34 percent say they're worried about the costs associated with rising SaaS-based app usage.
Microsoft launches new resource site for Java developers
Whether you're currently a Java developer, someone looking to get started, or if you sit somewhere in the middle and you're looking to up your coding game, Microsoft has a new resource site for you to check out.
Described as a one-stop shop for Java developers, the site includes beginner guides to getting started in Java coding. The site also features information about deploying and scaling Java apps, and has tips and more to help developers code productively.
How decentralized storage can help prevent data breaches [Q&A]
According to a recent IBM report the average cost of a data breach is now $4.35 million. If enterprises don't take steps to protect personal data effectively they risk losing not just money but also the trust of their customers.
We spoke to Saswata Basu, founder and CEO of 0Chain, to discuss how decentralized storage can help to address the problem.
Ex director of UX at Microsoft is 'shocked' at the confusing Start menu experience in Windows 11
There is a lot to like, even love, about Windows 11, but there are also plenty of things which are very divisive. Wading into the debate about the direction in which Microsoft has taken its operating system is Jensen Harris, former Director of User Experience at the company, who takes aim at the Start menu and what he describes as a "confusing" experience.
In a series of tweets, Harris lambasts Microsoft for including banner ads in the Start menu, for placing obstacles in the way of completing simple tasks, and makes various complaints about design choices. It makes for extremely interesting reading.
Satechi USB-C Mobile Pro Hub SD will turn your Apple iPad into a proper desktop PC
Apple's iPad is a tablet, yes, but when you add a keyboard case, it magically becomes a laptop. But did you know the new M1-powered iPad tablets with USB-C can also serve as a legit desktop? It is true! By plugging in a USB-hub, you can connect a keyboard, mouse, monitor, and/or external storage. The desktop capabilities of Apple's M1 tablets will greatly improve with the upcoming iPadOS 16 too.
Today, Satechi launches the "USB-C Mobile Pro Hub SD," which is primarily designed for M1 iPad devices such as iPad Pro and iPad Air 5. The hub plugs into the bottom of the tablet and offers HDMI (4K compatible), USB-A (up to 5Gbps), 3.5mm audio, SD card reader, and microSD carder. It even offers USB-C power delivery (up to 60W) so you can charge the iPad while the hub is in use. There is only a single USB-A port, however, so you will need to use a wireless mouse and/or keyboard -- both cannot be wired.
Logitech G502 X gaming mouse now available for pre-order
Logitech's G502 gaming mouse is iconic and popular, and now, the company is refreshing it with a special "X" moniker. The Logitech "G502 X," as it is called, can be pre-ordered immediately, and there are three variants from which to choose -- wired, wireless, and plus.
The wired version, as you can guess, connects to your PC using a USB cable. While some consumers will consider a wired mouse to be inferior, I actually prefer it -- there is no battery to recharge. Both the wireless and plus models connect without a cable thanks to the included LIGHTSPEED USB-A dongle. They both charge over USB-C, but only the plus variant has RGB lighting.
WinZip 27 offers two new tools for sending files securely and cleaning duplicates
Corel has unveiled WinZip 27, a major new version of its flagship compression tool for Windows. Its headline changes are the addition of two new standalone tools in the form of a duplicate file cleaner and tool to facilitate the quick and secure sharing of zip files online.
The first new addition to all three editions of WinZip -- including the entry-level Standard version -- is WinZip SafeShare. This standalone tool is designed to make it easy to zip up, encrypt and share files securely with others via a three-step wizard.
Enterprises are storing more data than ever
According to a new study more than 50 percent of enterprises are managing 5PB or more of data, compared with less than 40 percent that were doing so in the same survey last year.
The 2022 Unstructured Data Management Report from Komprise also shows most are now spending more than 30 percent of their IT budget on storage and backups.
IBM and VMware help businesses modernize hybrid cloud workloads
IBM and VMware are using this week's VMware Explore event to announce an expanded partnership to help clients and partners modernize mission-critical workloads and speed up time to value in hybrid cloud environments.
The two companies are also planning to help clients in regulated industries such as financial services, healthcare and the public sector address the cost, complexity and risk of migrating and modernizing mission-critical workloads in the cloud.
Google launches new Open Source Software Vulnerability Rewards Program (OSS VRP)
Google is not alone in offering so-called bug bounty programs which give financial incentives to contributors to track down vulnerabilities and security issues in its software. Now the company has launched a new initiative called the Open Source Software Vulnerability Rewards Program (OSS VRP).
As the name suggests, this new program focuses on Google's open source projects. The company is offering rewards of between $100 and $31,337, depending on the severity of the vulnerability.
Ransomware: Recovering after an attack
Ransomware attacks have existed for decades and their perpetrators keep advancing in their abilities. By evading detection, encrypting user files, and coercing unsuspecting victims into paying ransoms, ransomware attackers have threatened the survival of many businesses. The first half of 2022 recorded a total of 236.1 million ransomware attacks across the globe.
The most popular types of ransomware attacks are crypto and locker ransomware. The crypto ransomware encrypts a user's data making it inaccessible until the individual pays the ransom, usually in bitcoin. On the other hand, locker ransomware works by blocking the user's access to the computer system and will not give access until an amount is paid. Despite the security measures businesses put in place, ransomware threats are still on the increase which is why businesses must have a ransomware recovery plan to minimize catastrophic effects.
Different ways of building corporate systems based on the zero trust architecture
The corporate infrastructure of US government agencies will soon be transferred to a new network security model called Zero Trust Architecture (ZTA). Last year, U.S. President Joe Biden released an Executive Order on Improving the Nation's Cybersecurity. Later, on January 26, 2022, the Federal Government released a Federal Zero Trust Architecture (ZTA) strategy memorandum that sets the rules for the construction of a new IT infrastructure for government agencies and organizations in accordance with the ZTA strategy.
In this article, I want to look at the fundamental changes that the new paradigm brings, replacing the secure perimeter model, which has so far been the base for the construction of corporate IT systems.
Facial recognition -- the good, the bad and the getting older
Your friends may not be willing to tell you that you're looking older, but facial recognition systems have no such reservations.
Face-recognition algorithms might struggle to identify you as the same person after just five years, according to the New Scientist.
Twilio hack led to compromise of 2FA app Authy
Earlier this month, messaging service Twilio suffered a serious data breach following a "sophisticated social engineering attack". After using phishing attacks on company employees, hackers were able to access user data, but it seems that the impact of the hack was more widespread.
Twilio has now revealed that the attackers also compromised the accounts of some users of Authy, its two-factor authentication (2FA) app. Although the number of users affected by the breach is relatively small, the implications are very serious and will dent confidence in the company.
Most Commented Stories
© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.