Apple iPhone app | Breaking Cybersecurity News | The Hacker News

Security researchers have illustrated a new app-in-the-middle attack that could allow a malicious app installed on your iOS device to steal sensitive information from other apps by exploiting certain implementations of Custom URL Scheme . By default on Apple's iOS operating system, every app runs inside a sandbox of its own, which prevent all apps installed on the same device from accessing each other's data. However, Apple offers some methods that facilitate sending and receiving very limited data between applications. One such mechanism is called URL Scheme, also known as Deep Linking, that allows developers to let users launch their apps through URLs, like facetime:// , whatsapp:// , fb-messenger:// . For example, when you click "Sign in with Facebook" within an e-commerce app, it directly launches the Facebook app installed on your device and automatically process the authentication. In the background, that e-commerce app actually triggers the URL Sch

China has long been known for its strict censorship which makes it difficult for foreign technology companies to do business in the world's most populous country of over 1.35 billion people. Now, the new law issued by the Chinese government will expand its strict Internet monitoring efforts into mobile apps, targeting operators including Apple. However, Google currently doesn't operate its app store in China. The Cyberspace Administration of China (CAC) has imposed new regulation on distributors of mobile apps that requires both app stores and app developers keep a close eye on users and maintain a record of their activities for at least 60 days . The Chinese internet regulator has introduced the new legislation with the intent to fight issues like terrorism, pornography, violence, money fraud and distribution of malicious contents. However, this new move by the Chinese government will tighten its control over the Internet, especially the mobile apps used for private encry

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

An open source software group, Open Whisper Systems , has announced the release of Signal 2.0 — the second version of its free and open source messaging application for iPhone and iPad users. Signal  app is specifically designed to make secure and easy-to-use encrypted voice calling. But that's what the application was providing in its previous release introduced last July with  Signal 1.0 . Apple's iMessage also provides encrypted communication, but it was challenged by security researchers in 2013, revealing that  Apple controls the key infrastructure  and could, in turn, be compelled to change a key anytime they want, and read the content of your messages. But there was no way to send secure messages from an iPhone iMessage to an Android phone, or vice versa, unless you signed up for a monthly subscription plan and got the person you wanted to communicate with to sign up for it too. GAME CHANGER: SIGNAL 2.0 Signal 2.0 lets you send end-to-end encrypted messages to us