#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

app developers | Breaking Cybersecurity News | The Hacker News

Twitter API Flaw Exposed Users Messages to Wrong Developers For Over a Year

Twitter API Flaw Exposed Users Messages to Wrong Developers For Over a Year

Sep 22, 2018
The security and privacy issues with APIs and third-party app developers are something that's not just Facebook is dealing with. A bug in Twitter's API inadvertently exposed some users' direct messages (DMs) and protected tweets to unauthorized third-party app developers who weren't supposed to get them, Twitter disclosed in its Developer Blog on Friday. What Happened? Twitter found a bug in its Account Activity API (AAAPI), which is used by registered developers to build tools to support business communications with their customers, and the bug could have exposed those customers' interactions. The Twitter AAAPI bug was present for more than a year—from May 2017 until September 10—when the microblogging platform discovered the issue and patched it "within hours of discovering it." In other words, the bug was active on the platform for almost 16 months. "If you interacted with an account or business on Twitter that relied on a developer
Reminder—Third Party Gmail Apps Can Read Your Emails, "Allow" Carefully!

Reminder—Third Party Gmail Apps Can Read Your Emails, "Allow" Carefully!

Jul 03, 2018
Reminder—If you've forgotten about any Google app after using it once a few years ago, be careful, it may still have access to your private emails. When it comes to privacy on social media, we usually point fingers at Facebook for enabling third-party app developers to access users personal information—even with users' consent. But Facebook is not alone. Google also has a ton of information about you and this massive pool of data can be accessed by third-party apps you connect to, using its single sign-on service. Though Google has much stricter privacy policies about what developers can do with your data, the company still enables them to ask for complete access of your Google account, including the content of your emails and contacts. The entire Facebook's  Cambridge Analytica privacy saga highlights how crucial it is to keep track of the apps you have connected to your social media accounts and permitted to access your data. Last year, Google itself prom
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Microsoft Open-Sources Tool for Porting iOS Apps to Windows

Microsoft Open-Sources Tool for Porting iOS Apps to Windows

Aug 07, 2015
At its Build developers conference in April this year, Microsoft announced " Project Islandwood " - the " Windows Bridge for iOS " that lets iOS and Android developers port their apps to Windows. Microsoft finally made another surprise move on Thursday by open sourcing an early version of its toolkit for iOS to help iOS developers move their apps more easily to Windows 10. The source code for an early preview of " Windows Bridge for iOS " is now available on GitHub under the MIT open-source license. By releasing the preview of iOS Bridge, Microsoft wants the open-source community to contribute code, comments, testing, vulnerability reports, before the company launch the final version later this fall. iOS Toolkit for Building Windows 10 Apps The iOS Bridge enables developers to create apps that work with both Windows 8.1 and Windows 10 operating systems. Currently, Microsoft only targets the standard X86 and X64 processor archi
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Google Play Store Update Allows Apps to Silently Gain Control of Your Device

Google Play Store Update Allows Apps to Silently Gain Control of Your Device

Jun 13, 2014
Google just made a huge change to the way application permissions work on Android devices which has left a potential door open to malicious app developers and hackers. Google narrows down Android's 145 permissions into 13 broad categories and groups app permissions into ' groups of related permissions ', likely for Android users to have an easier time dealing with app permissions. Unfortunately, the new update has introduced a few potential security and privacy issues, as listed below: hiding permissions behind the group names auto-updating app with no warning for new permissions According to new update, once a user approves an app's permissions, he actually approves the whole respective permission groups. For example, if an app want to read your incoming SMS messages, then it requires the " Read SMS messages " permission. But now installing an app, you are actually giving it access to all SMS-related permissions. The app developer can then include
Apple's New Swift Programming Language for iOS And OS X Apps. Goodbye Objective-C

Apple's New Swift Programming Language for iOS And OS X Apps. Goodbye Objective-C

Jun 04, 2014
The development of self own languages has become emblematic of the hot new trend in business as every big Internet service provider is now developing their own and unique programming languages. Two months ago, Facebook released its modern programming language called ' HACK ', which is specially designed to make the process of writing and testing code of complex websites and other software faster, and the company already drives almost all of the its social networking site to HACK over the last year. This Monday, Apple surprises the gathering of people who build software applications for Apple hardware devices at its World Wide Developers Conference (WWDC) by introducing its whole new programming language called Swift , which probably replace Apple's main programming language - Objective-C that is being loved by the developers who build software applications for Apple hardware devices, from iPhone, iPad to Macintosh. The first app built on Swift is the WWDC ap
Facebook Introduces Anonymous Login to Limit Third-party App Permissions

Facebook Introduces Anonymous Login to Limit Third-party App Permissions

May 01, 2014
We're comfortable in sharing information with our Facebook friends, but it is quite sneaky for Facebook users to offer their Identities and credentials when logging in to third-party apps , they don't trust. To deal with this issue, the social network giant has plans to improve the way users login to the third party apps with more privacy controls on the web as well as mobile devices. ANONYMOUS LOGIN At Facebook's F8 developer conference in San Francisco on Wednesday, Keynote speaker - Chief Executive Mark Zuckerberg announced the new Facebook's login tool, " Anonymous Login " that would let users sign into apps and websites anonymously without sharing their personal information-Biggest news for Facebook users. " Today, we want to do more to put control and power back into people's hands, " Zuckerberg said at the conference. " Up until now, your friends have been able to share your data via using apps. Now we're changing this, so every
Dumb Ransomware Developer leaves Decryption Keys on Infected Computers

Dumb Ransomware Developer leaves Decryption Keys on Infected Computers

Apr 02, 2014
So, How do Hackers compromise a Website? Simply by exploiting the flaws in it, that means they took advantage of the error in the developers' code. Now, this time the hackers itself has left behind a crucial flaw in its malware code which can be exploited by us to help save our computer systems. Believe me, it's not an April Fools' joke! A malicious software program that holds the victims' computer files hostage by wrapping them with strong encryption until the victim pays a ransom fee to get them decrypted, has a critical flaw in its malware code itself that it leaves the decryption key on the victim's computer. The Anti-virus firm Symantec examined a sophisticated malware program dubbed as CryptoDefense (Trojan.Cryptodefense) ransomware , which appeared in the end of the last month. CryptoDefense is one of the complex malware programs that include a number of effective techniques, including Tor anonymity tool usage and Bitcoin digital currency to extort money from victims. Cryp
Researchers explained How ANGRY BIRDS Sharing Your Personal Data

Researchers explained How ANGRY BIRDS Sharing Your Personal Data

Apr 02, 2014
We are already aware about the fact that most probably every mobile app is collecting our data in one or the other form. Thanks to Edward Snowden, who provided the secret documents that revealed that the world's most popular Smartphone applications, including gaming apps such as Angry Birds , are telling the government intelligence agencies (NSA) everything about us. We  reported earlier  that how the government intelligence agencies, such as British intelligence agency GCHQ and U.S. intelligence firm NSA, use popular games to collect users' personal data including their GPS location. Yes, the popular game Angry Bird , which is the top-selling paid mobile application in the United States and Europe for the iPhones, Android and has been downloaded more than a billion times by the devoted game players worldwide, who often spend hours squawking and playing the game.  In fact earlier this month,  CBS 60 Minutes  shows that how Rovio shares users' locations. Recently, t
Apple’s Developer Center Offline for 32 Hours; Compromised ?

Apple's Developer Center Offline for 32 Hours; Compromised ?

Jul 21, 2013
It's been over a day now since Apple 's online Dev Center went offline, and latest message can be seen in the screenshot, which explains that the current maintenance has took a lot longer than they expected. " We apologize that maintenance is taking longer than expected. If your program membership was set to expire during this period, it has been extended and your app will remain on the App Store. If you have any other concerns about your account, please contact us. Thank you for your patience. " message said. Since that time, developers have been unable to access the site and cannot visit the forums or download Mac or iOS SDKs, the iOS 7 beta, or the Mavericks beta. It was first seemed like Apple having some backend issues but according to tweets from many developers, they have received a message from Apple that an attempt was made to reset their user ID's password . Such notices pointing that Apple's Developer Center website may have been compromised. But if it is a sec
Samsung's new OS Tizen 2.0 source code released

Samsung's new OS Tizen 2.0 source code released

Feb 19, 2013
The Tizen 2.0 source code and SDK has officially been released. Tizen is a Linux-based open-source software platform backed by Intel and Samsung Electronics, that is designed for smartphones, tablets, smart TVs and in-car systems and it's designed to run apps written using web technologies including HTML5. The list of new features and updates is an extensive one, though a lot of the changes are under-the-hood and aimed at offering a more attractive platform to application developers. Tizen 2.0 adds new APIs that developers can use to access Bluetooth and NFC function on phones with that hardware, as well as improved developer tools. There have been reports recently that Samsung is planning a line of phones built around the Tizen operating system, to reduce its dependence on Android after Google acquired mobile phone competitor Motorola Mobility. Samsung is already one of the top makers of phones and tablets, but right now the company's fortunes are very much tied into Goo
Google Play privacy issue, sends app buyers personal details to developers

Google Play privacy issue, sends app buyers personal details to developers

Feb 16, 2013
Google is again under attack for its apparent mishandling of its users' personal information. An Australian software developer ' Dan Nolan ' revealed that the search giant was sending him the full names, email and post codes of everyone who purchased his app on Google's Play. In a blog post , Nolan said the information was so detailed he would even be able to use it to ' track down and harass users who left negative reviews or refunded the app purchase '. Nolan discovered that he has obtained a fair share of customer info himself after logging into his Google Play merchant account to update his payment details. The main problem is that Google is not asking explicit permission from buyers to share that information with developers, but according to privacy groups and with careful inspection of the policies, Google does not clearly mention that it is sharing personal information to app developers nor does it create a good deal of effort in informing buying custome
Cybersecurity Resources