#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

apps security | Breaking Cybersecurity News | The Hacker News

Category — apps security
Google Makes it Tough for Rogue App Developers Get Back on Android Play Store

Google Makes it Tough for Rogue App Developers Get Back on Android Play Store

Apr 16, 2019
Even after Google's security oversight over its already-huge Android ecosystem has evolved over the years, malware apps still keep coming back to Google Play Store. Sometimes just reposting an already detected malware app from a newly created Play Store account, or using other developers' existing accounts, is enough for 'bad-faith' developers to trick the Play Store into distributing unsafe apps to Android users. Since the mobile device platform is growing rapidly, every new effort Google makes apparently comes with trade-offs. For example, Google recently made some changes in its Play Store policies and added new restriction in Android APIs that now makes it mandatory for every new app to undergo rigorous security testing and review process before appearing in the Google Play Store. These efforts also include: restricting developers from abusing Android accessibility services, restricting apps access to certain permissions like call logs and SMS permi
Apple Kicks Out some Malicious Ad-Blocker Apps from its Online Store

Apple Kicks Out some Malicious Ad-Blocker Apps from its Online Store

Oct 11, 2015
Apple has removed several apps from its official iOS App Store that have the ability to compromise encrypted connections between the servers and the end-users. Apple has officially said: We have removed a "few" apps from the iOS App Store that could install root certificates and allow monitoring your data. It's like- they have analyzed and admitted that they lacked in the auditing of the App Store hosted Apps. The company is also advising its users to uninstall the malicious apps from their iPhones, iPads and iPods in order to prevent themselves from monitoring, though it has yet to name the offending apps. App Store Apps Spy on Encrypted Traffic The challenge that stood before Apple was, they discovered that "few" of the Apps in the iOS App Store were capable of spying on the users by compromising SSL/TLS security solutions of their online communication. Root certificates are the fundamental part of how encrypted connections like HTT
9 Steps to Get CTEM on Your 2025 Budgetary Radar

9 Steps to Get CTEM on Your 2025 Budgetary Radar

Nov 06, 2024Threat Management / Business Continuity
Budget season is upon us, and everyone in your organization is vying for their slice of the pie. Every year, every department has a pet project that they present as absolutely essential to profitability, business continuity, and quite possibly the future of humanity itself. And no doubt that some of these actually may be mission critical. But as cybersecurity professionals, we understand that the rollout of a viable CTEM ( Continuous Threat Exposure Management ) program actually is . In any year, cybersecurity investments are tough budgetary sells – they're hard to quantify and don't always clearly drive revenues or cut costs. In today's belt-tightening climate, all the more so. Even though cybersecurity budgets will likely grow this year according to Forrester, it's still important to make sure today that CTEM doesn't slip down the budget priority list.  In this article, we'll discuss how to keep CTEM on the budgetary radar. But First – Here are Some Reasons Why CTEM is Objectiv
Tesla Cars Can Be Hacked to Locate and Unlock Remotely

Tesla Cars Can Be Hacked to Locate and Unlock Remotely

Mar 31, 2014
Smart Phones, Smart TVs, Smart Refrigerators, even Smart Cars! When it comes to Smart devices, we simply provide them the master control of various tasks to make our life easy and more comfortable, unaware about its worst impact. At the starting of last month we reported that by using a $20 toolkit called CAN Hacking Tool (CHT) , hackers can hack your Smart Cars, giving entire control of your car to an attacker from windows and headlights to its steering and brakes. Now a new research carried out on the  Tesla Smart car  has proved that the hackers are able to remotely locate or unlock the Tesla Motors Inc. electric vehicles, just by cracking a six-character password using traditional hacking techniques. At the Black Hat Asia security conference in Singapore on Friday, Nitesh Dhanjani , a corporate security consultant and Tesla owner, said a recent study conducted by him on the Tesla Model S sedan pointed out several design flaws in its security system, and there wasn&
cyber security

AWS EKS Security Best Practices [Cheat Sheet]

websiteWiz.ioCloud Security / Kubernetes
Unlock this one-stop resource for mastering EKS security best practices and safeguarding your cloud-native applications.
Google adds its Chrome apps and extensions to Bug Bounty Program

Google adds its Chrome apps and extensions to Bug Bounty Program

Feb 06, 2014
Google's Vulnerability Reward Program which started in November 2010, offers a hefty reward to the one who find a good vulnerability in its products.  Now Google is getting a little more serious about the security of its Chrome Browser and has expanded its Bug Bounty Program to include all Chrome apps, extensions developed and branded as " by Google ". The Internet is a platform which has become a necessary medium for performing our daily tasks like reading news, paying bills, playing games, scheduling meetings and everything we perform on this platform is possible only because of the various applications maintained by the service providers. " We think developing Chrome extensions securely is relatively easy, but given that extensions like Hangouts and GMail are widely used, we want to make sure efforts to keep them secure are rewarded accordingly. " Google said in a blog post . Not only this, to improve the security of open-source proje
iOS apps vulnerable to HTTP Request Hijacking attacks over WiFi

iOS apps vulnerable to HTTP Request Hijacking attacks over WiFi

Oct 30, 2013
Security researchers Adi Sharabani and Yair Amit  have disclosed details about a widespread vulnerability in iOS apps , that could allow hackers to force the apps to send and receive data from the hackers' own servers rather than the legitimate ones they were coded to connect to. Speaking about the issue at RSA Conference Europe 2013 in Amsterdam, researchers have provided details  on this  vulnerability , which stems from a commonly used approach to URL caching. Demonstration shows that insecure public networks can also provide stealth access to our iOS apps to potential attackers using HTTP request hijacking methods. The researchers put together a short video demonstrating, in which they use what is called a 301 directive to redirect the traffic flow from an app to an app maker's server to the attacker's server. There are two limitations also, that the attacker needs to be physically near the victim for the initial poisoning to perform this attack and t
Cybersecurity
Expert Insights / Articles Videos
Cybersecurity Resources