Application News, Articles and Updates

21% of serverless applications feature critical vulnerabilities

An audit of 1,000 open-source serverless applications carried out by serverless security company PureSec has revealed that 21 percent of such applications feature critical security vulnerabilities that can be exploited.

New cryptojacking attack uses Redis and NSA exploits to infect machines

Security researchers have revealed an extremely complex cryptojacking attack dubbed RedisWannaMine. Researchers say RedisWannaMine is aimed at both database servers and application servers.

Despite poor IT visibility, HR apps are the most highly used cloud services

Despite a lack of appropriate visibility and control measures in place, cloud-based HR applications are now the most highly used cloud applications across organisations, with 139 such apps being used by organisations on average.

MacUpdate hacked, cryptocurrency miner apps installed

A cyber-criminal managed to infiltrate the Mac app download site MacUpdate and install maliciously copies of the Firefox, OnyX, and Deeper applications that were in fact cryptocurrency miners.

Lack of encryption in cloud applications rendering enterprises vulnerable

Enterprises are developing and using enterprise applications on a large scale for various purposes, but a lack of encryption, coupled with serious security flaws in such applications, is also rendering enterprises vulnerable.

Malicious 'ChaiOS' link can crash Apple devices

A quirky bug in Apple's Messages application is allowing a malicious GitHub link to cause crashes and other bothersome behaviour on both macOS and iOS machines.

Developments in machine learning: we've come a long way, but have far to go

AI driven applications rely on machine learning to make decisions but they cannot yet think for themselves though that is coming. Neural networks and expert systems may be inspired by the human brain, but there is little comparison.

New adware found in fake Flashlight apps with dark intentions

A newly discovered mobile adware program called LightsOut was recently observed in 22 fake Android flashlight and utility applications, reportedly prompting their removal from the Google Play Store.

Time to wake up to API security, the overlooked vulnerability

API vulnerabilities are the sleeping giant of our technology-led world. The threats posed by an exposed API are significant, yet, they remain the most overlooked threat to information security today says Jason Macy

IEEE looks to raise security standards among software developers

The Institute of Electrical and Electronics Engineers (IEEE) has formed a new advisory group with the private sector, and is already advising software developers to ensure that their applications are secure.

Jailbroken devices are a threat to the enterprise

First step, identify jailbroken devices on your network, says Vince Arneja, then alter data processing and execution modes to protect your data.

Windows app privileges subverted

Researchers have spotted new attack vectors being used to exfiltrate company online banking credentials.

Fake AV apps spotted on Google Play, Windows Phone Store

Kaspersky Lab UK has spotted an increase in the number of fake anti-virus apps appearing in mobile app stores, with two recent programs imitating the firm's own products.

ICYMI: 'Banksy' sketches GCHQ, Heartbleed rumours & cloud confusion

As another week in information security zips by, we look at the top stories in our weekly In Case You Missed It (ICYMI) column.

Dud Android app fools thousands

Chart-topping paid-for Android security app does absolutely nothing

LinkedIn plug-in mines for user email addresses

"This highlights the fine line between acceptable and unacceptable usage of your information" says Nigel Stanley, CEO of Incoming Thought.

Only 6 in 10 firms say their software is always up-to-date

A new report from F-Secure reveals that most companies lack the resources to update legacy applications, with this potentially being a serious security risk.

All Android devices believed hit by security flaw

A new class of security vulnerability that is "highly suspected" to affect all of the almost one billion Android devices in existence has been discovered by a research team from Indiana University and Microsoft.

Major privacy flaw found on WhatsApp

Popular messaging service WhatsApp is facing up to another PR disaster after a security researcher found that others could access private chats through downloaded Android apps.

Chinese cybercriminals buy ranking for malware Apps

Boosting an iPhone app into the top five of Apple's China app store costs around £5,800 says Trend Micro, while 10,000 android downloads cost £3.90.

Snapchat hack - a lesson almost learnt

Security stress testing needs to happen at the development stage says Grayson Milbourne, Director of Security Intelligence at Webroot, who looks at the lessons learned from Snapchat

Facebook's Android app wants access to your text messages

Facebook's updated Android application is under fire with the latest iteration requiring user permission to read SMS messages.

Google removes adware-laden Chrome extensions

The tech giant removed browser extensions from its Chrome store after finding that both hosted malware serving up intrusive ads.

Wickr lays down US$ 100,000 bounty challenge to hackers

Secure messaging app provider Wickr has joined the top echelon of software developers by launching a bug bounty programme that offers up to US $100,000 for hackers who can find flaws in its software.

ICO warns software developers on data privacy

The Information Commissioner's Office (ICO) has warned developers that protecting app data is of paramount importance.

Get your BYOD policies wrapped up by Christmas

Many more personal mobile devices will arrive in the office after Chrismas, so sort out your security policies now advises Leon Ward.

Inadequate patching leaving businesses vulnerable

Vendors are often releasing patches months after vulnerabilities are discovered, leaving businesses open to attack, experts have warned.

Cyber criminals cracking more paid-for and Apple apps than ever before

Hackers are increasingly targeting paid-for and iOS apps, according to a new study.

ITV and Sky both hit by the Syrian Electronic Army

Fresh from Twitter implementing two-factor authentication last week, accounts for ITV news and Sky were hacked over the weekend.

SaaSID adds new capability to its Cloud Application Manager

SaaSID has launched the second version of its cloud application manager to offer a unified format for managing user's authentication credentials.