Do you really know what’s inside your iOS and Android apps?

It’s time to audit your code, as it appears that some no/low code features used in iOS or Android apps may not be as secure as you thought. That’s the big take away from a report explaining that disguised Russian software is being used in apps from the US Army, CDC, the UK Labour party, and other entities.

When Washington becomes Siberia

What’s at issue is that code developed by a company called Pushwoosh has been deployed within thousands of apps from thousands of entities. These include the Centers for Disease Control and Prevention (CDC), which claims it was led to believe Pushwoosh was based in Washington when the developer is, in fact, based in Siberia, Reuters explains. A visit to the Pushwoosh Twitter feed shows the company claiming to be based in Washington, DC.

To read this article in full, please click here

Read more

WWDC22: Apple brings declarative device management to the Mac?

Credit to Author: Jonny Evans| Date: Mon, 06 Jun 2022 08:11:00 -0700

More opportunities for engineers and developers to implement declarative device management solutions are likely to emerge at WWDC 2022, at least, according to MacAdmins.

Speaking during the pre-event podcast, speakers argue that Apple will eventually require that all mobile device management (MDM)  providers introduce support for declarative management. Might this include bringing declarative device management to the Mac?

What is declarative device management?

Apple first introduced declarative device management last year, largely for two reasons: to make devices more proactive, and to reduce the impact on MDM servers that handle large fleets of devices. This should boost performance and scalability.

To read this article in full, please click here

Read more

Google’s open-source security move may be pointless. In a perfect world, it should be.

Credit to Author: Evan Schuman| Date: Tue, 31 May 2022 02:30:00 -0700

One of the bigger threats to enterprise cybersecurity involves re-purposed third-party code and open-source code, so you’d
think Google’s Assured Open Source Software service would be a big help.

Think again.

Here’s Google’s pitch: “Assured OSS enables enterprise and public sector users of open source software to easily incorporate the same OSS packages that Google uses into their own developer workflows. Packages curated by the Assured OSS service are regularly scanned, analyzed, and fuzz-tested for vulnerabilities; have corresponding enriched metadata incorporating Container/Artifact Analysis data; are built with Cloud Build including evidence of verifiable SLSA-compliance; are verifiably signed by Google; and are distributed from an Artifact Registry secured and protected by Google.”

To read this article in full, please click here

Read more

The Quad commits to strengthening cybersecurity in software, supply chains

Credit to Author: Malwarebytes Labs| Date: Mon, 30 May 2022 14:50:56 +0000

Australia, India, Japan, and the US recently met to discuss pressing matters in the Info-Pacific, including cybersecurity.

The post The Quad commits to strengthening cybersecurity in software, supply chains appeared first on Malwarebytes Labs.

Read more

Do you know where your software comes from?

Credit to Author: Susan Bradley| Date: Mon, 14 Mar 2022 08:56:00 -0700

Where does your software come from?

That’s one of the questions online users at AskWoody.com have asked in recent weeks. Obviously, this comes up as the world sees what’s going on in Ukraine. For many years, one security software vendor in particular was tagged as possibly having Russian ties — and as far back as 2017, the US Government banned the use of Kaspersky antivirus over fears the security software could spy on defense contractors for Russia.

To read this article in full, please click here

Read more

Why the Fed is considering a cash-backed cryptocurrency

Credit to Author: Lucas Mearian| Date: Tue, 11 Feb 2020 03:00:00 -0800

The Federal Reserve is investigating the potential of a central bank digital currency (CBDC) as the backbone for a new, secure real-time payments and settlements system.

The move toward a form of government-backed digital currency is being driven by Fintech firms and a banking industry already piloting or planning to pilot cash-backed digital tokens, according to Lael Brainard, a member of the U.S. Federal Reserve’s Board of Governors.

“Today, it can take a few days to get access to your funds. A real-time retail payments infrastructure would ensure the funds are available immediately – to pay utility bills or split the rent with roommates, or for small business owners to pay their suppliers,” said Brainard, who serves as chair of the committees overseeing Financial Stability and Payments, Clearing and Settlements.

To read this article in full, please click here

Read more

WWDC: Has Apple closed the door on non-Mac App Store apps?

Credit to Author: Jonny Evans| Date: Mon, 17 Jun 2019 07:58:00 -0700

Ever since Apple introduced the Mac App Store developers have warned it plans to close off its platform, so news the company will insist on App Notarization in macOC Catalina set those critics off again. The thing is, it’s a little more complicated.

What is Apple doing?

Yes, Apple is making it a little more difficult for Mac users to install apps that aren’t sold at the Mac App Store or made available from bona fide developers happy to submit their software for the company’s speedy App notarization service.

To read this article in full, please click here

Read more