Tag Archive for: security

Google Confirms Hidden Android Security Threat Affecting A Billion Users

/in


A new threat at a vast scale has just been revealed, and it impacts multiple Android apps with hundreds of millions of installs—here’s what you need to know…

Microsoft has discovered a serious new security vulnerability that impacts popular Android apps and puts billions of devices at risk. “The implications of this vulnerability pattern” its report warns, “include arbitrary code execution and token theft, depending on an application’s implementation.”

The vulnerability relates to ContentProvider in Android enabling one app to securely share files with another. “If the client application does not properly handle the filename provided by the server application,” Google’s own advisory confirms, “an attacker-controlled server application may be able to implement its own malicious FileProvider to overwrite files in the client application’s app-specific storage.”

ForbesiMessage’s Lock On America-Is This Really The Beginning Of The End?By Zak Doffman

Exploiting the flaw, Microsoft says, could “provide a threat actor with full control over an application’s behavior,” and “access to a user’s accounts and sensitive data.”

Now the vulnerability has been exposed and reported through a co-ordinated Microsoft/Google release, developers have been provided with mitigation advice.

Microsoft gives two examples of popular apps that were susceptible to this risk, but which have both now been patched: “Xiaomi Inc.’s File Manager (1B+ installs) and WPS Office (500M+ installs).”

Because Android assigns separate memory space to apps to enforce device security, a common space is required to share files. But if both sides of the exchange don’t follow the rules, it’s possible for a sending app to use a crafted filename to trick the receiving app into overwriting legitimate files with malicious alternatives and content. Those malicious files can then be inadvertently executed on the device.

ForbesFBI Issues Warning If You Privately Message People From Dating AppsBy Zak Doffman

There’s nothing that users can do other than ensure they update apps as soon as those updates come available, and take…

Source…

California Startup to Provide Data Security for US Air Force Documents

/in


California tech firm Confidencial Inc. has signed a $1.8-million contract to provide advanced data security for the US Air Force’s collaboration tools.

The agreement will deliver a selective encryption solution to enhance productivity related to protecting sensitive national defense documents shared among the agency’s partners, contractors, and allied forces.

Assets covered under the project include various document formats, with some accessible through multi-cloud environments.

Other tasks involve file sharing, data scanning, and electronic signature services.

Work for the contract will be facilitated under the Small Business Innovation Research and Technology Transfer, a program expanding startup defense opportunities.

Led by the air force’s innovation arms AFWERX and Air Force Research Laboratory, this framework agreement promotes collaboration for a pool of industry partners to “eliminate bureaucratic overhead” and apply faster proposal timelines for continuous contract execution.

A “secret” cover sheet typically designates a folder that contains classified material that can be viewed only by those with proper clearance. This folder contains no classified material, however, and the cover sheet itself is unclassified.
A “secret” cover sheet. Photo: C. Todd Lopez/US Department of Defense

“The United States Air Force is among the most sophisticated cybersecurity organizations in the world,” Confidencial CEO Stewart Walchli stated.

“Partnering with the Air Force on this important initiative to protect unstructured data is a tremendous honor and endorsement of our technology.”

“This partnership will further strengthen our technology and capabilities, helping to ensure that our solution continues to be at the forefront of protecting unstructured data for government and commercial organizations alike.”

Latest Data Security Contracts

The US awarded CACI a $1.3-billion contract in April to deliver IT and communications end-user support for over 11,000 American warfighters based in 60 locations across Europe and Africa.

The same month, a tech consortium was established to supply wireless device detection solutions for the Pentagon’s sensitive facilities, which house vital national security data.

Simultaneously, the US government partnered with a Massachusetts-based cloud platform developer to produce a zero-trust cybersecurity prototype for US Army combat units.

Source…

TVC inspects cyber security | Local News

/in


TRAVERSE CITY — Cherry Capital Airport will explore its data and computer systems security through a “vulnerability study” authorized by the Northwest Regional Airport Authority Board.

The board recently approved a $9,600 contract with Traverse City-based Windemuller Electric — the airport’s information technology or IT contractor — to conduct a vulnerability assessment of the airport’s computer network with an internal audit of its digital systems.

“Obviously, cyber security is very important these days,” said Bob Nelesen, TVC’s airport engineer and zoning administrator. “We’re highly proactive in terms of our cyber security concerns.”

Cyber security breaches within public institutions have made local headlines in recent weeks following a massive disruption of the computer network at Traverse City Area Public Schools that shut down the school system for two days in early April, and prompted an ongoing investigation into the hack by state and federal authorities.

Nelesen said the airport’s cyber security inspection wasn’t prompted by that incident, but that industry standards set by the Department of Homeland Security and the National Institute of Standards and Technology require airports to conduct annual cyber security inspections to maintain the necessary security levels.

Nelesen said the airport also works with the State Police’s Michigan Cyber Security Command — which is also involved in the TCAPS hacking investigation — on cyber security measures.

Nelesen said the Department of Homeland Security and NIST — which is a branch of the U.S. Department of Commerce that sets technology measures and standards to enhance security in fast-evolving sectors such as nanotechnology, quantum information science and homeland security — implemented new cyber security requirements for airports two years ago.

“I would say we’ve had good IT procedures in place,” he said. But as the airport continues to expand in terms of more airline services providers and more activity…

Source…

Ransomware poses growing threat to healthcare data security

/in




Ransomware poses growing threat to healthcare data security | Insurance Business Australia















Report outlines cyberattacks’ impacts on organisations and their security leaders

Ransomware poses growing threat to healthcare data security


Cyber

By
Roxanne Libatique

Healthcare organisations across the globe are increasingly at risk from cyberattacks, according to a recent report by data security researcher Rubrik Zero Labs.

The report, “The State of Data Security: Measuring Your Data’s Risk,” provides a comprehensive overview of the cybersecurity landscape, emphasising the risks posed by growing digital infrastructure and cloud adoption. It outlines challenges in safeguarding sensitive data and presents strategies to address the evolving…

Source…