Google has warned people not to bypass the ban on Google apps that affects newer Huawei phones. Manually installing app files found online is highly risky, as the files can be compromised.
As reported by Reuters, Mexico’s economy ministry detected a cyber attack on some of its servers on Sunday but did not consider sensitive information to have been compromised, and beefed up safety measures, it said in a statement. It was the second high-profile cyber attack on the Mexican government after hackers demanded $5 million in bitcoin from national oil company Pemex last November, forcing it to shut down computers nationwide.
The new Idaptive Mac Cloud Agent makes it easy for you to deploy Mac devices to remote employees, ensure that devices have the right set of security policies, and are protected with Multi-Factor Authentication.
Have you ever tried to encrypt data in your app? As a developer, you want to keep data safe, and in the hands of the party intended to use. But if you’re like most Android developers, you don’t have a dedicated security team to help encrypt your app’s data properly. By searching the web to learn how to encrypt data, you might get answers that are several years out of date and provide incorrect examples.
The Jetpack Security (JetSec) crypto library provides abstractions for encrypting Files and SharedPreferences objects. The library promotes the use of the AndroidKeyStore while using safe and well-known cryptographic primitives. Using EncryptedFile and EncryptedSharedPreferences allows you to locally protect files that may contain sensitive data, API keys, OAuth tokens, and other types of secrets.
Why would you want to encrypt data in your app? Doesn’t Android, since 5.0, encrypt the contents of the user’s data partition by default? It certainly does, but there are some use cases where you may want an extra level of protection. If your app uses shared storage, you should encrypt the data. In the app home directory, your app should encrypt data if your app handles sensitive information including but not limited to personally identifiable information (PII), health records, financial details, or enterprise data. When possible, we recommend that you tie this information to biometrics for an extra level of protection.
Jetpack Security is based on Tink, an open-source, cross-platform security project from Google. Tink might be appropriate if you need general encryption, hybrid encryption, or something similar. Jetpack Security data structures are fully compatible with Tink.
Before we jump into encrypting your data, it’s important to understand how your encryption keys will be kept safe. Jetpack Security uses a master key, which encrypts all subkeys that are used for each cryptographic operation. JetSec provides a recommended default master key in the MasterKeys class. This class uses a basic AES256-GCM key which is generated and stored in the AndroidKeyStore. The AndroidKeyStore is a container which stores cryptographic keys in the TEE or StrongBox, making them hard to extract. Subkeys are stored in a configurable SharedPreferences object.
Primarily, we use the AES256_GCM_SPEC specification in Jetpack Security, which is recommended for general use cases. AES256-GCM is symmetric and generally fast on modern devices.
val keyAlias = MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC)
Security is all too often focused on keeping hackers out and breaches at bay. But in the case of Remine, a real estate intelligence startup, it left its doors wide open for anyone to run rampant.
Just under a month ago Facebook switched on global availability of a tool which affords users a glimpse into the murky world of tracking that its business relies upon to profile users of the wider web for ad targeting purposes.
In a landmark ruling, a San Diego judge said that the grocery delivery app Instacart has misclassified tens of thousands of its California gig workers who pack and deliver groceries as independent contractors.
Amazon expands its Just Walk Out technology beyond convenience stores, Intuit acquires Credit Karma in its biggest acquisition ever and Grab raises hundreds of millions of dollars. Here’s your Daily Crunch for February 25, 2020.
Written by Sean Lyngaas
Chinese hackers took pains to cover their fingerprints in allegedly hacking credit monitoring agency Equifax in 2017, but a senior Department of Justice official says an indictment unsealed earlier this month shows the smokescreen didn’t work.
Written by Shannon Vavra
There was a time when the National Security Agency and the Department of Homeland Security primarily kept to themselves when it came to information sharing. That time is in the past.
Variety is welcome in most walks of life, but not when it comes to the threat landscape. Yet that is unfortunately the reality facing modern cybersecurity professionals. As Trend Micro’s 2019 roundup report reveals, hackers have an unprecedented array of tools, techniques and procedures at their disposal today. With 52 billion unique threats detected by our filters alone, this is in danger of becoming an overwhelming challenge for many IT security departments.
Everyone has a spam folder. It’s often disregarded as a dark, bottomless pit for fake emails from FedEx, pharmacy offers, and introductory emails from women far too amorous to be anything but fantastical. You’d be right to largely ignore this folder.
Digital transformation has changed how we live, work and play, and for leading companies, this transformation has enabled them to realize many business benefits, from bolstering efficiencies and improving employee engagement to strengthening the customer-brand relationship. Yet, as companies increasingly move to the cloud and IoT devices are used with greater frequency in the enterprise, adversaries now have more opportunities to target an attack. However, as discussed in An Executive Summary: Addressing Cyber Risk and Security Effectiveness in the Digital Age, too often, organizations choose to prioritize growth and cost efficiencies over security. And that means they are leaving their valuable digital assets unprotected.