Google has warned people not to bypass the ban on Google apps that affects newer Huawei phones. Manually installing app files found online is highly risky, as the files can be compromised.
Category: Fity Feeds
Judith Butler on Nonviolence and Gender: Hear Conversation with The Partially Examined Life
Mexico’s Economy Ministry Hit By Cyber Attack
As reported by Reuters, Mexico’s economy ministry detected a cyber attack on some of its servers on Sunday but did not consider sensitive information to have been compromised, and beefed up safety measures, it said in a statement. It was the second high-profile cyber attack on the Mexican government after hackers demanded $5 million in bitcoin from national oil company Pemex last November, forcing it to shut down computers nationwide.
Deltek Appoints Caleb Merriman Chief Information Security Officer
Introducing the New Mac Cloud Agent
The new Idaptive Mac Cloud Agent makes it easy for you to deploy Mac devices to remote employees, ensure that devices have the right set of security policies, and are protected with Multi-Factor Authentication.
CISA’s Krebs: 2016 US Elections Were Cyber ‘Sputnik’ Moment
Data Encryption on Android with Jetpack Security
Posted by Jon Markoff, Staff Developer Advocate, Android Security
Have you ever tried to encrypt data in your app? As a developer, you want to keep data safe, and in the hands of the party intended to use. But if you’re like most Android developers, you don’t have a dedicated security team to help encrypt your app’s data properly. By searching the web to learn how to encrypt data, you might get answers that are several years out of date and provide incorrect examples.
The Jetpack Security (JetSec) crypto library provides abstractions for encrypting Files and SharedPreferences objects. The library promotes the use of the AndroidKeyStore while using safe and well-known cryptographic primitives. Using EncryptedFile and EncryptedSharedPreferences allows you to locally protect files that may contain sensitive data, API keys, OAuth tokens, and other types of secrets.
Why would you want to encrypt data in your app? Doesn’t Android, since 5.0, encrypt the contents of the user’s data partition by default? It certainly does, but there are some use cases where you may want an extra level of protection. If your app uses shared storage, you should encrypt the data. In the app home directory, your app should encrypt data if your app handles sensitive information including but not limited to personally identifiable information (PII), health records, financial details, or enterprise data. When possible, we recommend that you tie this information to biometrics for an extra level of protection.
Jetpack Security is based on Tink, an open-source, cross-platform security project from Google. Tink might be appropriate if you need general encryption, hybrid encryption, or something similar. Jetpack Security data structures are fully compatible with Tink.
Key Generation
Before we jump into encrypting your data, it’s important to understand how your encryption keys will be kept safe. Jetpack Security uses a master key, which encrypts all subkeys that are used for each cryptographic operation. JetSec provides a recommended default master key in the MasterKeys class. This class uses a basic AES256-GCM key which is generated and stored in the AndroidKeyStore. The AndroidKeyStore is a container which stores cryptographic keys in the TEE or StrongBox, making them hard to extract. Subkeys are stored in a configurable SharedPreferences object.
Primarily, we use the AES256_GCM_SPEC specification in Jetpack Security, which is recommended for general use cases. AES256-GCM is symmetric and generally fast on modern devices.
val keyAlias = MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC)
DEF CON 27, Artificial Intelligence Village – Lauren Putvin, PhD ‘Exploratory Data Analysis How And Why (In Python)?
Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn.
DEF CON 27, Artificial Intelligence Village – Laurin Weissinger’s ‘Regulating AI And Algorithms Lessons’
Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn.
Build a Rover, Send It to the Moon, Sell the Movie Rights: 30 Years of iRobot
Improving Malicious Document Detection in Gmail with Deep Learning
A security mishap left Remine wide open to hackers
Security is all too often focused on keeping hackers out and breaches at bay. But in the case of Remine, a real estate intelligence startup, it left its doors wide open for anyone to run rampant.
Facebook’s latest ‘transparency’ tool doesn’t offer much — so we went digging
Just under a month ago Facebook switched on global availability of a tool which affords users a glimpse into the murky world of tracking that its business relies upon to profile users of the wider web for ad targeting purposes.
Judge Says Instacart Misclassified its California Workers
In a landmark ruling, a San Diego judge said that the grocery delivery app Instacart has misclassified tens of thousands of its California gig workers who pack and deliver groceries as independent contractors.
Daily Crunch: Amazon opens its first cashier-less grocery store
Amazon expands its Just Walk Out technology beyond convenience stores, Intuit acquires Credit Karma in its biggest acquisition ever and Grab raises hundreds of millions of dollars. Here’s your Daily Crunch for February 25, 2020.
Equifax indictment shows Chinese hackers can’t hide, DOJ official says
Written by Sean Lyngaas
Chinese hackers took pains to cover their fingerprints in allegedly hacking credit monitoring agency Equifax in 2017, but a senior Department of Justice official says an indictment unsealed earlier this month shows the smokescreen didn’t work.
Russian interference in 2016 election prompted better information sharing, top DHS cyber official says
Written by Shannon Vavra
There was a time when the National Security Agency and the Department of Homeland Security primarily kept to themselves when it came to information sharing. That time is in the past.
Hackers Expand Their Repertoire as Trend Micro Blocks 52 Billion Threats in 2019
Variety is welcome in most walks of life, but not when it comes to the threat landscape. Yet that is unfortunately the reality facing modern cybersecurity professionals. As Trend Micro’s 2019 roundup report reveals, hackers have an unprecedented array of tools, techniques and procedures at their disposal today. With 52 billion unique threats detected by our filters alone, this is in danger of becoming an overwhelming challenge for many IT security departments.
Explorations in the spam folder
Everyone has a spam folder. It’s often disregarded as a dark, bottomless pit for fake emails from FedEx, pharmacy offers, and introductory emails from women far too amorous to be anything but fantastical. You’d be right to largely ignore this folder.
Cyber Risk and Security Effectiveness in the Digital Age by Major General Earl Matthews USAF (Ret)
Digital transformation has changed how we live, work and play, and for leading companies, this transformation has enabled them to realize many business benefits, from bolstering efficiencies and improving employee engagement to strengthening the customer-brand relationship. Yet, as companies increasingly move to the cloud and IoT devices are used with greater frequency in the enterprise, adversaries now have more opportunities to target an attack. However, as discussed in An Executive Summary: Addressing Cyber Risk and Security Effectiveness in the Digital Age, too often, organizations choose to prioritize growth and cost efficiencies over security. And that means they are leaving their valuable digital assets unprotected.