VMware has acquired Mesh7, a US-based company, for an undisclosed price with the aim to deliver modern apps connectivity services to enable a developer experience for more secure operations, The company, founded by Amit Jain and Pratik Roychowdhury, provide ‘API Security Mesh’ solution empowers information security professionals that capabilities to protect modern, cloud-native apps and microservices against cyber threats and breaches.
Apple has released a Platform Security guide that takes its security-built-into-hardware approach to a new level. The new Platform Security works with M1 silicon chips. System security is designed to maximise the security of the OS on 1 bn iPhones and millions of other Apple devices without affecting the usability. All Apple devices with a T2 chip have an AES hardware engine to power line-speed encryption as files are written or read which ensures data protection.
The Android version of SHAREit, downloaded more than one billion times, contains unpatched vulnerabilities that the app maker has failed to fix for more than three months. The bugs can be exploited to run malicious code on smartphones and hijack the app’s features to run custom code, overwrite its local files, or install third-party apps without the user’s knowledge as reported by Echo Duan, a mobile threats analyst for Trend Micro.
WhatsApp has announced that it has added a new security layer for its desktop and web app. Users will now need to use biometric authentication to link their WhatsApp account to a new laptop before scanning the QR code from the phone. One needs to use either their face or fingerprint unlock to authenticate WhatsApp Web or desktop. It has also updated the UI by replacing the ‘+’ icon with “link a device”. The plan is to also add multi-device support.
Apple has released iOS 14.4 and said in its update pages for iOS and iPadOS 14.4 that the three bugs affecting iPhones and iPads “may have been actively exploited.” Details of the vulnerabilities are scarce, and Apple declined to give any information beyond advisory. Two of the bugs were found in WebKit, the engine that powers the Safari browser, and the Kernel, the core of the OS. It’s a rare admission by Apple which claim itself on its security image.
Google’s Chrome v88 now gives an easy shortcut to identify weak passwords and quickly edit them. One has to click on the key icon that appears under the profile or can manually enter chrome://settings/passwords in the address bar. The new feature, which will be rolled out in coming weeks, makes it easier to update multiple usernames and passwords at one place. Google has also promised to roll out more privacy and security features throughout 2021.
Twitter suffered from cybersecurity shortfalls that enabled a “simple” hack attributed to a Florida teenager to take over the accounts of many famous people in July, according to a report by New York’s Department of Financial Services. It recommended that the largest social media companies be deemed systemically important, like some banks following the 2008 financial crisis, with a dedicated regulator monitoring their ability to combat cyberattacks.
The frequency of DDoS attacks in India saw a steady increase from January till June this year, followed by a dip in July. But the attacks were up again in August, with total DDoS packets exceeding 10 billion, as per a study by global cyber security firm Radware. Web apps of hi-tech firms (33%), banking and finance (33%), government (17%), and transportation (17%), were the most heavily targeted during Jul-Aug period.
Zoom has introduced Two-Factor Authentication (2FA), making it easier for admins and firms to protect their users and prevent security breaches. The 2FA requires users to verify their identity by two or more pieces of evidence or credentials. The evidence can be something that the user knows (password or pin), something the user owns (a smart card or mobile device), or something that the user has (fingerprints, voice). This feature improves security at a lower cost.