Android’s new biometric spec for 'strong security' is anything but

Credit to Author: eschuman@thecontentfirm.com| Date: Tue, 24 Oct 2023 12:00:00 -0700

Google has released new biometrics specs for Android devices, with the top-level “strong security” option requiring only “a spoof and imposter acceptance rate not higher than 7%.” But most biometrics specialists say that for something to be considered “high security,” that imposter and acceptance rate should be closer to 1%.

That prompted me to ask Google for comment. Google replied by emailing an anonymous statement to be attributed to nobody that doesn’t directly defend the levels it chose — but did say security decisions are ultimately up to each handset manufacturer.

To read this article in full, please click here

Read more

Apple’s latest China App Store problem is a warning for us all

Read more

Homeland Security confirms your privacy is no longer safe

The big problem with privacy is that once you relinquish some of it, you never get it back. What makes it worse is when those who are supposed to protect your rights choose to undermine them. When they do so, they eat away at the thin protections we should all enjoy in the digital age.

US agencies’ illegal use of smartphone data

These are some of the reasons to be so concerned to learn from a newly released US Department of Homeland Security report that multiple US government agencies illegally used smartphone location data, breaching privacy regulations as they did. To do this, they purchased smartphone location data, including Advertising Identifiers (AdIDs) from data brokers that had been harvested from a wide range of apps.

To read this article in full, please click here

Read more

Are you looking forward to the new age of mobile app insecurity?

A contact recently told me that Apple handles thousands of inquiries from people who have forgotten or misplaced their Apple ID logins every day. That’s probably why Apple recently made it easier to access your Apple ID using any known email address.

But Apple reps are also inundated with requests related to third-party apps over which they have no control. As the EU looks to force Apple into allowing apps from alternative app stores onto its devices, a practice known as sideloading, the user experience with Apple devices — and the flood of inquiries and complaints — is about to get much, much worse.

To read this article in full, please click here

Read more

Zero trust and why it matters to the Apple enterprise

Once upon a time, digital business sat inside the security perimeter. Devices were kept in offices, shared the same network, and were protected by antivirus software, firewalls, and software updates. This system wasn’t perfect and became increasingly specialized, with security teams, networking teams, and others all working in different sectors.

With mobility, this changed. Devices were unleashed from their locations, used their own networks, and stood outside of traditional corporate endpoint protection.

The pandemic accelerated these changes, fostering the evolution of innovative security protections outside of traditional perimeters, such as around zero-trust. The global zero trust security market is now expected to reach $99 billion by 2030, up from $23 billion in 2021.

To read this article in full, please click here

Read more

Steer clear of cryptocurrency recovery phrase scams

Categories: Personal

Tags: cryptocurrency

Tags: mark cuban

Tags: scam

Tags: phish

Tags: phishing

Tags: wallet

Tags: hot

Tags: cold

Tags: metamask

Tags: extension

Tags: browser

Tags: mobile

Tags: android

Tags: search engine

We take a look at a common cryptocurrency scam which focuses on your recovery phrase.

(Read more…)

The post Steer clear of cryptocurrency recovery phrase scams appeared first on Malwarebytes Labs.

Read more

Jamf: Generative AI is coming to an Apple IT admin near you

Imagine running fleets of iPhones that alert you when unexpected security-related incidents take place, or when otherwise legitimate service requests arrive from devices at an unexpected time or location. Imagine management and security software that not only identified these kinds of anomalies but gave you useful advice to help remediate the problem.

This, and more, is the kind of protection Jamf hopes to deliver using generative AI tools.

Generative IT for Apple admins

Jamf believes generative AI can be a big benefit to tech support and IT admin, and talked about its efforts at the end of an extensive Jamf Nation User Conference (JNUC) keynote. Akash Kamath, the company’s senior vice president, engineering, explained that just as the Mac made computing personal, genAI makes AI personal.

To read this article in full, please click here

Read more

Message to IT: Update all your Apple devices right away

Apple has pushed out an essential security update to defend against yet another attack by an out-of-control mercenary surveillance group.

Like a bad smell, NSO Group has clawed its way back into the spotlight with yet another unprincipled attack against free speech and citizens’ rights, as revealed by Citizen Lab. The security researchers found this latest example of a sinister, yet egregious zero-click attack while checking the device of an “Individual employed by a Washington DC-based civil society organization with international offices.”

To read this article in full, please click here

Read more

Victim records deleted after spyware vendor compromised

Categories: Personal

Tags: spyware

Tags: spying

Tags: surveillance

Tags: Brazil

Tags: phone

Tags: mobile

We take a look at another compromise of a mobile spyware app maker, and ask whether this action comes with hidden danger.

(Read more…)

The post Victim records deleted after spyware vendor compromised appeared first on Malwarebytes Labs.

Read more

With BYOD comes responsibility — and many firms aren't delivering

Apple deployments are accelerating across the global enterprise, so it’s surprising that many organizations don’t properly recognize that change. Even when companies put Macs, iPhones, and iPads in the hands of their employees, they are failing to manage these deployments. It’s quite shocking.

That’s the biggest take-away from the latest Jamf research, which warns that almost half of enterprises across Europe still don’t have a formal Bring-Your-Own-Device (BYOD) policy in place. That’s bad, as it means companies have no control over how employees connect and use corporate resources, creating a nice, soft attack surface for criminals and competitors alike.

To read this article in full, please click here

Read more