Aggregator

Salt Security provides improved API protection with Google Cloud

Help Net Security
4 months ago

Salt Security announced its integration with Google Cloud‘s Apigee API Management platform. With this technical collaboration, customers can discover all of their APIs, including shadow and deprecated APIs, apply posture rules, uncover areas of non-compliance, and stop API-based attacks at their root. The security landscape is witnessing an unprecedented reliance on APIs. Now more than ever, organizations need comprehensive API security mechanisms that proactively detect and prevent threats. Salt Security, a pioneer in API security, … More →

The post Salt Security provides improved API protection with Google Cloud appeared first on Help Net Security.

Industry News

EPSS vs. CVSS: What’s the Best Approach to Vulnerability Prioritization?

The Hackers News
4 months ago
Many businesses rely on the Common Vulnerability Scoring System (CVSS) to assess the severity of vulnerabilities for prioritization. While these scores provide some insight into the potential impact of a vulnerability, they don’t factor in real-world threat data, such as the likelihood of exploitation. With new vulnerabilities discovered daily, teams don’t have the time - or the budget - to
The Hacker News

Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and Spyware

The Hackers News
4 months ago
As many as 25 websites linked to the Kurdish minority have been compromised as part of a watering hole attack designed to harvest sensitive information for over a year and a half. French cybersecurity firm Sekoia, which disclosed details of the campaign dubbed SilentSelfie, described the intrusion set as long-running, with first signs of infection detected as far back as December 2022. The
The Hacker News

GenAI Writes Malicious Code to Spread AsyncRAT

darkreading
4 months ago
Researchers have uncovered one of the first examples of threat actors using artificial intelligence chatbots for malware creation, in a phishing attack spreading the open source remote access Trojan.
Elizabeth Montalbano, Contributing Writer

蝉联!爱加密再次荣获网络安全优秀创新成果大赛优胜奖

嘶吼
4 months ago

为深入贯彻总书记关于网络安全和信息化工作作出的重要指示精神,在中央网信办网络安全协调局指导下,中国网络安全产业联盟(CCIA)主办了“2024年网络安全优秀创新成果大赛”,爱加密凭借出色发挥成功夺得优胜奖

“2024年网络安全优秀创新成果大赛”是国家网络安全宣传周重要活动之一,由中央网信办网络安全协调局指导。大赛围绕网络安全领域典型应用场景、创新技术,按照解决方案和创新产品2大类型,征集并评选优秀网络安全创新成果,大赛致力于发现我国网络安全产业优秀创新成果,激发网络安全企业加强自主创新能力,提升网络安全产品和服务供给能力和质量,搭建网络安全企业、技术、人才和资本合作平台,推进网安产业结构化升级,推动网络安全产业高质量发展。

创新产品类评选针对具有重要发明、重大技术创新或具备广阔市场应用前景的数据安全领域创新型产品,如:采用了新的技术、设计方法,实现新功能;关键技术指标达到国内领先或国际先进水平;为数据安全和个人信息保护产品开辟了重要的新应用领域。爱加密移动应用个人信息合规专家检测平台经由相关行业部门、高校、科研机构、CCIA及网络安全投资机构专家共同组成的评审团多轮评审,产品创新性得到评审团一致认可,符合大赛上述评选要求,正式获得优胜奖

 爱加密移动应用个人信息合规专家平台是为测评机构、应用开发企业等推出的半自动化合规专家检测平台,拥有6大创新性技术:

1、沙箱系统:可监测APP在运行过程中的高达100+种行为,包括读取文件、写入文件、获取应用进程、读取系统配置等行为。同过行为函数调用栈对行为主体进行分析,过滤APP或SDK行为,针对性排查违规行为主体,定位行为触发的代码位置。

2、DPI技术:对应用通讯传输数据进行抓取,分析传输数据内容,访问服务器地址、地理位置、网络传输类型等信息。定位信息接收对象,分析数据内容是否包含个人信息。

3、SDK识别能力:爱加密使用采集-清洗-审核的方式建立自有SDK库,运用反编译技术与动静态检测识别并分析SDK运行中的调用情况。不断提高SDK识别准确率,丰富SDK库。

4、小程序运行方案:实现微信小程序和支付宝小程序在真实手机环境真实用户账号运行做检测,极大提高准确性。

5、自动化脱壳技术:支持对加固的APP提供自动化脱壳技术,针对加固包在静态检测与问题溯源能力的加强。

6、全面适配主流游戏引擎unity:当前适配unity游戏引擎后能够准确获取隐私文本内容,基本与成熟的APP自动检测保持一致,提高识别效率;更好兼容和服务应用市场和应用分发市场,有效避免企业在上线后被通报违规操作,规范市场,提供更好的服务质量。

7、最新支持数据合规测评模型:平台不仅全面融入了个人信息违法违规搜集行为的严格测评模型,确保用户数据的合法、正当收集,还全面适配了先进的数据合规测评模型,平台计划在全方位提升数据处理的合规性,从数据的收集、存储、处理到传输、共享、销毁等各个环节,都严格遵循相关法律法规及行业标准,确保数据的安全性、隐私性和合规性。该平台针对移动应用的基本信息、漏洞信息、收集和使用个人信息行为、通讯传输行为、软件和技术供应链情况、技术脆弱性、隐私政策规范性等进行全量多维度的安全合规检测,通过对合规测评全流程标准化管理,降低安全服务工程师的使用门槛和培训成本;通过集成必要的行为和通信数据监测工具、SDK引擎工具、截图工具、报告生成工具等,降低传统人工测评的时间消耗,提升测评效率和准确性,并出具专业的个人信息安全测评报告。

爱加密作为国内知名的移动信息安全综合服务提供商,长期致力于个人信息合规工作,积极帮助企业、监管机构、测评机构等实现移动应用的合法合规,从行业实践角度着手大力推动我国移动应用个人信息安全保护生态的良好发展。将多年来的技术积累与实践经验结合,不断提升产品能力,为国家网络安全工作提供最有力的支撑,实现产业报国。

爱加密

Privacy non-profit noyb claims that Firefox tracks users with privacy preserving feature

Security Affairs
4 months ago
Privacy non-profit noyb filed a complaint with the Austrian DPA against Firefox for enabling tracking in Firefox without user consent. Privacy non-profit None Of Your Business (noyb) has filed a complaint with Austria’s data protection authority (DSB) against Mozilla for enabling the privacy feature Privacy-Preserving Attribution (PPA) in Firefox without user consent. Noyb claims that […]
Pierluigi Paganini

Managed ad