Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As a mobile app developer, you must develop and release fully functional and safe applications. While you can manage the functionality quite comfortably, making the application secure and resilient to cyber-attacks is hard. So, what should you do? Well, we got you covered. This blog discusses the top 10 security issues developers encounter during mobile app development and the solutions.

Lookout Threat Lab researchers have uncovered enterprise-grade Android surveillanceware used by the government of Kazakhstan within its borders. While we’ve been following this threat for a while using Lookout Endpoint Detection and Response (EDR) these latest samples were detected in April 2022, four months after nation-wide protests against government policies were violently suppressed.

The National Crime Record Bureau (NCRB), in its report, recorded 50,035 cybercrime cases in 2020, and it is alarming to see that the numbers have surged exponentially ever since the pandemic. This opened the gates to remote onboarding and the use of facial recognition algorithms to distinguish users’ unique features, enhancing their onboarding experience. On the flip side, this has also given scamsters and fraudsters ample opportunities to manipulate and employ technologies for wrongful gains.

My market trends and predictions for 2021, be it for AI-based drug discovery or cybersecurity, have certainly accelerated in 2022 as a result of Covid-19 and the ongoing pandemic. This has brought unprecedented uncertainty, fear and challenges to how we do business, work, live and play.

Read also: security flaw in Travis CI API exposes user access tokens, small botnet launched a record-breaking DDoS attack and more.

If you don’t work in IT or security, there’s no need to fret about every detail of every online danger. Nevertheless, it’s worth having awareness of the strategies and techniques that criminals are using to achieve their goals online.

CIS Control 8 Center for Internet Security (CIS) version 8 covers audit log management. (In version 7, this topic was covered by Control 6.) This security control details important safeguards for establishing and maintaining audit logs, including their collection, storage, time synchronization, retention and review. Two types of logs are independently configured during system implementation.

Control 10 of CIS Critical Security Controls version 8 is focused on malware defenses. It describes safeguards to prevent or control the installation, spread and execution of malicious applications, code and scripts on enterprise assets. (In CIS version 7, this topic was covered by Control 8.) Malware, especially ransomware, has become a pressing security issue in recent years.

Contractors, freelancers, and other temporary workers have become essential parts of the modern enterprise. For IT and security teams, these individuals present unique challenges compared to full-time workers—and potential risks. The ‘offboarding’ process for these contractors is often less formal than bringing them on. Meaning, many just stop using their entitlements and accounts without actually closing them. These dormant accounts can pose serious risks to the organization.

On Friday, May 27, Security vendor nao_sec identified a malicious document leveraging a zero-day RCE vulnerability (CVE-2022-30190) in Microsoft Windows Support Diagnostic Tool (MSDT). The actively exploited vulnerability exists when MSDT is called using the URL protocol from a calling application, such as Microsoft Word.