Had the incident gone unnoticed, the attackers could have taken over websites using the tainted code
The post Backdoor added to PHP source code in Git server breach appeared first on WeLiveSecurity
The bug is under active exploitation by unknown attackers and affects a wide range of devices, including iPhones, iPads and Apple Watches
The post Apple rushes to patch zero‑day flaw in iOS, iPadOS appeared first on WeLiveSecurity
Security and your right to repair – Scams offer fake COVID-19 vaccines and ask for Bitcoin – Jail time for a disgruntled IT contractor
Posted by Sudhi Herle and Jason Wong, Android Team
When the Pixel 3 launched in 2018, it had a new tamper-resistant hardware enclave called Titan M. In addition to being a root-of-trust for Pixel software and firmware, it also enabled tamper-resistant key storage for Android Apps using StrongBox. StrongBox is an implementation of the Keymaster HAL that resides in a hardware security module. It is an important security enhancement for Android devices and paved the way for us to consider features that were previously not possible.
StrongBox and tamper-resistant hardware are becoming important requirements for emerging user features, including:
- Digital keys (car, home, office)
- Mobile Driver’s License (mDL), National ID, ePassports
- eMoney solutions (for example, Wallet)
All these features need to run on tamper-resistant hardware to protect the integrity of the application executables and a user’s data, keys, wallet, and more. Most modern phones now include discrete tamper-resistant hardware called a Secure Element (SE). We believe this SE offers the best path for introducing these new consumer use cases in Android.
In order to accelerate adoption of these new Android use cases, we are announcing the formation of the Android Ready SE Alliance. SE vendors are joining hands with Google to create a set of open-source, validated, and ready-to-use SE Applets. Today, we are launching the General Availability (GA) version of StrongBox for SE. This applet is qualified and ready for use by our OEM partners. It is currently available from Giesecke+Devrient, Kigen, NXP, STMicroelectronics, and Thales.
It is important to note that these features are not just for phones and tablets. StrongBox is also applicable to WearOS, Android Auto Embedded, and Android TV.
Using Android Ready SE in a device requires the OEM to:
- Pick the appropriate, validated hardware part from their SE vendor
- Enable SE to be initialized from the bootloader and provision the root-of-trust (RoT) parameters through the SPI interface or cryptographic binding
- Work with Google to provision Attestation Keys/Certificates in the SE factory
- Use the GA version of the StrongBox for the SE applet, adapted to your SE
- Integrate HAL code
- Enable an SE upgrade mechanism
- Run CTS/VTS tests for StrongBox to verify that the integration is done correctly
We are working with our ecosystem to prioritize and deliver the following Applets in conjunction with corresponding Android feature releases:
- Mobile driver’s license and Identity Credentials
- Digital car keys
We already have several Android OEMs adopting Android Ready SE for their devices. We look forward to working with our OEM partners to bring these next generation features for our users.
Please visit our Android Security and Privacy developer site for more info.
Money doesn’t buy you happiness – cryptocurrency doesn’t buy you a genuine COVID-19 vaccine
The post Warning issued over scams touting fake COVID‑19 vaccines, asking for Bitcoin appeared first on WeLiveSecurity
The company was left to deal with three months’ worth of IT problems
The post Vengeful IT worker gets jail time for deleting company’s Microsoft user accounts appeared first on WeLiveSecurity
Nearly half of reported cybercrime losses in 2020 were the result of BEC fraud, according to an FBI report
How do you balance the right to repair with the requirement to remain secure?
The post When repairing things you own may make you an outlaw appeared first on WeLiveSecurity
Why do many organizations have a hard time keeping up with the evolving threat landscape and effectively managing their cyber-risks?
The post 5 reasons why (not only) financial companies struggle with cybersecurity appeared first on WeLiveSecurity
Zack is amazing! I have gone to him with computer issues for the past few years now and he always finds a way to fix… Read more “Amazing!”
Professional, smart & sensitive
Cannot say enough good things about Zack Rahhal and his team. Professional, smart, sensitive to small biz budgets and a helluva good guy. Could not… Read more “Professional, smart & sensitive”
AMAZINGLY WONDERFUL STAFF
stars indeed. So reliable and helpful and kind and smart. We call Al and he is “on it” immediately and such a FABULOUS teacher, patient… Read more “AMAZINGLY WONDERFUL STAFF”
Whatever my need, unfailingly helpful
I’ve been a customer of the staff at Advantage for many years now. They have never let me down! Whatever my need, however big or… Read more “Whatever my need, unfailingly helpful”
Best Kept Secret
I’ve known the Advantage Team for years. They are the absolute best techs in the field, bar none. I couldn’t tell you how many tens… Read more “Best Kept Secret”
I had an excellent experience with Advantage. Aside from being extremely professional and pleasant generally, Zack was incredibly responsive and helpful, even before and after… Read more “Excellent Experience”
The engineering team at Advantage Computers is the best in the business. They are nothing short of technical wizards.
It’s like having a cousin in the business.
Al, Nasser and Zack have been keeping our operations going for over a decade, taking care of our regular upgrades and our emergency system problems.… Read more “It’s like having a cousin in the business.”
I became a customer about 6-7 months and I can say nothing but great things about this business. Zack takes care of me. I am… Read more “Highly Recommended”
THANK GOD for this local computer repair business who saved me hundreds, my hard drive was messed up, i called the company with warranty they… Read more “Life Savers”
I don’t have enough words to express my appreciation
I don’t have enough words to express my appreciation for Nassar and Paul, and the other members of Advantage Computer Solutions. I live in Bergen… Read more “I don’t have enough words to express my appreciation”
Great Advice and Service
Advantage offers great advice and service
I bought parts for my gaming pc online and they put it together in a day for a… Read more “Great Advice and Service”