Payment authorization and one-time passwords – Mobile Token

andreasc
-
0
Payment authorization and one-time passwords – Mobile Token
[ad_1]
Payment authorization and one-time passwords – Mobile Token

Isn’t it shocking that people still use passwords like QWERTY12, 1234, or pet names for their online accounts? To make matters worse, many users tend to have the same password across multiple services. This makes it easier for hackers to access their accounts and steal sensitive information. It was one of the reasons why organizations like banks had to implement extra security measures to safeguard their customers’ data and transactions.

The importance of mobile tokens

With the advancement of mobile banking, terms such as “bank tokens” and “mobile tokens” have become increasingly relevant. These forms of authentication and authorization have become indispensable in the everyday use of mobile applications, and their significance cannot be overstated in financial security.

In this context, it is worth exploring top-notch Mobile Token solutions. As a reliable and efficient authorization method, the token provides effective protection and convenience for customers, addressing the needs of modern financial institutions.

The mechanism behind the mobile token solution

The tool generates one-time passwords (OTP). It is used to authorize various operations in mobile and online banking channels, such as transactions and data changes, or to authorize operations using a mobile PIN without rewriting the SMS code. This mechanism is also used for two-factor authentication (2FA) or mobile authentication.

The mobile token provides a range of functions that can simplify a bank’s customers’ lives. The most commonly used are operations and transaction authorization. We know firsthand that users appreciate this way of handling payments and confirmations. So, why not give it a try and experience the convenience it has to offer? 

Multifactor authentication or a complicated authorization process can frustrate users, as they often don’t consider security a primary concern. If the methods are too complex or inconvenient, they seriously influence user experience. Eliminate this threat and choose a user-friendly option right away. 

In addition to customer benefits, the bank gains heightened security, PSD-2 compliance, and cost-effectiveness. Not to mention, that the solution can be seamlessly integrated with the bank’s infrastructure.

To sum up

Mobile tokens offer a balance of security and convenience, ensuring that financial transactions are safe and user-friendly. A reliable Mobile Token solution exemplifies this approach, providing a reliable method for safeguarding online and mobile banking operations.

It supports various functions, including transaction authorization and two-factor authentication, enhancing the security framework without overwhelming the user. Thus, it is an essential component of modern banking security.

  1. The Future of Fintech Applications
  2. List of most used passwords is here and it’s appalling
  3. Types of SaaS Applications: Categories and Examples
  4. A Short Guide to Understanding Exciting Realm of Fintech
  5. Digital Transformation in Financial Industry: Role of Fintech

[ad_2]
Source link

WhatsApp rolls out bottom navigation bar for all, tests AI chat suggestions

andreasc
-
0
WhatsApp rolls out bottom navigation bar for all, tests AI chat suggestions
[ad_1]

WhatsApp has finalized the location of the navigation bar for its Android app. The relocated feature essentially offers the same tabs such as Chats, Status, Communities, and Calls, but users can easily swipe the navigation bar to view these tabs, in addition to tapping.

Keeping in line with Google’s Material Design guidelines, Meta has now settled on a new and eye-catching navigation bar. The company is also testing AI chat suggestions with a few beta testers.

WhatsApp Navigation Bar will reside at the bottom

Ever since WhatsApp introduced the concept of tabs, it has kept the ability to switch between them at the top of the screen. It began with the Calls tab, which was quickly followed by the Status tab. WhatsApp started offering a “Communities” tab in 2022.

WhatsApp users could switch between these tabs quite easily using the navigation bar located at the top of the app. However, Meta claims it has moved the ability to switch between these tabs per Google’s Material Design guidelines.

WhatsApp has been testing the new navigation bar design for about a year now. Beta testers witnessed Meta adding and then removing the revamped navigation bar multiple times.

Interestingly, WhatsApp deployed the new navigation bar on the primary devices the app was originally registered on. The instant messaging app on “linked” Android smartphones continued to offer the old navigation bar.

However, moving forward, all devices that have the WhatsApp app will offer the new swipeable navigation bar located at the bottom. WhatsApp won’t allow moving the new tab bar. In other words, it will remain pinned to the bottom of the screen.

Although the new WhatsApp navigation bar features four tabs including Chats, Updates, Communities, and Calls, it is quite different from the old layout. Each tab now has equal prominence and space. The old tab bar had a small tab for Communities, while Chats, Status, and Calls, had bigger tabs.

It appears WhatsApp is trying to prioritize Communities. This tab allows users to organize and consolidate groups in a single space. A three-person icon represents this tab in the old and the new navigation bar.

WhatsApp testing AI chat suggestions

The new bottom-located navigation bar is now mandatory for all WhatsApp users. However, the instant messaging platform is reportedly testing a new automated chatting assistant with a few beta testers.

In its current form, the new experimental feature is suggesting contacts WhatsApp users can talk to. The new feature is located at the bottom of the list of active chats.


[ad_2]
Source link

The AI Pin will integrate with Google Photos and Contacts

andreasc
-
0
The AI Pin will integrate with Google Photos and Contacts
[ad_1]

The Humane AI Pin is soon to be out in circulation, and the company is continuing to send out updates and new functionality to this device. A new update coming to the device will integrate it with some important Google services. According to a new report, the AI Pin will integrate with Google Photos and Contacts.

In case you don’t know what the Humane AI Pin is, it’s a pendant that you attach to your clothes. This pendant has several sensors including a microphone and a camera. It can use these sensors to observe the world. The AI Pin can contact AI models in the cloud and provide answers to questions that you ask it. It basically brings the utility of ChatGPT into the real world.

The AI Pin costs $699 to buy, and it comes with several accessories like a charging case, two battery boosters, Etc. Also, in order to use the device, you will need to pay a $24 monthly fee for wireless connectivity.

The AI Pin will integrate with Google Photos and Contacts

Looking at this device, it seems odd that it will eventually integrate with Google Photos, as it does not have a screen. However, it won’t display photos.

The AI Pin actually has a pretty capable 13-megapixel camera with a wide 120° field of view. You shouldn’t expect Pixel-level quality, but the camera definitely gets the job done. When you take a picture, the onboard software will perform color correction, denoising, and other automatic edits. This is so that you can use the camera as an actual camera and not just a device to scan objects.

Well, when you connect the Humane.Center web portal to your Google account, The AI Pin will automatically upload the pictures you take to Google Photos. It will do this once you connect to Wi-Fi. So, if you have to hastily take a picture of something using your AI Pin, you will be able to see it uploaded to your Google Photos feed.

Google Contacts

Connecting your Google account will also give the AI Pin access to your Google contacts. You will be able to sync your contacts to the device, so you will be able to quickly contact them via voice commands.

Say, you want to call your sister. Well, you will be able to tell the AI Pin to call your sister, and it will immediately place a call because your sister’s contact information has been synced.


[ad_2]
Source link

97% of Organizations Exposure to Attacks Via SaaS Supply Chain

andreasc
-
0
97% of Organizations Exposure to Attacks Via SaaS Supply Chain
[ad_1]

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation, and growth.

However, this shift towards a more interconnected digital ecosystem has not come without its risks.

According to the “2024 State of SaaS Security Report” by Wing Security, a staggering 97% of organizations faced exposure to attacks through compromised SaaS supply chain applications in 2023, highlighting a critical vulnerability in the digital infrastructure of modern businesses.

The report, which analyzed data from 493 companies in the fourth quarter of 2023, illuminates the multifaceted nature of SaaS security threats.

From supply chain attacks taking center stage to the alarming trend of exploiting exposed credentials, the findings underscore the urgent need for robust security measures.

Supply Chain Attacks: A Domino Effect

Supply chain attacks have emerged as a significant threat, with 96.7% of organizations using at least one app that had a security incident in the past year.

The MOVEit breach, which directly and indirectly impacted over 2,500 organizations, and North Korean actors’ targeted attack on JumpCloud’s clients are stark reminders of the cascading effects a single vulnerability can have across the supply chain.

The simplicity of credential stuffing attacks and the widespread issue of unsecured credentials continue to pose a significant risk.

The report highlights several high-profile incidents, including breaches affecting Norton LifeLock and PayPal customers, where attackers exploited stolen credentials to gain unauthorized access to sensitive information.

MFA Bypassing and Token Theft

Despite adopting Multi-Factor Authentication (MFA) as a security measure, attackers have found ways to bypass these defenses, targeting high-ranking executives in sophisticated phishing campaigns.

Additionally, the report points to a concerning trend of token theft, with many unused tokens creating unnecessary risk exposure for many organizations.

Looking Ahead: SaaS Threat Forecast for 2024

As we move into 2024, the SaaS threat landscape is expected to evolve, with AI posing a new threat.

The report identifies two primary risks associated with AI in the SaaS domain: the vast volume of AI models in SaaS applications and the potential for data mismanagement.

Furthermore, the persistence of credential-based attacks and the rise of interconnected threats across different domains underscore the need for a holistic cybersecurity approach.

Practical Tips for Enhancing SaaS Security

The report offers eight practical tips for organizations to combat these growing threats, including discovering and managing the risk of third-party applications, leveraging threat intelligence, and enforcing MFA.

Additionally, regaining control of the AI-SaaS landscape and establishing an effective offboarding procedure are crucial steps in bolstering an organization’s SaaS security.

The “2024 State of SaaS Security Report” by Wing Security serves as a wake-up call for businesses to reassess their SaaS security strategies.

With 97% of organizations exposed to attacks via compromised SaaS supply chain apps, the need for vigilance and proactive security measures has never been more critical.

As the digital landscape continues to evolve, so must our approaches to protect it.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


[ad_2]
Source link

How to back up your Mac

andreasc
-
0
How to back up your Mac
[ad_1]

Backing up your Mac computer doesn’t need to be intimidating.

By taking advantage of a user-friendly feature released by Apple several years ago, the entire backup process can be handled almost automatically, preserving your most important files, photos, applications, and emails from cyberthreats and mishaps.

Before starting the backup process, you will need an external storage device that can connect to your Mac with a USB or Thunderbolt cable. External storage devices, which are sometimes called external hard drives, are developed and sold by many different companies, including Lacie, SanDisk, and Western Digital.

If you do not have an external storage device, you must first get one. You should also follow Apple’s recommendation that your external storage device be twice as large as the hard drive of your Mac computer.

To find the hard drive size of your current Mac, open the System Settings app on your computer. On the left-hand rail, click General and then, in the window open to the right, click Storage.

Several statistics and options will be shown.

At the top of the Storage section, the hard drive space is shown. Here, it is 494.38 GB, or 500 GB roughly.

The Mac shown here has 500 GB of internal storage. If we were to back this Mac up, we would need to use an external storage device of 1 TB (terabyte).

Once you have your external storage device, you can begin the actual backup processs.

The simplest way to back up your Mac is with the built-in feature “Time Machine.”

First, connect your external storage device to your Mac.

Then, you need to set up that storage device as your “backup disk.” This means that, from this point forward, your external storage device will have one primary use, and that is as a backup device that syncs with Time Machine. Apple recommends that you do not use your external storage device that you are using with Time Machine for anything other than Time Machine backups.

To set up your storage device as your backup disk, follow these instructions:

Go to System Settings.  

Click on General in the left sidebar.

From here, click on Time Machine in the main window displayed to the right.

From the Time Machine menu, click Add Backup Disk or click the “Add” button (+).

From here, select your external storage device and then click Set Up Disk.

At this point in the process, you may receive two options from Time Machine:

  1. If your device has other files on it, you will be asked if you want to erase the device so that it can be used solely as a backup with Time Machine. You can erase the files immediately and then continue the backup process through Time Machine. If you do not want to erase the files, you need to get a separate external storage device that will be used exclusively as a backup with Time Machine.
  2. If your external storage device already has backups from a prior computer, you will be asked whether you can to keep those backups and roll them into new backups made with Time Machine. This is up to you.

From here, the backup process is nearly done.

To make a backup, simply click on Back Up Now from the Time Machine menu.

Your first backup could take a long time to complete, but know that you can continue using your computer like normal while the process happens in the background.

From here on, whenever you attach your external storage device to your Mac, Time Machine will automatically ask to make a backup of the changes to your Mac. You can also change the frequency of your backups in your Time Machine Settings.


[ad_2]
Source link

YouTube will push Shorts in a new carousel on the web

andreasc
-
0
YouTube will push Shorts in a new carousel on the web
[ad_1]

The vertical scrolling video feed war rages even on even though TikTok faces ban in the United States. YouTube’s vertical scrolling videos are called Shorts, and the company has been finding ways of squeezing them into more corners of the YouTube experience. According to a new report, YouTube will push Shorts in a new horizontally scrolling carousel on the web.

YouTube Shorts are extremely easy to access on the YouTube app. They have their own dedicated tab on the bottom bar and you can see them occasionally posted as blocks in your main YouTube feed. YouTube even made it easy to access Shorts via YouTube TV. So, it’s clear that the company is looking for more ways of pushing its Shorts. This is fortunate for people who create Shorts, as we recently got the news that a quarter of YouTube Shorts creators are making ad revenue.

YouTube has a new horizontally scrolling carousel for Shorts on the web

Currently, when you go to the YouTube website, you will see the typical selection of both videos and Shorts. You will see the feed of your regular videos followed by a horizontally scrolling feed of Shorts under them, and those alternate.

Well, according to a new report, YouTube is testing yet another way to view Shorts. The company may show Shorts in a little sidebar while you’re viewing a video.

When watching a video, we are used to seeing the vertically scrolling feed of video recommendations on the right side of the screen. Well, looking at the screenshot below, we see that YouTube will cut out a space in this feed for a collection of Shorts. It looks like this feed will be close to the top of the screen. We will see three Shorts on the screen with a little arrow on either side of the feed to scroll.

YouTube Shorts carousel

If you switch to theater mode, it won’t hide the carousel. In fact, it will just shift it lower. So that it is still visible to the user.

Right now, it looks like the company is testing this on a limited number of accounts. So, there’s no telling when more people will see this new feed.


[ad_2]
Source link

TIDAL is one of the first major music streaming services to launch this feature

andreasc
-
0
TIDAL is one of the first major music streaming services to launch this feature
[ad_1]

TIDAL is making it much easier to share music with your friends. The streaming service sneakily pushed out an update that makes it possible to share universal links with people who use different music streaming services.

A new update released on March 26 introduces this specific feature that’s been confirmed to work with multiple music streaming services, including Apple Music and Spotify (via Reddit). Here is an excerpt from the changelog:

Now, with just a couple of taps, your friends can play any TIDAL track, artist, or album that you share on their preferred streaming service – no fuss or feeling left out because they’re not on the same platform.

Unfortunately, TIDAL doesn’t mention what streaming services are compatible with its universal links, but it does promise to add more in the coming weeks. This is specifically the case for music streaming platforms that aren’t that popular, so if you’re using Apple Music, Spotify or YouTube Music, you shouldn’t have any issues.

As one of the Redditors points out, you might have to restart the app after updating to the latest version in order for the ability to share universal links to show up. TIDAL is the first and only major streaming service to offer this customer-oriented feature, so let’s hope that the others will follow soon.

[ad_2]
Source link

Google Revealed Kernel Address Sanitizer To Harden Android Firmware

andreasc
-
0
Google Revealed Kernel Address Sanitizer To Harden Android Firmware
[ad_1]

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source nature.

However, it has a big attack surface with over 2.5 billion active Android devices all over the world.

It also poses challenges when it comes to prompt vulnerability patching due to its fragmented ecosystem that consists of different hardware vendors and delayed software updates.

Malware distribution, surveillance, and unauthorized financial gain, or any other malicious purpose are some examples of how cybercriminals take advantage of these loopholes in security.

Recently, Google unveiled the Kernel Address Sanitizer (KASan) to strengthen the Android firmware and beyond.

Android Firmware And Beyond

KASan (Kernel Address Sanitizer) has broad applicability across firmware targets. Incorporating KASan-enabled builds into testing and fuzzing can proactively identify memory corruption vulnerabilities and stability issues before deployment on user devices.

Document

Download Free CISO’s Guide to Avoiding the Next Breach

Are you from The Team of SOC, Network Security, or Security Manager or CSO? Download Perimeter’s Guide to how cloud-based, converged network security improves security and reduces TCO.

  • Understand the importance of a zero trust strategy
  • Complete Network security Checklist
  • See why relying on a legacy VPN is no longer a viable security strategy
  • Get suggestions on how to present the move to a cloud-based network security solution
  • Explore the advantages of converged network security over legacy approaches
  • Discover the tools and technologies that maximize network security

Adapt to the changing threat landscape effortlessly with Perimeter 81’s cloud-based, unified network security platform.

Google has already leveraged KASan on firmware targets, leading to the discovery and remediation of over 40 memory safety bugs, some critically severe, through proactive vulnerability detection.

Address Sanitizer (ASan) is a compiler instrumentation tool that identifies invalid memory access bugs like out-of-bounds, use-after-free, and double-free errors during runtime. 

For user-space targets, enabling ASan is straightforward with the -fsanitize=address option. However, for bare-metal code built with none system targets like arm-none-eabi, there’s no default runtime support. 

The -fsanitize=kernel-address option exposes an interface to provide custom KASan runtime implementations, like the Linux kernel’s routines.

KASan’s core idea is to instrument memory access operations like loads, stores, and memory copy functions to verify the validity of destination/source regions. 

It only allows access to valid regions tracked in a shadow memory area, where each byte represents the state (allocated, freed, accessible bytes) of a fixed-size memory region. 

Upon detecting an invalid access, KASan reports the violation.

Enabling KASan for bare-metal targets requires implementing instrumentation routines to check region validity during memory operations, report violations, and manage shadow memory to track the state of covered regions.

Here below we have mentioned all the sequential steps:-

  • KASan shadow memory
  • Implement a KASan runtime
  • Memory access check
  • Shadow memory management
  • Covering global variables
  • Memory copy functions
  • Avoiding false positives for noreturn functions
  • Hook heap memory allocation routines

For the usage of KASan on bare-metal code, one should employ -fsanitize=kernel-address option of the compiler and -asan-mapping-offset to indicate the location of shadow memory, -asan-stack/globals=1 to cover stack/global variables and -asan-instrumentation-with-call-threshold=0 for outlining checks against code bloat.

In addition, strategies such as leveraging Rust (a memory-safe language) are being advanced in order to proactively guard against memory vulnerabilities in the Android system.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


[ad_2]
Source link

The WhatsApp call screen is getting a fresh look

andreasc
-
0
The WhatsApp call screen is getting a fresh look
[ad_1]

WhatsApp consistently introduces new features to the application, ranging from allowing users to upload one-minute-long statuses to pinning multiple messages. Just a week after revising the WhatsApp navigation bar, a revamped video and audio call screen interface is now available to some beta users.

WhatsApp Beta users can now experience a new view of the Call Screen

According to a report by WABetaInfo, the Meta-owned platform has introduced an enhanced call screen interface in WhatsApp beta for Android update 2.24.7.19. The new look is sleeker and more icon-driven compared to its previous counterpart, which was more basic but functional.

The Minimize button replaces the back button, located at the top left corner. This allows the call to be easily minimized and resumed by simply clicking it. Earlier, the lack of clear contrasts confused users who mistook the back button for the end call button. Additionally, the rebuilt interface enhances the user interaction process by enabling the addition of new members through the add participant button at the top right corner.

Some of the UI navigation elements have been updated

Another WhatsApp feature reporting publication, TheSpAndroid, has highlighted the new look of the bottom bars.

Following the images, it is evident that the new interface likely utilizes a constraint layout to achieve flexible positioning of the buttons. The new format buttons feature boasts consistent background colors for easy distinguishing from their surroundings. For instance, the buttons from the old version had a common background of grey color.

As depicted, there are three-dot menu settings that replace the arrow. The menu will likely serve the same purpose of expanding functionalities. TheSpAndroid reports that the three-dot menu is currently non-functional, indicating that the setting is still in development.

The given interface appears when a user initiates the switch between audio and video calls. Presently, this tweaked screen is undergoing testing on the latest WhatsApp beta version. The exact timeline for its official release remains unknown.

If you are eager to test these new features and provide feedback, you can join the beta program through the Google Play Store. Unfortunately, the beta program is currently at full capacity. You may need to wait a bit longer to gain early access to the latest WhatsApp updates.


[ad_2]
Source link

Google Password Manager will soon let you import passwords right from your phone

andreasc
-
0
Google Password Manager will soon let you import passwords right from your phone
[ad_1]
Google’s making our lives a little easier in the password management game. If you’re like me, juggling dozens of logins gets messy, and if you have opted to use Google’s own password manager (the one you find in Chrome) in favor of third party ones, you’ll find that it is not as feature-rich as one would hope.
There are several reasons why I prefer to use Google Password Manager. For one, it is free, which is always a plus. Secondly, I find that it works well when you stay within Google’s ecosystem. For example, password autofill on my desktop Chrome browser and apps on my Google Pixel device is pretty much seamless. However, things can get a little dicey if you want to go a little more in-depth and import passwords from a CSV file. While this works very well on desktop, it hasn’t really been an option on mobile…until now.
Google Password Manager on Android devices is part of Google Play Services. As spotted by AssembleDebug back in February, a change was already taking shape there of a half-working option that had been added to import a CSV file from your phone’s storage.

Now, with Play Services v24.12, which is still in beta, this option is now there without the need to enable any experimental flags. We’ve always had the option to export our credentials as a CSV file, but it was just not possible to do it the other way around, unless you used the Chrome desktop browser.

Image Credit: AssembleDebug

The process looks super straightforward, as you can see in the screenshots above. One thing that’s a bit of a mystery is what exactly gets imported, although it appears that duplicates do get skipped. Since this is still in beta, there’s of course a chance that this will be further tweaked and streamlined as we get closer to a widespread release, which is likely around the corner.


[ad_2]
Source link
1...258259260...1,470Page 259 of 1,470