The Giants have a …home field advantage?

This week, TransUnion confirmed a major cyber incident that exposed personal data of more than 4.4 million people.

The security breach of the popular women-only safe-dating app Tea widened over the weekend, when a second database storing 1.1 million DMs between members was compromised. News of the exposure came da...

Hackers accessed direct messages and selfies belonging to users of the women-only dating intel app, Tea says.

**TOPIC:** The End of Mobile Security Complacency: DMA, Antitrust, and the Rise of Real API Protection Join us for great networking, dinner and drinks, and see a presentati

North Korean Crypto Heists: Mobile and API Threats In this episode of Upwardly Mobile, we delve into the alarming tactics employed by North Korean state-sponsored hackers to siphon billions from the cryptocurrency world. Moving beyond targeting just large exchanges, these sophisticated actors, most notably the infamous Lazarus Group, are increasingly focusing on vulnerabilities in mobile devices and Application Programming Interfaces (APIs), the digital connectors powering our apps. We discuss how your phone, the device you carry everywhere, has become a prime target. Hackers are using sophisticated social engineering and phishing campaigns delivered via messaging apps and social media to trick users into compromising their devices. They develop or infect malicious cryptocurrency apps and fake wallets to steal private keys and transaction data. Furthermore, exploiting vulnerabilities in mobile operating systems and apps, or deploying Remote Access Trojans (RATs) through various mobile vectors, allows them persistent access to steal credentials and control crypto accounts. Reports indicate attackers have even leveraged remote collaboration tools to gain control.APIs, the unseen connectors that enable apps to communicate, are also major targets. North Korean hackers actively seek to steal API keys from developers and employees within crypto firms through phishing and malware. Campaigns like "Operation 99" specifically target developers for sensitive data, including API keys. Exploiting flaws in the design or implementation of exchange and wallet APIs allows them to bypass security or manipulate data. They also utilise supply chain attacks, compromising third-party vendors with API access to gain a foothold and exploit trusted connections. Attacks like the ByBit hack reportedly involved exploiting supplier vulnerabilities and altering wallet addresses, potentially involving API manipulations.These tactics have been linked to high-profile heists against major exchanges like KuCoin and WazirX, and DeFi protocols such as the Ronin Bridge. Stolen funds are then put through complex, multi-stage laundering processes involving mixers, DEXs, and cross-chain bridges to obscure their origin. We also cover essential defence strategies for both individuals and organisations in the crypto space. For individuals, this includes being hyper-vigilant against unsolicited messages, securing your mobile device with updates and trusted app sources, using hardware wallets for significant holdings, implementing strong, unique passwords and 2FA, and diligently verifying wallet addresses. For organisations, robust API security, regular security audits, employee training, supply chain risk management, and advanced threat detection are crucial.This battle is an ongoing arms race, but understanding these evolving threats is the first step to bolstering your defences. Sponsor: This episode is brought to you by Approov, a leader in API and mobile app security. Learn more about protecting your APIs and mobile applications from sophisticated threats by visiting approov.io. Keywords: North Korea, hackers, cryptocurrency, crypto, mobile security, API security, Lazarus Group, phishing, social engineering, malware, vulnerabilities, cybercrime, cyberattack, state-sponsored hacking, API key theft, supply chain attack, cold storage, hardware wallet, 2FA, MFA, security audit, threat detection, Ronin Bridge, KuCoin, WazirX, ByBit, Operation 99, fast flux, bulletproof hosting, OWASP API Security Top Ten, Approov.

No to hard-coded credentials and yes to over-the-air updates on your mobile app, says Ted Miracco, CEO of Approov. And he reminds us that just because it's in an app store doesn't mean it is secure.

Oklahoma State coaches laud Black’s work ethic, attention to detail and yearly improvement

Apple Blasted by Judge: Lying Under Oath and App Store Control Episode Notes: In this episode, we dive into the dramatic developments from the ongoing legal battle between Epic Games and Apple. A recent ruling by Judge Yvonne Gonzalez Rogers has delivered a significant blow to Apple's control over its App Store.The judge has banned Apple from charging a commission on purchases made outside the App Store. This stems from Apple's "ongoing anticompetitive behavior", specifically their response to a previous 2021 ruling that required them to allow developers to direct users to external purchasing options.Instead of allowing commission-free external purchases as anticipated by the court, Apple introduced a policy in 2024 that levied a 27% commission on such transactions. Judge Rogers found that Apple "willfully violated and ignored" her 2021 injunction, stating, "That [Apple] thought this Court would tolerate such insubordination was a gross miscalculation".Furthermore, the ruling revealed serious findings about Apple's conduct during the trial. Judge Rogers found that Apple Vice President of Finance Alex Roman "outright lied" under oath regarding the timing of Apple's decision to impose the 27% fee. The judge stated that Apple "adopted the lies and misrepresentations" by not correcting them. She wrote that Apple presented evidence that seemed "tailor-made for litigation" rather than reflecting actual internal discussions, and that contemporaneous documents showed Apple "knew exactly what it was doing and at every turn chose the most anticompetitive option".Adding to the severity, Judge Rogers referred the matter to U.S. attorneys to investigate potential criminal contempt proceedings against both Alex Roman and Apple Inc.. She also noted that Apple CEO Tim Cook ignored advice from App Store chief Phil Schiller regarding complying with the original injunction.Epic Games CEO Tim Sweeney called the decision a "huge victory for developers" and announced that Fortnite would return to the US App Store following the ruling. He offered a "peace proposal," suggesting Epic would drop litigation if Apple applied the "friction-free, Apple-tax-free framework worldwide".This ruling highlights a significant contrast between Apple's stated values of honesty, compliance, and integrity and the court's findings of willful violation, lying, and anticompetitive behavior. As Judge Rogers stated, "This is an injunction, not a negotiation. There are no do-overs once a party willfully disregards a court order". - Judge bans Apple commission on external App Store purchases. - Ruling finds Apple willfully violated previous order. - Apple VP found to have "outright lied" under oath. - Apple Inc. deemed to have "adopted the lies". - Matter referred for potential criminal contempt proceedings. - Epic Games plans to bring Fortnite back to the App Store. Relevant source materials for this episode include excerpts from articles by The Verge and CNBC and the WSJ.  Keywords: Apple, Epic Games, App Store, Judge Yvonne Gonzalez Rogers, Fortnite, antitrust, lawsuit, court ruling, commission, fees, contempt of court, perjury, Alex Roman, Tim Sweeney, Tim Cook, Phil Schiller, anticompetitive, regulation, tech news, mobile apps, iOS. Protect your mobile apps from fraud and abuse. Learn more athttps://approov.io/.

Podcast Episode · Upwardly Mobile - API & App Security News · 04/10/2025 · 12m