Now that the TRUST aWARE project has come to an end, it is time to take a look back at the three years our consortium has been working hand in hand towards the achievement of common and exciting goals. These goals, altogether, were aimed to support and help our key stakeholders to effectively manage security & privacy (S&P) issues, with a special focus on citizens. Have we succeeded? Let’s see…
Beyond financial savings, security and privacy tools, such as those developed in TRUST aWARE, help foster social connections, enhance essential service access, and combat harmful content leading to substantial benefits to society.
Android firmware updates are typically managed by the so-called FOTA (Firmware Over-the-Air) apps. Such apps are highly privileged and play a critical role in maintaining devices secured and updated. The Android operating system offers standard mechanisms to vendors to implement their own FOTA apps, but such vendor-specific implementations could be a source of security and privacy issues due to poor software engineering practices. In a recent large-scale study, TRUST AWARE members performed a systematic analysis of the FOTA ecosystem through a dataset of 2013 FOTA apps detected with a tool designed for this purpose over 422,121 pre-installed apps. The findings include that 43% of FOTA apps are developed by third parties, that some devices can have as many as 5 apps implementing FOTA capabilities, and that some apps present behaviours that can be considered privacy intrusive, such as the collection of sensitive user data (e.g., geolocation linked to unique hardware identifiers), and a significant presence of third-party trackers.
Research on citizens’ attitudes towards digital tools for data protection and privacy highlights the need for big data literacy and understanding of data protection, especially in e-government initiatives. This suggests a growing awareness of the need for digital tools to protect personal data. Understanding attitudes towards digital tools is crucial.
The continuous evolution and appearance of new threats demand innovative approaches to protect against them. Two such sophisticated techniques that have gained prominence in recent years are LOLBins and file-less attacks. Individually potent, their combination poses a formidable challenge to traditional security measures. In this blog, we will delve into the intricacies of LOLBins and file-less attacks, explore their synergy, and introduce an advanced solution, Activity Monitor, designed to counteract these threats effectively.
In the rapidly evolving landscape of technology, software and solution developers face a significant challenge in staying compliant with an array of regulatory requirements. The complexity of these requirements cannot be understated, especially in the domains of artificial intelligence (AI), personal data, cybersecurity, and data governance.
The recent attack on China’s Industrial and Commercial Bank (ICBC) underscores the sophisticated threat landscape associated with ransomware, emphasising the need for heightened cyber security measures. The development of Activity Monitor is aimed at assisting organisations in addressing these kinds of threats.
Is it possible for private search engines to preserve user privacy while depending on traditional advertising platforms?
Modifying a software application to make it harder to analyse is a task that has been done for years. One common goal is hiding Intellectual Property (IP) that is embedded in the code, and also licensing algorithms or program’s logic. Software protection techniques are also used by threat actors to hide malicious behavior in malware. The term obfuscation is typically used to refer to such modifications.
Information sharing plays a pivotal role in the realm of cybersecurity due to the dynamic and sophisticated nature of the cyber threats. It entails the exchange of intelligence, insights, and knowledge about cyber threats, vulnerabilities, and defensive measures among organisations, government agencies, security researchers, and relevant stakeholders.
