Instagram users will soon be able to use a quick way to reach stories as well as go live only for accounts they follow back

Social media giant Instagram is not just famous for letting its users post their media content; it is also known for ensuring that its audience gets a good user experience. The apps keep bringing in new updates and features that are meant to help the users stay connected with others.

According to Alessandro Paluzzi, a mobile developer, and leaker, the platform is working on two new features. These features will include the ability to go live only for the accounts that are followed back by a user, as well as introducing a new way to help users reach stories while scrolling down the feed.

Starting with the first one, just like Facebook, Instagram is also famous due to its “live video” feature. People have been using it for different purposes, such as to stay connected with their followers or to promote brands as influencers. Some even use it as a discussion forum. On his Twitter account, Alessandro revealed that soon users will be able to go live only for people they follow back. In a screenshot that was posted by him, it can be seen that users will be shown three options: go live for everyone, for followers that are followed back, and for close friends only. As a result, users will be in full command of who can and cannot become a part of their live session.

The live feature was introduced seven years ago, in 2016. Since that day, the developers have introduced multiple updates that can help users with their live stream. Features such as asking questions or controlling the live audience have helped in providing a better experience to the users.

Similarly, the app is also working to ensure that stories don’t go unseen, and if a user is scrolling down the feed, they can find a quick way to view the stories of people they are following. Based on the image shared by Alessandro on the tweet revealing the upcoming update, it can be seen that if a user has come down on the feed, a popup will be displayed at the top of the screen.

The popup will act as a reminder to check out the stories of their followers, as it will display the profiles of people who added to their stories. Once a user taps on the floating or pop-up reminder, they will find themselves at the top, ready to view stories. In this way, Instagram can make sure that the content posted, even in the form of stories, gets maximum views and doesn’t go unseen.

Read next: What’s the Best Way to Boost SERP Rankings?
by Arooj Ahmed via Digital Information World

Application Security Trends and Challenges in 2023

What Is Application Security?

Application security refers to the process of designing, developing, testing, and implementing security measures within software applications to protect the application, its data, users, and connected networks. The goal is to identify and address security vulnerabilities and protect sensitive data from various threats, such as malware, hacking, and other malicious attacks.

Image: Freepik/Wangxina

The application security process involves practices such as security tests, threat modeling, code reviews, penetration testing, and secure coding practices. Application security is not a one-time process but rather an ongoing effort to maintain the security of an application throughout its entire lifecycle.

Application Security Challenges

Here are common challenges that organizations face when addressing application security include:

Code Injections

Code injection attacks involve the insertion of malicious code into an application, with the intent of exploiting vulnerabilities and gaining unauthorized access to sensitive data or systems. These attacks can take various forms, including SQL injection, cross-site scripting (XSS), command injection, and others.

Malicious Bots

Malicious bots are automated software programs that perform repetitive tasks, such as scraping website content or performing Distributed Denial of Service (DDoS) attacks. These bots can be used to exploit application vulnerabilities, steal sensitive data, and launch other types of attacks.

In the past attackers had to create their own bots. However, the rise of Bot as a Service (BaaS) providers has made it easier for individuals and organizations to launch malicious bot attacks, without the need for advanced technical skills or resources.

Application Misconfiguration

Application misconfiguration occurs when an application is not configured correctly, leaving it vulnerable to attacks. This can include leaving default credentials in place, misconfiguring security settings, or leaving sensitive information exposed. Unfortunately, misconfigurations are often difficult to detect and address as they can occur at any stage of the SDLC, and can be caused by a range of factors, such as human error or miscommunication between teams.

Insufficient Encryption Measures

Encryption is a crucial component of application security, as it helps protect sensitive data from being intercepted or stolen. However, insufficient encryption measures, such as weak encryption algorithms or improper key management, can make it easier for attackers to bypass encryption and gain access to sensitive data.

Application Security Trends

While challenges mount, there are multiple important trends that can allow organizations to improve application security in the face of a growing threat landscape.

Code Scanning

Code scanning can help identify potential security risks early in the development process and improve the quality of the application code, leading to more stable and reliable applications. It can be done manually or with the help of automated tools. Here are commonly used code scanning techniques:

• Static application security testing (SAST): Involves analyzing application source code for potential security vulnerabilities and coding errors. SAST tools analyze the code without actually executing it, which can help to identify potential vulnerabilities early in the development process.
• Dynamic application security testing (DAST): Involves analyzing an application while it is running. DAST tools simulate attacks on the application and identify potential security vulnerabilities, such as injection flaws or XSS vulnerabilities. DAST tools can be used to identify vulnerabilities that may not be detected by SAST tools.
• Interactive application security testing (IAST): Combines elements of both SAST and DAST. IAST tools analyze the application code while it is running, and can identify potential security vulnerabilities in real-time.
• Software composition analysis (SCA): Involves analyzing third-party software components and libraries for potential security vulnerabilities. SCA tools can identify vulnerabilities in open-source libraries and components, and also identify licensing issues and other compliance issues related to third-party software.

Adopting Automated Security Capabilities Powered by AI

Many organizations are adopting automated security capabilities, powered by artificial intelligence (AI), to help improve the speed and accuracy of their security processes. AI-powered security tools can help to identify security vulnerabilities, detect and respond to threats, and reduce the workload of security teams.

Some examples of AI-powered security tools include:

• Threat intelligence platforms (TIPs): Use machine learning algorithms to analyze large volumes of data, such as threat feeds and security alerts, to identify potential threats.
• Security orchestration, automation, and response (SOAR) platforms: Use AI to automate security operations, such as incident response and vulnerability management.
• Automated penetration testing tools: Use AI to simulate attacks and identify vulnerabilities in applications and networks.

Threat Modeling

Threat modeling is a process that involves identifying potential threats to an application and assessing the likelihood and impact of these threats. Threat modeling helps to identify potential vulnerabilities and risks early in the development cycle, enabling developers to prioritize security issues and implement appropriate security measures.

Threat modeling can be done manually or with the help of automated tools. Some automated tools use AI to help identify potential threats, which can speed up the threat modeling process and improve the accuracy of threat assessments. Threat modeling can also help to reduce the cost and time required to address security issues later on in the development cycle.

Security Champions

Security champions are individuals within an organization who are appointed to be advocates for security and to promote secure coding practices among developers. Security champions are typically developers or other technical staff who have a keen interest in security, and who receive additional training in security best practices. These individuals act as liaisons between security teams and development teams, providing a point of contact for security-related issues and questions.

By appointing security champions, organizations can help to integrate security practices throughout the development process, which can lead to more secure applications. Security champions can help to identify security risks and vulnerabilities early in the development cycle, reducing the likelihood of expensive and time-consuming security issues later on.

Conclusion

In conclusion, application security continues to be a critical challenge for organizations in 2023. The increasing use of web applications, mobile applications, and cloud services has made applications a prime target for cyber attackers. Organizations face a range of security challenges, including code injections, malicious bots, application misconfigurations, and insufficient encryption measures.

However, there are also many emerging trends and technologies that can help organizations to address these challenges. These include the adoption of automated security capabilities powered by AI, the rise of security champions, the use of code scanning techniques such as SAST, DAST, IAST, and SCA, and the continued adoption of threat modeling practices.

To effectively secure their applications, organizations must prioritize application security as an ongoing process, and implement a comprehensive security program that includes regular security assessments, vulnerability scanning, and penetration testing. By staying up-to-date with the latest application security trends and adopting best practices for application security, organizations can reduce the risk of security incidents and protect their applications and data against cyber threats.

by Web Desk via Digital Information World

OpenAI CEO Says He’s Scared of His Own Invention

Ever since Oppenheimer saw the gruesome effects of the atomic bomb he helped create, inventors have become wary of having all that rosy of an outlook on what their innovations can do. It seems like the CEO of OpenAI, Sam Altman, is also having some misgivings about ChatGPT, and he recently mentioned that he was actually somewhere fearful of it in an interview with ABC News.

With all of that having been said and now out of the way, it is important to note that Altman stated a few key areas that AI could prove problematic in. For one thing, Altman is concerned that authoritarian regimes might end up creating AI of their own, and they would be quick to use it to spread disinformation and fake news for their own nefarious purposes.

A Chinese company by the name of Baidu has already teased a ChatGPT competitor, namely the chatbot known as Ernie. The Chinese government is notorious for having a lot of control over companies that are operating within its borders, and that might make Ernie more dangerous than might have been the case otherwise.

What’s more, Vladimir Putin has also made some frightening comments about AI. According to Putin, whoever control’s AI will end up controlling that world, which is chilling because of the fact that this is the sort of thing that could potentially end up sparking a new arms race with AI at the center of it all.

Finally, Altman has his eye on the 2024 US presidential election due to how ChatGPT and other forms of AI might end up impacting the election in numerous ways. Whether or not AI will play a negative role remains to be seen, but one thing that is certain is that it will play a definitive role either way.

Both Google as well as Microsoft are upping the ante in terms of their AI investments. That makes AI rather inevitable, since it will be the main focus of two of the biggest tech corporations in the entire world and neither of them will stop until they come out on top.

Read next: What’s the Best Way to Boost SERP Rankings?
by Zia Muhammad via Digital Information World

WhatsApp users will soon be able to pin messages within a conversation

According to Wabetainfo, Whatsapp is currently planning to introduce a feature through which users will be able to pin certain messages during a conversation, either in a group setting or one-on-one.

At the start of February, it was revealed that WhatsApp will start working on a feature that will enable its users to pin messages during a conversation. As a result, the user will be able to access them easily or pin messages carrying important reminders. The developers have come a long way, and a preview has also been shared by the app, showing how exactly the upcoming feature will function and how pin messages will be shown at the top of the screen.

Based on the screenshot posted by Wabetainfo, it can be seen that a certain text message was pinned in a chat. If a user wants to use the feature, they can simply act by selecting the targeted messages and tapping on the pin icon displayed in chat options. After the icon has been tapped, the user will now be able to view the pinned message at the top of the chat so it can be accessed instantly whenever the user wants to.

It is believed that the ability to pin a message will turn out to be very useful, as not only can the message be used as a reminder, but it can even highlight any important part of the conversation during a group discussion. As a large number of group messages might result in important information getting skipped, the user can simply put a pin on any such message so anyone who is a part of the group will be able to view the message.

However, what needs to be focused on is that the feature is still in the development stage and might take some time before it gets released globally. Though no official release date has been shared by WhatsApp as to when the new feature will be rolled out, it can be expected that the beta version will soon be available.

Read next: Organizations Waste 10% of Their Budgets on Unused Software Infrastructure, New Survey Reveals
by Arooj Ahmed via Digital Information World

New Study Claims 48% Of Americans Stress About Their Taxes And Resort To Professional Help

New research is speaking about the woes and worries of American citizens regarding the stress of paying taxes. And according to this survey, around 48% worry about it.

The survey comprised around 2,000 American adults, out of which 500 were CPAs and bookkeepers. They were quizzed about how they felt about the worries linked to taxes and what pain points were felt along the way regarding the tax season.

Around 39% of respondents claim they file taxes starting the month of February while 28% claim to file taxes in March. On average, tax professionals claim that 41% file personal taxes a little too late. And then you have one in every six people recommending filing taxes as early as the year starts in January.

This poll was conducted by OnePoll a part of SurePayroll. The survey revealed how across the board, there were some extremely stressful parts of this tax process and one of them had to do with gathering necessary data and waiting for documents from employers to come forward.

Other concerns had to do with requiring the need for money so individuals could pay back.

One representative for the company highlighted how it’s always a great idea to start the preparations for tax collections at an early point in time. If you do that before April, it really does pay back big time for small-scale organization owners as it limits stress.

50% of CPAs have recommended that small-scale organizations get professional assistance with their taxes. And some 80% end up referring clients to online payroll services. This decision centralizes crucial documents for tax prep and also saves a lot of time and worry on the part of small firm owners.

While 47% of individuals were seen filing taxes all by themselves, 53% did end up taking consultations from professionals to get the work done.

Other results spoke about tax experts consulting others in the field when they required help, to maximize return, where the figure stood at 63%. Others sought financial advice and they made up 62% of the majority. But the greatest shocker included 73% admitting that they were concerned about finding professionals that maximize their returns.

Today, more citizens are being aware of how money is so important and the average CPA spend around $1900 to get more professional help so their tax needs are met.

Other than that, the average respondent that does not require more assistance related to tax needs would just end up spending $500 to get expert help.

On average, experts claim that seeking professional help is advised when there is a person who makes more income while others feel anyone with this type of income needs to attain opinions from proper tax preparers.

Other kinds of advice mentioned in the study related to searching for alternatives such as online assistance or resorting to big-scale companies. You have to be willing to make use of beneficiaries that are as updated as possible. And above all, you need to take extra protective measures to shield yourself against tax fraud.

Read next: What Country Has the Highest Minimum Wage?
by Dr. Hura Anwar via Digital Information World

TikTok’s CEO Says The App Has Never Shared Or Been Requested To Share Data With The Chinese Government

TikTok’s CEO is gearing up for his crucial meeting in the US state capital.

He hopes to convince American lawmakers that the company has never ever shared or been requested to share data belonging to US citizens with members of the Chinese government. The news comes amid striking concerns about America’s national security which many believe is at stake and facing a threat, thanks to this app.

TikTok revealed that it would never even honor such requests if they were made to it.

CEO Shou Zi Chew would be testifying in front of Congress on Thursday as per a recently published statement set out by the country’s House of Representatives Committee.

He similarly mentioned that TikTok’s parent company called ByteDance isn’t owned or controlled by any Chinese firm or governmental organization. It functions independently of all others, adding how ByteDance isn’t China’s agent or an agent belonging to any other global nation.

So many critics of the app claim that they fear TikTok is passing on sensitive information to Chinese Government officials and prompting a leading number of calls to apply a ban on the platform due to these actions.

In the past week, TikTok mentioned how the goal of the Biden administration is to put more pressure on the app and make it separate from its Chinese parent firm ByteDance. It called for it to divest its stake in the platform or face a potential ban on the platform across the US.

Chew’s testimony added how it’s clear that bans would only be appropriate when you find no alternatives but in this case, there seems to be one so a ban is not the right solution.

It was only a few days back that the TikTok CEO added how the solution to the problem is not dividing the company or selling off the US division. That would not prove any accusations to be true and neither would it find the way out of the problem.

Similarly, the popular social media app says it has spent a staggering $1.5 billion on efforts calling for stringent data security efforts. This campaign is called Project Texas and so many lawmakers have tried hard to convince others including the Biden administration that is plan needs to be supported.

Now, it’s up to the Congress to pass its final judgment on what it feels is necessary to do during this crucial moment in time.

Read next: TikTok Assures Advertisers Everything Will Be Okay Despite A Potential Ban In The US
by Dr. Hura Anwar via Digital Information World

What Is the Supply Chain Threat and How Does it Impact Businesses Everywhere?

What Is a Supply Chain Attack?

A supply chain attack is a type of cyberattack that targets the software and hardware components of a supply chain. A supply chain is a network of organizations, people, activities, information, and resources involved in the creation and delivery of a product or service. In a supply chain attack, an attacker targets a supplier of a company or organization to gain access to the targeted organization's network or data.

Image: freepik/rawpixel

The goal of a supply chain attack is to compromise the security of the targeted organization by exploiting vulnerabilities in the supply chain. Attackers may use various tactics, such as tampering with the software or hardware components of the supply chain, introducing malware into the supply chain, or stealing sensitive information from suppliers.

Supply chain attacks are becoming increasingly common, as they provide attackers with a way to compromise multiple organizations through a single point of entry. Such attacks can be difficult to detect and defend against, as the affected organization may not be aware of the compromise until it's too late. Therefore, it's important for organizations to assess the security of their supply chains, implement appropriate security measures, and monitor their supply chain for potential vulnerabilities and threats.

How the Supply Chain Threat Impacts Businesses

Supply chain threats can have a significant impact on businesses, including the following:

• Financial impact: Supply chain threats can result in significant financial losses for businesses. For example, if a key supplier experiences a disruption or outage, it can result in production delays, missed delivery deadlines, and lost revenue.
• Reputation damage: Supply chain threats can also damage a business's reputation, particularly if they result in customer dissatisfaction or negative media coverage. Customers may lose confidence in the business's ability to deliver products and services, leading to lost sales and reduced brand value.
• Operational disruption: Supply chain threats can disrupt business operations, leading to delays, cancellations, and other issues. For example, if a supplier experiences a cybersecurity breach, it can result in downtime, lost productivity, and other operational challenges.
• Regulatory and compliance issues: Supply chain threats can also lead to regulatory and compliance issues, particularly if they result in data breaches or other security incidents. This can result in fines, legal action, and other penalties that can have a significant impact on a business's bottom line.

Research from BlackBerry revealed that in 2022, four out of five (80%) organizations were alerted of a vulnerability or attack in their software supply chain. The survey, which collected information from 1500 IT and cybersecurity decision-makers across the US, UK, and Australia, sheds light on the impact of supply chain attacks on businesses.

Over half of the organizations under attack experienced data loss (58%), operational disruption (58%), intellectual property loss (55%), and reputational loss (52%), and nearly half (49%) suffered financial loss. 53% of these organizations recovered within a week, 37% took an entire month, and 10% needed as much as three months to recover.

Types of Supply Chain Attacks

Supply chains can target any organization using third-party vendors for software and infrastructure. These attacks can be grouped into the following categories:

Physical supply chain threats

This type of attack involves compromising the physical security of the supply chain. It can include theft, tampering, or interception of goods during transportation or storage. Attackers can gain access to the supply chain by posing as suppliers, using fake documents or exploiting vulnerabilities in logistics systems.

Software supply chain threats

Software supply chain threats involve attacking the software components of the supply chain, such as the tools, libraries, or frameworks used in software development. Attackers can introduce malware, backdoors, or other malicious code into the software components, which can then spread to other systems in the supply chain. This can be done by exploiting vulnerabilities in the CI/CD pipeline, using fake or compromised software packages, or exploiting weaknesses in software update processes.

Digital supply chain threats

Digital supply chain threats involve attacking the digital assets used in the supply chain, such as the data or communication systems. Attackers can use various techniques, such as social engineering or ransomware, to gain access to the digital assets of the supply chain. This can result in data theft, system downtime, or financial losses.

Business email compromise

Business email compromise (BEC) attacks involve impersonating a trusted supplier or vendor to gain access to sensitive information or payment details. Attackers can use phishing emails or other social engineering techniques to trick employees into revealing information or transferring funds to fraudulent accounts.

Insider threats

Insider threats involve employees or contractors of a supplier who intentionally or unintentionally compromise the security of the supplier's network. This can include stealing data, installing malware, or providing unauthorized access to third parties.

How to Ensure Supply Chain Security

Conduct Asset and Access Inventories

Conducting asset and access inventories is an important step in ensuring supply chain security. It involves identifying and cataloging all the hardware, software, and data assets within a supply chain, as well as defining who has access to them.

The purpose of conducting asset and access inventories is to gain a comprehensive understanding of the supply chain and to identify potential vulnerabilities that may exist. For example, if a supplier has access to sensitive information, but their security controls are weak, it can pose a risk to the security of the entire supply chain.

To conduct an asset and access inventory, organizations should follow these steps:

1. Identify all the assets within the supply chain: This includes hardware, software, and data assets. Organizations should have a clear understanding of what assets are in the supply chain, where they are located, and who has access to them.
2. Categorize assets by their level of criticality: Not all assets within the supply chain are equally important. Organizations should categorize assets based on their level of criticality to the business, such as sensitive data or mission-critical systems.
3. Identify who has access to the assets: Organizations should have a clear understanding of who has access to each asset, including employees, contractors, and third-party suppliers. Access should be defined based on roles and responsibilities, and organizations should have processes in place to manage access.
4. Assess the security controls in place: For each asset, organizations should assess the security controls that are in place to protect it. This may include physical security measures, such as locks or surveillance cameras, as well as technical security controls, such as firewalls or encryption.
5. Identify potential vulnerabilities: By assessing the assets and access controls in place, organizations can identify potential vulnerabilities and gaps in their supply chain security. This information can be used to develop a plan to address these vulnerabilities and reduce the risk of supply chain attacks.

Using Automated Security Testing Tools

Automated security testing tools can help organizations to identify and fix potential security issues before they can be exploited by attackers, including potential vulnerabilities in software components used in the supply chain, such as libraries, frameworks, and applications.

Here are some examples of automated security testing tools:

• Static application security testing (SAST): SAST tools analyze the source code of an application to identify potential vulnerabilities, often by using a set of rules to detect coding errors such as buffer overflows. SAST tools can help developers identify security issues early in the development process, reducing the risk of security flaws being introduced later in the supply chain.
• Dynamic application security testing (DAST): DAST tools test running applications to identify security vulnerabilities. These tools simulate attacks against an application and identify vulnerabilities that can be exploited by attackers, such as SQL injection or cross-site scripting (XSS). DAST tools can help identify security issues that may be missed by SAST tools.
• Software composition analysis (SCA): SCA tools analyze the software components used in an application to identify known vulnerabilities. These tools check the software components against a database of known vulnerabilities and provide a report on any issues found. SCA tools can help identify vulnerabilities introduced by third-party components used in the supply chain.
• Interactive application security testing (IAST): IAST tools combine the features of SAST and DAST tools to analyze the running application's code and identify potential security issues. IAST tools can identify vulnerabilities such as code injection or authentication bypass by monitoring the application's code while it's running. This provides a more comprehensive assessment of the application's security posture.

Beware of Dependency Confusion Attacks

Dependency confusion attacks are a type of software supply chain attack that target software development pipelines by exploiting the use of third-party dependencies. Many software development projects rely on third-party libraries and components, which are often obtained from public package repositories. Dependency confusion attacks take advantage of the fact that these repositories are not authenticated, and there is no mechanism in place to prevent the use of malicious or unauthorized packages.

In a dependency confusion attack, attackers upload malicious packages to public package repositories, which are designed to mimic the names and version numbers of legitimate packages used in software development projects. When the software development pipeline runs, it downloads the malicious package instead of the legitimate one. This can lead to the introduction of malicious code into the software, which can compromise the security of the system and allow attackers to gain access to sensitive information.

To protect against dependency confusion attacks, organizations should take the following steps:

• Use reputable sources for dependencies: Organizations should use reputable sources for third-party dependencies, such as the official websites of the package providers, rather than relying on public repositories.
• Use checksums to ensure package integrity: Developers should use checksums to verify the integrity of the packages they download. Checksums are a type of digital fingerprint that can be used to ensure that a package has not been tampered with or corrupted.
• Use explicit dependencies: Organizations should use explicit dependencies to ensure that the software development pipeline only uses the packages that have been explicitly specified. This reduces the risk of using unauthorized or malicious packages.
• Monitor package usage: Organizations should monitor the usage of packages in their software development pipelines to identify any unusual or unauthorized packages. This can help detect and prevent dependency confusion attacks.

Elevate Third-Party Risk Management

Third-party risk management involves assessing the security practices of third-party suppliers and vendors that provide goods or services to the organization. To elevate third-party risk management, organizations should take the following steps:

• Security assessments: Organizations should conduct thorough security assessments of third-party suppliers and vendors to identify potential vulnerabilities and risks. This can include reviewing security policies and procedures, conducting security audits, and assessing the suppliers' security practices.
• Contractual security obligations: Organizations should establish clear contractual security obligations with third-party suppliers and vendors. This can include requirements for data protection, security controls, and incident response. These obligations should be clearly defined and enforceable to ensure that suppliers and vendors take security seriously.
• Monitoring third-party security: Organizations should implement ongoing monitoring of third-party security practices to ensure that suppliers and vendors are maintaining the required security standards. This can include regular security assessments, vendor reviews, and audits.
• Security certifications: Organizations should require third-party suppliers and vendors to provide security certifications and attestations, such as ISO 27001 or SOC 2. These certifications and attestations provide assurance that the supplier or vendor has implemented a comprehensive security program.
• Incident response: Organizations should establish incident response procedures for third-party security incidents. These procedures should define how to detect, respond, and report incidents involving third-party suppliers and vendors.

Conclusion

As the complexity and interconnectedness of supply chains continue to increase, so does the risk of supply chain attacks. It's critical for businesses to take proactive steps to protect their supply chains, including conducting asset and access inventories, using automated security testing tools, elevating third-party risk management, and implementing other security best practices.

Organizations that fail to take supply chain security seriously are at risk of experiencing severe consequences, including data breaches, business disruptions, financial losses, intellectual property theft, compliance violations, and reputational damage. By taking a comprehensive and proactive approach to supply chain security, organizations can reduce the risk of supply chain attacks and protect their operations and customers from potential harm.

by Web Desk via Digital Information World