F5 Networks on Tuesday introduced Shape AI Fraud Engine (SAFE), a new SaaS offering that promises to eliminate fraudulent online transactions that can sometimes bypass other security and fraud detection controls.

Leveraging technology from its $1 billion acquisition of Shape Security earlier this year, F5’s SAFE service evaluates online transactions via AI in order to understand user intent and block potential fraud before it occurs. The product marks F5’s first real push into the fraud market since acquiring Shape Security, the company said.
Following its acquisition of Shape Security, F5 has integrated Shape’s capabilities into its portfolio of application security services, with F5 serving as a traffic flow insertion point for Shape’s online fraud and abuse prevention solutions. F5’s app security services specialize in protecting applications across multi-cloud environments.
“The need for innovation in fraud prevention becomes more urgent when you factor in the accelerated shift to online channels driven by the current global health situation,” said Sumit Agarwal, VP of analytic products at F5, and co-founder of Shape. “We’re seeingfraudsters launch increasingly sophisticated attacks that take advantage of COVID-driven shifts and overall economic distress.”
Earlier this year F5 announced series of new multi-cloud application security services, including a service that brought its Web Application Firewall (WAF) technology to the NGINX platform stemming from the company’s acquisition of NGINX. 
The acquisitions of Shape Security and NGINX and recent product launches have allowed F5 to reframe its approach to security with a focus on four key areas: application layer security, trusted application access, application infrastructure security and intelligent threat services. The Shape AI Fraud Engine fits into this approach and gives F5 an entry point into the fraud prevention market. The service is available now. More

Facebook has resolved a coding issue in live video services that allowed attackers to effectively delete content without the consent of owners. 

On April 17, security researcher Ahmad Talahmeh published an advisory explaining how the vulnerability worked, together with Proof-of-Concept (PoC) code able to trigger an attack. Facebook’s live video allows users to broadcast and publish live streams, a feature that has been widely adopted not only by individuals but also by companies and organizations worldwide — especially during the time of the COVID-19 pandemic due to stay-at-home orders.  Owners can publish live streams through a page, group, and event. Once a broadcast has ended, users can implement video trimming to cut out unnecessary content from their streams, such as by scrubbing between to- and from- timestamps. Talahmeh found an issue with this feature that allowed live video to be trimmed on behalf of owners to the point of deletion, an unexpected behavior that could have ramifications for privacy and security.  The problem lies in trimming video to five milliseconds, according to the researcher.  “Trimming video to five milliseconds will cause the video to be 0 seconds long and the owner won’t be able to untrim it,” Talahmeh says. 

After obtaining the target live video’s ID and current user ID, code containing a packaged request for a video to be trimmed can be submitted that removes the video. Talahmeh reported his findings to the social media giant on September 25, 2020. The issue was triaged within two hours and a patch was confirmed by Facebook three days later. A bug bounty of $11,000 was issued via BountyCon 2020 and two additional bounties, $1150 and $2300, were later awarded by Facebook. The bug bounty researcher has separately detailed a way to untrim any live video on the platform, a bug bounty report worth $2875. In addition, a further security issue surrounding Facebook business pages and updates informing customers of any changes prompted by COVID-19 — such as alterations to opening times, deliveries, or access to physical outlets — was found by Talahmeh.The “Coronavirus (COVID-19) Update From {page name}” system could be updated with analyst permissions — that are normally read-only — and this report earned Talahmeh $750.  ZDNet has reached out to Facebook and we will update when we hear back.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Image: Cameron Spencer/Getty Images
During Australia’s federal Budget Estimates last year, Services Australia was grilled by senators about various initiatives under its remit, from the COVID-19 digital certificate rollout to the bungled robo-debt scheme. Of concern to Labor Senators Tim Ayres and Nita Green was the alleged lack of security of Australia’s COVID-19 digital certificates, with both of them criticising the certificate for being easily forged through man-in-the-middle cyber attacks. Providing responses to the senators’ concerns, Services Australia said it was aware of reports concerning man-in-the-middle cyber attacks via the Medicare Express Plus app, but brushed off the concerns by merely saying such attacks “require significant knowledge and expertise”. It added that there are currently no vulnerability disclosure programs in place nor any future plans to implement such a program for the digital vaccination certificates. This is despite security researcher Richard Nelson last year detailing the difficulty for the private sector and the public in reporting vulnerabilities about the certificates to government, which was referenced by Ayres during Budget Estimates. Services Australia also said the Digital Transformation Agency (DTA) had no plans to consider establishing bounty programs. “Services Australia takes the integrity of the Medicare system and the Australian Immunisation Register extremely seriously,” Services Australia said in its response to questions on notice. “Full cyber assessments are undertaken several times a year and we work closely with the Australian Signals Directorate and Australian Cyber Security Centre on potential vulnerabilities on mobile applications.”

As of the end of October, over 12.3 million Australians have downloaded COVID-19 digital certificates, the agency said in another response. For Australia’s other federal COVID-19 product, COVIDSafe, the DTA provided an update that monthly costs to run the app have been around what it expected of around AU$60,000 a month since it took over responsibility for the app. As of early October, there are 7.7 million COVIDSafe registrations, DTA added.The DTA had also been asked by Labor Senator Marielle Smith during Budget Estimates on how many people had downloaded the app and then deleted it, but the agency said it does not track that data. In regards to questions about Service Australia’s progress in refunding wrongly issued robo-debts, the agency provided more information about the people who are still yet to receive a refund. The agency said there are now around 8,500 people who are yet to receive a refund. Of these, 501 are deceased estates, 280 are incarcerated, 539 are indigenous, and 106 had a vulnerability indicator on their customer record at the time they were last in receipt of payment. Services Australia explained that these refunds had not been processed yet as the victims have not provided bank details to the agency in order to receive the payment. A Senate Committee inquiring into the robo-debt system is still awaiting for Services Australia and Minister for Government Services, Linda Reynolds, to provide documents about the legal advice Services Australia received in implementing robo-debt. Both have refused to provide that information under claims of public interest immunity. Related Coverage More

Yuichiro Chino/Getty Images On Nov. 7, 2024, Google released a System update for Android 9 and later, which included a new service, Android System SafetyCore. Most of these patches were the usual security fixes, but SafetyCore was new and different. Google said in a developer note that the release was an “Android system component that provides […] More

This is the year you’re going to go to the gym three times a week, and you’re going to get organized, and you’re going to live life to its fullest, and …

Aw, who are we kidding? Everyone makes those resolutions, and they’re usually just a distant memory by Super Bowl Sunday. So instead of those unrealistic promises to yourself, how about if we start with something that’s a little more achievable? I’ve got some recommendations for smart things you can resolve to do with your technology in the new year to make you happier, more productive, and maybe even less anxious.I wrote the original version of this column back in 2019, but the advice is still timely. Even if you only check one or two of these items off your 2022 to-do list, I promise you’ll be better off.Back up to the cloudNo matter how many times well-meaning advice columnists tell us to back up, we find excuses to not do that task. And so, when (not if) some horrible catastrophe renders the data on our PC or smartphone completely inaccessible, there’s no backup available. Or there’s a backup from several months ago that’s missing everything you’ve done lately.This is where the cloud becomes a digital life saver, capturing the bits that document your digital life. It is easy to configure your smartphone so that every photo and video on your camera roll is backed up to whichever cloud you call home: Google Photos, Dropbox, Microsoft OneDrive, or Apple’s iCloud.Meanwhile, on your PC or Mac, sync your important data files to that same cloud. It’s particularly easy to do this with a consumer OneDrive account. After signing in, open OneDrive Settings, click the Backup tab, click Manage Backup, and follow the instructions. Just make sure to save important files to the Desktop, Documents, and Pictures folders, which are then backed up automatically.Also: Get smart about passwords

Using a bad, easy-to-guess password can turn your life upside down. Just ask anyone who’s ever had a bank account compromised. Reusing any password, even a strong one, is just as bad. If a sloppy website allows your credentials to be stolen, a determined thief will try them at other sites.So, how do you generate a strong, unique password for every account, and how do you keep track of them all? Use a password manager. I prefer to store my heavily encrypted password file in the cloud using 1Password, but you have plenty of other choices, as I explain in this article.Also, don’t use “correct horse battery staple” as your password. It’s almost as bad as “123456.”Also:Turn on 2FA everywhereIf, despite your best precautions, an online thief steals your credentials for an important website or service, you have another roadblock to put in their way. Add multi-factor authentication (often called two-factor authentication, or 2FA) to every important online account. This is especially important for email credentials, any kind of banking or payment service, and all your social media accounts. In fact, if an important service doesn’t offer 2FA as a security option, you should perhaps ask them why not.Both Google and Microsoft make simple, elegant authenticator apps for smartphones. If you’re the independent sort, try the free Authy app. I’ve put together a 2FA explainer that can get you started. Do it today.See also: Better than the best password: How to use 2FA to improve your securityStop tweaking thingsIn the early days of the PC revolution, computers were like the Ford Model T. If you took one out on the road, you’d better have a full toolkit handy and be prepared to get very greasy while tinkering under the hood.The heyday of the Model T was almost exactly a century ago. In the 21st Century, when cars are mostly code, you are not going to make your Tesla go faster by going in and editing some config files. The same is true with PCs. I routinely see people who insist that they can make their computing machines go at warp speed with a few registry edits.But when I look deeper into those magical tweaks, I almost never find that any of these trivial changes truly make a difference, and each one involves the risk of unintended, performance-sapping consequences. Most of modern computing is just physics, after all. You want a faster computer? Add more memory, or replace that old spinning disk with an SSD.Also: Take your updatesAmong the tinfoil-hat set, it is fashionable to argue that true experts focus their energy on preventing software developers from installing updates. They believe, after all, that the best version of your OS was the one released three years ago (or five years ago, or even ten) and everything that has happened since has been an unmitigated disaster.Meanwhile, here on Earth-1, every major software platform updates itself continuously. Problems with updates are relatively rare and generally solved within days or, very rarely, a week or two.If you’d prefer to take a conservative approach, it’s easy enough to defer updates for up to a month while you wait for others to identify any issues. But spending energy trying to override built-in update code is time you’ll never get back.Also: Uninstall your antivirusThere might have been a case for installing third-party antivirus software on a Windows PC a decade or two ago, but today? Not so much. Windows Defender, which is part of every Windows 10 installation, is good enough.That’s not just damning with faint praise, either.These days, the only reason that third-party antivirus exists is so that PC makers can actually squeeze out a profit from the bounties they get for preinstalling this crap on cheap new PCs for consumers. The overwhelming majority of malicious software should be shut off long before it gets to your PC, using the built-in protections provided by your email provider, your ISP, and your web browser.In fact, that third-party software is just as likely to get in the way of an update or accidentally quarantine a crucial system file. Save your money and just get rid of it. If you’ve got a PC on which one of the large third-party security programs came preinstalled, you might have to use a special tool to get rid of it completely. Here are some handy links for Norton, McAfee, and Trend Micro products.Also: The 5 best VPN services More