Apple Allows Uber to Record Your iPhone Screen, General Electrics Chooses AWS for Cloud Transformation and More in This Week’s News

Uber Can Record Your iPhone Screen Activity

Security researcher Will Strafach recently found that the Uber app can secretly record user activity on iPhone devices.

The feature, also known as “entitlement”, is selectively granted by Apple and for now there’s no information on any other apps having such large permissions granted. Entitlement is a powerful feature from the newly introduced screen-recording API which allows apps to record a user’s screen and all the information even if the app is closed (recording passwords, monitoring users and collecting personal data).

Book a demo today to see GlobalDots is action.

Optimize cloud costs, control spend, and automate for deeper insights and efficiency.

Book a demo today to see GlobalDots is action.

The main issue is that vast amounts of such sensitive data would become very vulnerable if someone managed to hijack Uber’s software. A representative of Uber also said that the entitlement was only used for an old version of the Apple Watch app because the original Apple Watch lacked map rendering capabilities.

It is still unclear for how long the Uber app has had these permissions. However, since the disclosure, Uber said it would proceed to remove the code from its iPhone app’s codebase.

A close-up of a smartphone screen displaying various app icons,including the Uber app.

Read More:

Hacker News, Gizmodo

General Electric Partners With AWS to Complete Cloud Migration

Since the start of the company’s digital transformation in 2014, General Electric has used AWS for most of their cloud needs. As of recently, GE has chosen Amazon’s cloud branch as their “preferred cloud provider”.

Over 2,000 GE apps will be hosted on AWS, including those by GE Power, GE Aviation, GE Healthcare, GE Transportation, and GE Digital divisions.

“Adopting a cloud-first strategy with AWS is helping our IT teams get out of the business of building and running data centers and refocus our resources on innovation as we undergo one of the largest and most important transformations in GE’s history.

Chris Drumgoole, CTO and Corporate VP @ General Electric

AWS said that cloud migrations as the one by GE are something it regularly encounters across various industries and sectors. An increasing number of companies is looking for safe, adaptable and flexible platforms to host critical infrastructure elements.

Read More:

Cloud Pro, Business Wire

NGINX Launches Open Source WAF

The NGINX team announced their Web Application Firewall (WAF) platform, which will operate on top of their open-source ModSecurity software.

The new NGINX WAF has four main components:

  1. Layer 7 attack prevention
  2. Custom regex-based rules for developers and engineers on a given network
  3. Automated DDoS protection
  4. Tracking of all traffic activity and transactions for future analysis

The NGINX WAF is hardware-free, fully open source and can be deployed in any network or infrastructure. The open-source approach is meant to bolster collaboration and data sharing to prevent malicious attempts across entire sectors and networks.

The logo of NGINX,displayed in green letters on a dark background.

Read More:

Bizety

Russian Hackers Stole NSA Secrets Through Kaspersky According to Wall Street Journal

A recent article from the Wall Street Journal states that the 2015 NSA data breach was executed through a security program by Russia-based Kaspersky Lab.

In what is described as a Russian state-sponsored attack, hackers stole classified NSA data from a contractor back in 2015 whereas the breach was discovered later in 2016. It’s important to note that there are no firm evidence on the involvement of Kaspersky.

“As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight.”

Eugene Kaspersky, CEO @ Kaspersky Lab

The NSA contractor reportedly downloaded a cache of classified data to a personal computer where it was accessed by hackers.

It is still not clear how the files were stolen. Speculations suggest that the company’s server, based in Russia, may have granted the Russian government access. The details are unclear, and we are yet to see how the “most significant data breach in recent years” will unfold.

Illuminated sign of Kaspersky Lab during nighttime.

Read More:

Hacker News, Wall Street Journal

Disqus Discloses 2012 Hack

Disqus, the well known commenting system, disclosed a massive security breach dating back to 2012.

The web-based comment plugin company admitted a breach from 5 years ago when cybercriminals stole data about over 17.5 million users. The stolen data included: email addresses, usernames, sign-up dates and login dates. Hackers also got their hands on passwords for about one-third of the affected users.

The company became aware of the breach when Troy Hunt, an independent security researcher obtained a copy of the information on 5th October and then proceeded to notify Disqus.

The vector of the breach is still unclear and the San Francisco-based company is still actively investigating this security incident.

Logo of Disqus with a blue background and a speech bubble containing the letter D.

Read More:

Hacker News, Disqus Blog

 

Latest Articles

What is an API Security Audit?

 In January 2024, a misconfigured API exposed 650,000 private messages. These included passwords and internal communications. No exploit chain. No zero-day. Just a public-facing endpoint with no authentication. This wasn’t an isolated incident. From T-Mobile and Twitter (now X) to Kronos Research and the US Treasury, attackers have consistently used APIs as entry points. They […]

Ganesh The Awesome
26th June, 2025
The Ultimate API Security Checklist for 2025

APIs are now the top attack vector in enterprise apps. In 2024 alone, breaches tied to APIs cost an average of $4.88 million, and that number is rising fast. Attackers exploit gaps in API authentication, input validation, and outdated endpoints to compromise systems. Legacy controls no longer suffice, and the OWASP API Top 10 outlines […]

Ganesh The Awesome
26th June, 2025
10 API Security Best Practices for 2025

APIs are the backbone of today’s interconnected software. They power everything from mobile apps and SaaS platforms to internal microservices and partner integrations. But their rapid growth has left many security teams flat-footed. In 2025, many attackers prefer to exploit API misconfigurations hiding in plain sight. What used to be fringe cases (token leakage, zombie […]

Ganesh The Awesome
23rd June, 2025
API Security in 2025: Practical Assessment & Modern Protection Strategies

APIs are no longer an edge case. In 2025, they’re a core requirement for maintaining trust, compliance, and operational continuity. As organizations build more API-driven systems—from customer apps to internal microservices—the exposure risk compounds. And quickly, too. Even mature security teams are finding that traditional tools can’t keep pace with the volume, velocity, and nuance […]

Ganesh The Awesome
23rd June, 2025

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.

    GlobalDots' industry expertise proactively addressed structural inefficiencies that would have otherwise hindered our success. Their laser focus is why I would recommend them as a partner to other companies

    Marco Kaiser
    Marco Kaiser

    CTO

    Legal Services

    GlobalDots has helped us to scale up our innovative capabilities, and in significantly improving our service provided to our clients

    Antonio Ostuni
    Antonio Ostuni

    CIO

    IT Services

    It's common for 3rd parties to work with a limited number of vendors - GlobalDots and its multi-vendor approach is different. Thanks to GlobalDots vendors umbrella, the hybrid-cloud migration was exceedingly smooth

    Motti Shpirer
    Motti Shpirer

    VP of Infrastructure & Technology

    Advertising Services