New ‘smart’ tokens and risk-based factors deliver tighter security, but setups remain complex and user interfaces need a facelift.
Due to numerous exploits that have defeated two-factor authentication, either by social engineering, remote access Trojans or various HTML injection techniques, many IT departments now want more than a second factor to protect their most sensitive logins and assets.
Tech firms and privacy groups are fighting back against an amendment that would give the FBI a top-level view of “electronic communication transactional records” (ECTRs) without the need for a warrant in terrorism and spy cases.
ECTRs include everything from the websites you’ve visited to how long you browsed a particular page. It’s all up for grabs as part of an amendment to the Electronic Communications Privacy Act being considered this week by the Senate Judiciary Committee. The legislation would expand the government’s ability to collect data using a National Security Letter, or NSL, which doesn’t require a court order and typically includes a gag order saying the recipient cannot publicly acknowledge the letter.
Check Point’s security research team has discovered vulnerabilities in Facebook’s standard online Chat function, and its separately downloaded Messenger app.
The vulnerabilities, if exploited, would allow anyone to essentially take control of any message sent by Chat or Messenger, modify its contents, distribute malware and even insert automation techniques to outsmart security defences.
New Project Sonar scans uncover unnecessarily open ports in systems worldwide: Australia, China, France, US, Russia, and UK, among nations most at risk.
More then 10 million systems worldwide on the Internet leave a door open to their relational databases and millions of nodes leave telnet, printer, and other ports exposed, according to new data from Rapid7’s Project Sonar.
Potential rewards for hacking central bank are high for attackers with a sophisticated skill set
The U.S. Federal Reserve, the nation’s central bank, detected more than 50 cybersecurity breaches between 2011 and 2015, including a handful attributed to espionage.
The Fed’s Washington-based Board of Governors identified 51 information disclosures during the five-year period, according to information obtained through a Freedom of Information Act request by Reuters.
New Android spyware, apparently targeting government security job seekers, has been detected in Saudi Arabia. The code is poor but the malware works efficiently, claims McAfee in a report published yesterday.
The spyware openly masquerades as a chat app called Chat Private. McAfee claims it is working in tandem with a job site that offers work for security personnel in government or military jobs. In reality the site seems much like any other job site and advertises many different job sectors, including for example, media, accounting, education, medical and so on.
The Solarin smartphone promises security, including on-device malware protection and optional encryption, for those who have everything else.
7 PaaS Startups To Watch
(Click image for larger view and slideshow.
From the land of expensive wristwatches comes a very expensive smartphone. Sirin Labs, based in Schaffhausen, Switzerland, on Wednesday launched Solarin, a £9,500 ($13,700) Android phone that the company describes as “a military-grade super smart
A large number of ransomware families have emerged over the past several months, and a new one is now making the rounds, Microsoft researchers warn.
Dubbed Ransom:Win32/ZCryptor.A, the ransomware abuses infection vectors used by other malware, such as spam emails, macro malware, and fake installers. Unlike other ransomware families out there, however, this piece of malware also exhibits worm-like behavior, which allows it to self-propagate from a compromised machine.