9-vendor authentication roundup: The good, the bad and the ugly

New ‘smart’ tokens and risk-based factors deliver tighter security, but setups remain complex and user interfaces need a facelift.

Due to numerous exploits that have defeated two-factor authentication, either by social engineering, remote access Trojans or various HTML injection techniques, many IT departments now want more than a second factor to protect their most sensitive logins and assets.

In the three years since we last reviewed two-factor authentication products, the market has responded, evolving toward what is now being called multi-factor authentication or MFA, featuring new types of tokens.

Read More Networkworld

Accessing your internet browsing history is FBI’s top legislative priority

Tech firms and privacy groups are fighting back against an amendment that would give the FBI a top-level view of “electronic communication transactional records” (ECTRs) without the need for a warrant in terrorism and spy cases.

ECTRs include everything from the websites you’ve visited to how long you browsed a particular page. It’s all up for grabs as part of an amendment to the Electronic Communications Privacy Act being considered this week by the Senate Judiciary Committee. The legislation would expand the government’s ability to collect data using a National Security Letter, or NSL, which doesn’t require a court order and typically includes a gag order saying the recipient cannot publicly acknowledge the letter.

Read More Cnet

Vulnerabilities in Facebook Chat and Messenger exploitable with basic HTML knowledge

Check Point’s security research team has discovered vulnerabilities in Facebook’s standard online Chat function, and its separately downloaded Messenger app.

The vulnerabilities, if exploited, would allow anyone to essentially take control of any message sent by Chat or Messenger, modify its contents, distribute malware and even insert automation techniques to outsmart security defences.

Facebook vulnerability chat

Read More Helpnetsecurity

Millions Of Systems Worldwide Found Exposed On The Public Internet

New Project Sonar scans uncover unnecessarily open ports in systems worldwide: Australia, China, France, US, Russia, and UK, among nations most at risk.

More then 10 million systems worldwide on the Internet leave a door open to their relational databases and millions of nodes leave telnet, printer, and other ports exposed, according to new data from Rapid7’s Project Sonar.

Read More Darkreading

Fed reports 50-plus breaches from 2011 to 2015, some instances of espionage

Potential rewards for hacking central bank are high for attackers with a sophisticated skill set

The U.S. Federal Reserve, the nation’s central bank, detected more than 50 cybersecurity breaches between 2011 and 2015, including a handful attributed to espionage.

The Fed’s Washington-based Board of Governors identified 51 information disclosures during the five-year period, according to information obtained through a Freedom of Information Act request by Reuters.

Read More Computerworld

Android Spyware Snoops on Government, Military Security Job Seekers

New Android spyware, apparently targeting government security job seekers, has been detected in Saudi Arabia. The code is poor but the malware works efficiently, claims McAfee in a report published yesterday.

The spyware openly masquerades as a chat app called Chat Private. McAfee claims it is working in tandem with a job site that offers work for security personnel in government or military jobs. In reality the site seems much like any other job site and advertises many different job sectors, including for example, media, accounting, education, medical and so on.

Read More Securityweek

Sirin Labs’ ‘Military-Grade’ Smartphone Sports Celebrity Price

The Solarin smartphone promises security, including on-device malware protection and optional encryption, for those who have everything else.

7 PaaS Startups To Watch

7 PaaS Startups To Watch

(Click image for larger view and slideshow.

From the land of expensive wristwatches comes a very expensive smartphone. Sirin Labs, based in Schaffhausen, Switzerland, on Wednesday launched Solarin, a £9,500 ($13,700) Android phone that the company describes as “a military-grade super smart

Read More Informationweek

US finds no cyber threats, despite declaring “national emergency”

A report said that not one malicious cyber-threat was found, and the federal government spent more money than it received in collected sanctions.

(Image: via file footage/CBSNews.com)

Six months after issuing an executive order to handle the “national emergency” that the US faced amid the growing wave of cyberattacks, the Obama administration has yet to find any threats.

Read More ZDNet

ZCryptor Ransomware Spreads via Removable Drives

A large number of ransomware families have emerged over the past several months, and a new one is now making the rounds, Microsoft researchers warn.

Dubbed Ransom:Win32/ZCryptor.A, the ransomware abuses infection vectors used by other malware, such as spam emails, macro malware, and fake installers. Unlike other ransomware families out there, however, this piece of malware also exhibits worm-like behavior, which allows it to self-propagate from a compromised machine.


Read More Securityweek