Google, which gradually has been moving its users away from using passwords as their main form of authentication for Web services, has joined a young organization whose goal is to phase out passwords and replace them with various forms of strong authentication. The FIDO Alliance, formed last year, is working to make two-factor authentication the[...]
Browsing Category: Social Engineering
Twitter is facing increased pressure to beef up authentication for users after the hijacking of another high-profile account yesterday caused some temporary tremors on the stock market. The social network has reportedly been testing two-factor authentication internally; Twitter lags behind Google, Facebook, Microsoft and Apple in implementing a two-factor authentication system. Wired claimed in a[...]
The call-center equivalent of network-based denial-of-service attacks, known as telephony denial-of-service (TDoS), have targeted emergency services among other industries, enough to garner attention from the Department of Homeland Security, Federal Bureau of Investigation, Federal Communications Commission and others in an confidential alert memo, Krebs on Security reported.
It appears that a spear phishing campaign was the genesis for the wiper malware infections that ultimately knocked several prominent South Korean banks and broadcasters offline last week, according to a malware analysis performed by researchers from the Finnish cybersecurity firm F-Secure.
VANCOUVER–When Facebook announced last month that its corporate infrastructure had been compromised through a watering-hole attack against several of its employees, it was major news, both because of the attack itself and because the company had come out and owned up to it. The interesting thing, however, is that this was not the first major problem that the Facebook incident response team had handled. In fact it was the third one in less than a year.
Gmail accounts are high-priority targets for attackers of all stripes, particularly spam crews and state-sponsored attackers who use them to monitor the activities of activists and journalists. Hijacking those accounts can be quite useful for spammers and malware gangs as well, but Google said that it has put security measures in place that have greatly reduced the number of successful hijack attempts.
Hackers targeted and compromised computer networks at United States Department of Energy headquarters in Washington DC two weeks ago, according to a report published by the Washington Free Beacon earlier this morning.
Facebook is serious about its new Graph Search feature, which helps users of the social media site narrowly search for friends with common interests in a much more intuitive fashion than a Google search, for example. Founder Mark Zuckerberg had tagged Graph Search the third Facebook pillar, right alongside the site’s news feed and timeline. So why are security and privacy experts nervous? There’s some serious horsepower behind Graph Search, and there are users whose interests aren’t as benign as finding friends of friends in a particular location who happen to like country music, fine wine and yoga.
The Java saga continued when unknown, and apparently well concealed goons exploited recent Java and Internet Explorer zero-days to compromise the website of the French-based, free-press advocacy group, Reporters Without Borders. The attack, which attempted to take advantage of the time-gulf that separates Oracle’s patch release from their users’ application of it, is part of a watering hole campaign also targeting Tibetan and Uygur human rights groups as well as Hong Kong and Taiwanese political parties and other non-governmental organizations.
Scammers are spamming out malicious emails purporting to come from payroll processing company ADP, according Dancho Danchev of Webroot.