Looking to Bolster Security, Dropbox Adds Two-Factor Authentication

Several weeks after announcing that some of its users’ log-ins and passwords had been stolen, file storage company Dropbox announced it has added a two-step authentication process over the weekend to help reinforce the security of its users’ accounts.The added layer of security is currently optional but can be selected after users opt in, then check the ‘Security’ section of their “Settings.’

New Java Zero Day Being Used in Targeted Attacks

There is a newly discovered zero day vulnerability in Java 7 that is being used in some targeted attacks right now. The vulnerability works against Internet Explorer and Firefox and researchers say that attackers are exploiting in the wild and installing a version of the Poison Ivy RAT on compromised systems.

Woman Sentenced to 2.5 Years in Prison for ‘Cashing In’ on Hacking Scheme

A Nigerian woman this week was sentenced to 2 years, six months in a U.S. prison for taking part in “one of the most sophisticated and organized computer hacking and ATM cashout schemes ever perpetrated,” according to the FBI.

Sonya Martin, 45, was part of a hacking cell that used sophisticated techniques to break the encryption used by payment processor WorldPay US to protect some 1.5 million worldwide customers’ payroll debit card accounts. Employers used the debit cards to pay workers instead of issuing paper checks.

As security defenses have advanced and become more adaptive in the last decade, malware authors and attackers have had to respond, looking for new ways to get their malicious software onto PCs or exploit previously unknown vulnerabilities. One target is the system BIOS, the low-level instruction set that loads when the computer boots, and now the U.S. government has released some draft specifications for helping to secure BIOS implementations.

For most of the recorded history of malware, viruses, Trojans and other malicious software have been specialists. Each piece of malware typically targeted one platform, be it Windows, OS X or now, one of the mobile platforms. But the last few months have seen the rise of cross-platform malware that have the ability to infect several different kinds of machines with small variations to their code.

Considering the availability of browser-based password management and auto-fill systems and the intuition that you should never put all your eggs in one basket, do the three major browsers offer robust enough security features to justify trusting them with your passwords and, in some cases, credit card information? 

Dennis Fisher talks with Cesar Cerrudo of IOActive Labs about his research project that used Fortune 500 executives’ corporate email addresses as the starting point to gather data about their online activities. Cerrudo found that he was able to map executives’ activities across a wide range of e-commerce, social networking and other sites with just an email address.

Attackers are threatening to launch a second assault on Saudi Aramco on Saturday in order to prove its abilities and the fact that it’s not relying on help from an Aramco insider. The first attack on the oil company occurred last week and resulted in the company taking its Web sites offline, saying that it had been hit by a malware infection on some of its workstations.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.