Bankosy Android Trojan Defeats Voice 2FA
Bad guys are always looking for ways to up their game and find ways around the defenses that security companies and users put in their way. To wit, an Android banking Trojan called Bankosy that has added a new capability that allows attackers to bypass voice-based two-factor authentication. The malware has been around for a […]
New York Wants to Force Vendors to Decrypt Users’ Phones
A bill that is making its way through the New York state assembly would require that smartphone manufacturers build mechanisms into the devices that would allow the companies to decrypt or unlock them on demand from law enforcement. The New York bill is the latest entry in a long-running debate between privacy advocates and security experts on one […]
Bug in Trend Micro Password Manager Allows Password Theft
A Google security researcher has discovered a serious, easily exploitable vulnerability in a password manager installed by default with some Trend Micro antivirus products. The bug allows an attacker not only to run arbitrary commands but also to download all of the passwords stored by the manager. The vulnerability was discovered by Tavis Ormandy, a […]
Steal 54 Identities, Get 334 Years in Prison
Civil rights advocates and security researchers for years have been decrying the penalties that result from prosecutions under the United States’ Computer Fraud and Abuse Act (CFAA), saying they often are too harsh. But those sentences pale in comparison to what a Turkish man is facing after his second conviction for hacking and identity theft. […]
IRS Says Identity Theft Protection Services Deductible for Companies
In the face of continued data breaches and an ever-increasing pile of identity thefts, the IRS has released a new piece of guidance that says companies are able to deduct the cost of identity theft protection, even without it being connected to a specific breach. The new guidance, released Monday, comes as consumers are beset on […]
When Smart Devices Do Dumb Things
Smart devices are great. Until they’re not. Like when your smart TV is infected with DNS hijacking malware and refuses to do what it’s actually supposed to do, which is to let you watch TV. That’s the situation that a Reddit user found on his sister’s smart TV recently, reporting that after hitting a specific domain […]
Fake Tech Support Scams Evolve to Include Support, Purchase History
Calling a tech support line can be a fairly miserable experience. Having tech support reps calling you at home to warn you about supposed malware on your PC is even worse. It’s an old scam, but one that’s gotten a vicious new twist of late with scammers who know every detail of a victim’s support […]
On the Wire Podcast: Paul Roberts
Dennis Fisher talks with journalist Paul Roberts (@paulfroberts) of the Security Ledger about the state of security in the Internet of Things. The discussion touches on the way vendors are responding to security researchers who report bugs in their products, whether regulation is needed, emerging IoT protocols, and how the IoT security landscape mirrors the Internet […]
New WiFi HaLow Protocol Could Bring Old Security Issues
Perhaps because smart lightbulbs that refuse firmware updates and refrigerators with blue screens of death aren’t enough fun on their own, a new WiFi protocol designed specifically for IoT devices and appliances is on the horizon, bringing with it all of the potential security challenges you’ve come to know and love in WiFi classic. The new […]