NIST Explains Proposed Ban on SMS for 2FA
A few days after releasing draft authentication guidelines that propose deprecating SMS as a second factor for authentication, NIST officials provided more context on the move, saying it’s a result of advances in attacks and shifts in the threat landscape. Earlier this week, NIST, which sets technical standards for government agencies in the U.S., released […]
Judge Rules Political Robocalls Are Legal
A federal judge has ruled that robocalls made on behalf of political candidates are protected by the First Amendment and cannot be outlawed. The decision came in a case in Arkansas, where political robocalls had been illegal for more than 30 years. On Wednesday, U.S. District Court Judge Leon Holmes ruled that banning political robocalls amounts to […]
Black Hat Talk: Call Me…I’ll Gather Threat Intelligence on Your Telephony Scams and Expose Fraudsters
Fraudsters live and die today by executing on what some may call — prank calls. Only the punchline hits businesses in their pockets, leaving law enforcement and companies to ask, “How do we know stop them?” They are robocalls, voice phishers and caller ID spoofers using cybercrime techniques to launch scam campaigns through the telephony channel that […]
Apple to Detail iOS 10 Security at Black Hat
Apple, notoriously closed-mouthed about its security technology, plans to detail three new security features of the upcoming iOS 10 operating system at the Black Hat conference next week. The company’s head of security engineering and architecture will present a talk that outlines the functionality of the mechanisms, including HomeKit, the company’s smart home controller, and […]
LastPass Patches Remote Compromise Flaw
LastPass has patched a remote compromise vulnerability disclosed this week by a Google researcher, a bug that could be used to gain full access to Firefox users’ LastPass data. The vulnerability lies in the LastPass extension for Mozilla Firefox, and researcher Tavis Ormandy of Google, who discovered the bug, found that it could be used […]
Android Nougat to Include Upgraded Security
As attacks on mobile devices continue to evolve and become more sophisticated, Google is enabling new security mechanisms in Android, including a number of additional memory protections and an extension of the operating system’s sandbox. The next version of Android, known as Nougat, will benefit from these security upgrades, which are designed to provide better memory protection and […]
Critical Bugs Allow Theft of Credentials in LastPass
It’s a bad week to be an engineer at LastPass. The maker of a popular password manager has just fixed a serious vulnerability that allowed attackers to steal users’ stored passwords, and now another researcher has found a separate bug that he says allows full remote compromise of LastPass. On Wednesday, researcher Mathias Karlsson disclosed […]
Google Listing, Political Scams Top Phone Fraud Threats
Nearly 20 percent of all phone fraud calls hitting consumers and businesses this year are part of the fake Google listing scam, more than twice as many as the eight percent that are loan scam calls, according to new data released by Pindrop Labs. The Google listing scam is a relatively new one, having appeared just […]
AT&T Will Head Up Anti-Robocall Task Force
Spurred by a directive from the FCC last week, AT&T will head up a new anti-robocall task force that will work to develop tools and technology to help users and carriers block robocalls. The chairman of the FCC sent a letter to all of the major wireless and wireline carriers last week instructing them to […]