PINDROP BLOG

Category: Authentication

April 24, 2017
Google Patches Unicode Domain Phishing Bug in Chrome
Google has patched a dangerous issue in Chrome that enabled attackers to spoof legitimate domains in the browser by using unicode characters rather than normal ones. That vulnerability is the result of the way that Chrome handles some unicode characters and it’s not necessarily a new issue. Security experts have known about the underlying problem…
Read More →
April 20, 2017
Mastercard Replaces PINs With Fingerprint Sensor on New Cards
Mastercard is rolling out a new payment card that includes a fingerprint sensor built right onto the card, a feature that is meant to eliminate the need for a PIN during in-person transactions. The new card also has a chip embedded in it and it can be used at all of the existing chip-and-PIN terminals.…
Read More →
April 18, 2017
Facebook Launches Beta of New Account Recovery System
Facebook has opened a beta program for its new Delegated Account Recovery system, which is designed to replace traditional email or SMS-based recovery processes. The Facebook system allows users to connect their Facebook accounts with other services and use that trusted link to recover access to one of the accounts. The company has published an SDK and…
Read More →
April 12, 2017
FTC Halts Tech-Support Scam That Pretended to Represent the FTC
The FTC has shut down a phone and email scam that involved scammers contacting consumers, falsely claiming to be working on behalf of the FTC and offering fake tech support services. The scheme is a twist on the old Windows tech support scam in which fraudsters call consumers and try to sell remote tech support…
Read More →
April 4, 2017
Inside the Total Compromise of a $25 Billion Bank
ST. MAARTEN–On a quiet Saturday afternoon in October 2016, security researchers in Latin America began noticing some odd behavior in the Brazilian banking system. Customers visiting the  website of one of the country’s larger banks were being hit with automatic malware downloads, but as the researchers began investigating the incident, it quickly became clear that…
Read More →
April 3, 2017
Researchers Tie Bank Attacks to North Korea
ST. MAARTEN–New details discovered in the investigation into the string of attacks on banks around the world using the SWIFT network show have linked the intrusions to attackers based in North Korea. Separate research conducted by experts at SWIFT, Kaspersky Lab, and BAE Systems uncovered a trail of clues that, taken together, point to North…
Read More →
March 31, 2017
Highly Effective Phishing Attack Targets Corporate Travelers
Attackers are using the lure of airline reservations as part of a highly effective phishing campaign that researchers say is successful about 90 percent of the time. The campaign targets corporate victims, and the attackers behind it seem to be doing quite a bit of research before sending the phishing emails. The messages are constructed…
Read More →
March 29, 2017
Amazon Adds Pindrop for Security of Connect Call Center Service
The call center has become a key entry point into many organizations for fraudsters and cybercriminals, and enterprises have discovered that protecting that channel is not the same as defending a corporate network. The phone channel has its own unique traits and peculiarities that make it a challenge for security teams, particularly the involvement of humans…
Read More →
March 27, 2017
iOS 10.3 Fixes Dozens of Serious Flaws
With the release of iOS 10.3 today, Apple has patched more than two dozen vulnerabilities that could lead to arbitrary code execution in a new release of iOS. Many of the code-execution bugs are in the iOS kernel and several others are in the FontParser component of the operating system. Among the kernel vulnerabilities, there…
Read More →
March 27, 2017
Another Critical Bug Hits LastPass
A few days after LastPass released a fix for some critical security flaws in its extensions for Chrome and Firefox, a researcher has identified a new vulnerability in the browser extension that allows an attacker to get full code execution on a target machine. The details of the new bug are not public yet, but…
Read More →