In This Section

PINDROP BLOG

Category: Authentication

December 2, 2016
Bugs in AirDroid App Allow Traffic Interception, Malicious Updates
AirDroid, a popular Android app used for remote management, has a number of security vulnerabilities that could allow an attacker to intercept and decrypt secure traffic and even inject a malicious app update to gain remote code execution on a target device. The main issue with the app is the use of a hard-coded encryption…
Read More →
November 21, 2016
Adobe VoCo May Raise New Voice Security Concerns
As voice has continued to emerge as one of the key interfaces for new devices and apps, including vehicles, bank accounts, and home automation systems, concerns about the security of these systems have evolved, as well. Now, as both Google and Adobe have demonstrated systems that can insert and replace words in recorded speech or mimic human…
Read More →
November 11, 2016
Mozilla to Enforce Content Security by Default in Firefox
One of the many ways that attackers use to get their malicious code onto users’ machines is by using drive-by downloads. They often will compromise benign sites and use them to load malicious content in users’ browsers, and now Mozilla is making a ket change to its Firefox browser in an effort to make security…
Read More →
November 9, 2016
Tesco Bank Refunds £2.5 Million, Restores Online Service After Attack
Two days after suspending all online payments following an attack, Tesco Bank in the U.K. has resumed full service and bank officials say they have refunded about £2.5 million to customers affected by the incident. The exact nature of the attack on the bank’s customers still isn’t clear, but last weekend many Tesco customers reported that significant amounts of…
Read More →
November 8, 2016
Audit of Signal Protocol Finds it Secure and Trustworthy
A group of academic security researchers has reviewed the security of the Signal protocol, which is used in the Signal encrypted messaging app as well as in many third-party apps, and found that it is both secure and resistant to attack. The review, conducted by researchers from universities in the U.K., Canada, and Australia, looked at…
Read More →
November 7, 2016
Tesco Bank Halts Online Payments After Attack
A day after thousands of customers noticed money missing from their accounts with no explanation, Tesco Bank in the U.K. has halted all online payments from customer accounts as it struggles to contain and find the root cause of the incident. Bank officials on Monday said that they were aware of the missing money, which…
Read More →
October 25, 2016
Visa and Intel Collaborate on IoT Payment Security
As the security of IoT devices has become more and more of a problem, Visa and Intel are forming an alliance to make payments from those devices more secure and trustworthy. The partnership has two separate components: adding Visa’s encryption technology to devices that use Intel’s chipsets, and hardware-level device authentication to ensure that payments are…
Read More →
October 17, 2016
DHS Warns Mirai Malware is Targeting Sierra Wireless Gateways
DHS is warning users that the Mirai malware is infecting wireless gateways sold by Sierra Wireless and using the compromised devices as part of a botnet for DDoS attacks. The Mirai malware has been targeting a variety of embedded devices, especially CCTV cameras, that have default telnet credentials enabled and compromising them. The attackers deploying…
Read More →
October 11, 2016
There’s Another Hacking Team Going After SWIFT Banks
Security researchers have uncovered evidence that there is a second group of attackers who have been targeting banks in the SWIFT network, using a new Trojan that hides SWIFT message records and overwrites the master boot record of some hard drives. The newly discovered group is using a piece of malware known as Odinaff, which…
Read More →
October 3, 2016
Apple to Remove Trust for Chinese CA WoSign
The infrastructure upon which the Internet’s encryption system is built is fragile and prone to random, sometimes catastrophic, failures. The latest evidence of this weakness in the network is an incident involving a Chinese certificate authority WoSign, which was caught back-dating certificates and allowing customers to add arbitrary domains to their certificates. The problems have…
Read More →
Forbes highlights Deep Voice™ Biometric Engine