In This Section

PINDROP BLOG

Category: Authentication

October 17, 2016
DHS Warns Mirai Malware is Targeting Sierra Wireless Gateways
DHS is warning users that the Mirai malware is infecting wireless gateways sold by Sierra Wireless and using the compromised devices as part of a botnet for DDoS attacks. The Mirai malware has been targeting a variety of embedded devices, especially CCTV cameras, that have default telnet credentials enabled and compromising them. The attackers deploying…
Read More →
October 11, 2016
There’s Another Hacking Team Going After SWIFT Banks
Security researchers have uncovered evidence that there is a second group of attackers who have been targeting banks in the SWIFT network, using a new Trojan that hides SWIFT message records and overwrites the master boot record of some hard drives. The newly discovered group is using a piece of malware known as Odinaff, which…
Read More →
October 3, 2016
Apple to Remove Trust for Chinese CA WoSign
The infrastructure upon which the Internet’s encryption system is built is fragile and prone to random, sometimes catastrophic, failures. The latest evidence of this weakness in the network is an incident involving a Chinese certificate authority WoSign, which was caught back-dating certificates and allowing customers to add arbitrary domains to their certificates. The problems have…
Read More →
October 3, 2016
Your Body is a Wonderland–For Transmitting Passwords
Credential theft is one of the more persistent and troubling threats in security, and researchers have been trying to come up with answers to it for decades. A team at the University of Washington has developed a system that can prevent attackers from intercepting passwords and keys sent over the air by sending them through users’ bodies…
Read More →
September 30, 2016
On the Wire Podcast: Jessy Irwin
Jessy Irwin makes her triumphant return to the podcast to help us work through our feelings about the Yahoo data breach, the NIST guidance on SMS two-factor authentication, and why we’re still giving terrible security advice to users. Dennis Fisher and Jessy also talk about what kind of breaches could be lurking on the horizon…
Read More →
September 23, 2016
Researchers Say iOS 10 Backup Passwords Easy to Crack
Apple seems to have made a curious security choice in iOS 10, one that enables attackers to brute force the password for a user’s local backup 2,500 times faster than was possible on iOS 9. Researchers at Elcomsoft, a Russian security company, discovered the issue, which is related to the choice of hashing algorithm in…
Read More →
September 22, 2016
500 Million Users Affected by Yahoo Data Breach
Yahoo today confirmed that state-sponsored attackers compromised the company’s network in 2014, stealing data belonging to 500 million users. The stolen data includes names, email addresses, phone numbers, hashed passwords, dates of birth, and security questions and answers, some of which were unencrypted. Yahoo officials said it doesn’t believe that bank account data, payment card…
Read More →
September 22, 2016
As Attacks Continue, SWIFT Looks For New Ways to Fight Fraud
SWIFT, the payment network that supports financial institutions and banks around the world, continues to see attacks compromising its customers’ networks as attackers look for new ways to drain money from the global financial system. The SWIFT network has been hit with a number of high-profile attacks in the last few months, many of which have…
Read More →
September 21, 2016
Nearly All Top Global Companies Have Leaked Credentials Online
Many CSOs live in fear of waking up to an email reporting a data breach at their company, but the threat to an enterprise isn’t limited to a compromise of that specific organization. A new report shows that there are leaked employee credentials online for 97 percent of the top 1,000 global companies, many of which…
Read More →
September 21, 2016
macOS Sierra Release Fixes Dozens of Security Flaws
Apple has fixed nearly 20 code-execution vulnerabilities in macOs, including a number that could allow an attacker to run code with kernel privileges. The patches come as part of the release of macOs Sierra, a major update of the Mac operating system released Tuesday. Many of the more serious flaws fixed in Sierra are memory…
Read More →
PSCU and Pindrop Block $1 Million in Fraud in One Month