Category: Identity

March 28, 2016
Facebook Testing Anti-Impersonation Feature
Phishing and account takeover attacks take many forms, especially on massive platforms such as Twitter or Facebook, and defending against them is a tall order. Facebook has tried a number of tactics over the years, and now the company is testing a new feature that will detect and warn users when someone else is trying…
Read More →
March 15, 2016
Amazon Plans Move to Facial Recognition for Purchases
Amazon is planning to join a growing list of major companies that are working to make facial recognition the authentication method of choice. The retailer has filed a patent claim for a method it hopes will enable customers to complete purchases using their faces rather than passwords. The Amazon application shows that the company is working…
Read More →
March 1, 2016
Sidestepping Apple Pay Enrollment Authentication
SAN FRANCISCO–Apple has touted its Apple Pay system as a convenient, simple, and secure alternative to using physical debit or credit cards. But researchers have identified some weaknesses in the enrollment and authentication flow of the system that could have allowed attackers to add stolen cards to their own Apple Pay accounts and use them…
Read More →
February 23, 2016
The Selfie is the New Payment Biometric
Banks, credit card companies, and other financial companies are turning over every rock in an effort to fight fraud, including trying out novel authentication techniques. The latest move in this area is toward facial recognition via smartphones as a way to ensure the person making a purchase is who he claims to be. After decades…
Read More →
January 25, 2016
UVA Hit With Another Data Breach
A mistake by an employee who clicked on a link in a phishing email and unwittingly granted access to an attacker has resulted in a data breach at the University of Virginia that dates back to late 2014 and exposed personal information of about 1,400 people. The breach includes allowed attackers to get access to some…
Read More →
January 20, 2016
LostPass Allows Easy Phishing to Defeat Password Manager
A security researcher has developed a phishing attack against the LastPass password manager app that is virtually impossible to detect and has the ability to mimic the LastPass login sequence perfectly. The technique takes advantage of several weaknesses in the way that LastPass handles user logout notifications and the resulting authentication sequence. Sean Cassidy, the…
Read More →
January 19, 2016
Serious Yahoo Mail XSS Bug Fixed
Yahoo has fixed a serious cross-site scripting vulnerability in its webmail product that could’ve allowed an attacker to take over a victim’s email account with one malicious email. The bug is a specific kind of cross-site scripting vulnerability known as stored XSS. In order to trigger it, an attacker would only need to send a…
Read More →
January 15, 2016
Hyatt Data Breach Caused by Payment System Malware
A data breach at hundreds of Hyatt hotels that was revealed in December was caused by point-of-sale device malware that stole victims’ payment card information in transactions in hotel restaurants, spas, golf shops, and other locations. The malware was on PoS systems in more than 300 Hyatt hotels around the world, including dozens in the…
Read More →
January 12, 2016
Bug in Trend Micro Password Manager Allows Password Theft
A Google security researcher has discovered a serious, easily exploitable vulnerability in a password manager installed by default with some Trend Micro antivirus products. The bug allows an attacker not only to run arbitrary commands but also to download all of the passwords stored by the manager. The vulnerability was discovered by Tavis Ormandy, a…
Read More →
January 12, 2016
Steal 54 Identities, Get 334 Years in Prison
Civil rights advocates and security researchers for years have been decrying the penalties that result from prosecutions under the United States’ Computer Fraud and Abuse Act (CFAA), saying they often are too harsh. But those sentences pale in comparison to what a Turkish man is facing after his second conviction for hacking and identity theft.…
Read More →