Pindrop® Pulse: Stay Connected, Stay Informed, and Stay Ahead VIEW NOW →


Category: Identity

April 26, 2016
Verizon DBIR Shows Focus on Credential Theft in Breaches
Attackers are continuing to refine their tactics and develop new tools, but in a lot of cases they still rely on tried-and-true methods such as phishing, social engineering, malware, keyloggers, and credential theft to achieve their goals. The 2016 Verizon Data Breach Incident Report shows that these tactics and tools are still among the most-used by…
Read More →
April 18, 2016
GitLab Fixes Authentication Bypass Flaw
GitLab has patched a serious authentication vulnerability that enabled any user to take over another user’s account with two-factor authentication enabled. The vulnerability was a result of the way that GitLab’s authentication flow produced one-time passwords for accounts with 2FA enabled. An attacker who knows a victim’s username and can capture network traffic could sign in…
Read More →
April 15, 2016
U.S. Firm Hit For Nearly $100M in Email Scam
Fraudsters employing an increasingly common scheme known as business email compromise victimized a United States company for more than $98 million, according to a suit filed by the U.S. Attorney’s office in Manhattan Thursday. The civil forfeiture lawsuit is an attempt to recover $25 million in funds held in a variety of overseas accounts, money…
Read More →
April 13, 2016
Facebook Releases Account Kit SDK for Authentication Without Passwords
Facebook has released a new SDK called Account Kit that enables app developers and site owners to provide a login experience without passwords. The new system, which the company announced at its developers’ conference yesterday, uses Facebook’s own infrastructure to perform authentication via SMS and email. Account Kit doesn’t require that users have a Facebook…
Read More →
April 8, 2016
FBI Says Fake CEO Email Scam Losses Hit $2.3 Billion
The FBI says it has seen a huge increase in the volume of business email compromise scams hitting enterprises in the last year, and estimates that losses from the scheme have hit $2.3 billion now. Like normal phishing scams, these kinds of attacks rely on highly believable messages and a healthy dose of social engineering…
Read More →
March 29, 2016
New Florida Law Exempts Agencies From Reporting Some Breach Details
Florida’s governor has signed a bill that allows state agencies not to release details of data breaches and security audits if that information would “facilitate the unauthorized access, modification, disclosure or destruction of data”. The new law, which went into effect on Friday, requires that agencies still release details of breaches to a group of state law…
Read More →
March 28, 2016
Facebook Testing Anti-Impersonation Feature
Phishing and account takeover attacks take many forms, especially on massive platforms such as Twitter or Facebook, and defending against them is a tall order. Facebook has tried a number of tactics over the years, and now the company is testing a new feature that will detect and warn users when someone else is trying…
Read More →
March 15, 2016
Amazon Plans Move to Facial Recognition for Purchases
Amazon is planning to join a growing list of major companies that are working to make facial recognition the authentication method of choice. The retailer has filed a patent claim for a method it hopes will enable customers to complete purchases using their faces rather than passwords. The Amazon application shows that the company is working…
Read More →
March 1, 2016
Sidestepping Apple Pay Enrollment Authentication
SAN FRANCISCO–Apple has touted its Apple Pay system as a convenient, simple, and secure alternative to using physical debit or credit cards. But researchers have identified some weaknesses in the enrollment and authentication flow of the system that could have allowed attackers to add stolen cards to their own Apple Pay accounts and use them…
Read More →
February 23, 2016
The Selfie is the New Payment Biometric
Banks, credit card companies, and other financial companies are turning over every rock in an effort to fight fraud, including trying out novel authentication techniques. The latest move in this area is toward facial recognition via smartphones as a way to ensure the person making a purchase is who he claims to be. After decades…
Read More →