In This Section

PINDROP BLOG

Category: Identity

January 20, 2016
LostPass Allows Easy Phishing to Defeat Password Manager
A security researcher has developed a phishing attack against the LastPass password manager app that is virtually impossible to detect and has the ability to mimic the LastPass login sequence perfectly. The technique takes advantage of several weaknesses in the way that LastPass handles user logout notifications and the resulting authentication sequence. Sean Cassidy, the…
Read More →
January 19, 2016
Serious Yahoo Mail XSS Bug Fixed
Yahoo has fixed a serious cross-site scripting vulnerability in its webmail product that could’ve allowed an attacker to take over a victim’s email account with one malicious email. The bug is a specific kind of cross-site scripting vulnerability known as stored XSS. In order to trigger it, an attacker would only need to send a…
Read More →
January 15, 2016
Hyatt Data Breach Caused by Payment System Malware
A data breach at hundreds of Hyatt hotels that was revealed in December was caused by point-of-sale device malware that stole victims’ payment card information in transactions in hotel restaurants, spas, golf shops, and other locations. The malware was on PoS systems in more than 300 Hyatt hotels around the world, including dozens in the…
Read More →
January 12, 2016
Bug in Trend Micro Password Manager Allows Password Theft
A Google security researcher has discovered a serious, easily exploitable vulnerability in a password manager installed by default with some Trend Micro antivirus products. The bug allows an attacker not only to run arbitrary commands but also to download all of the passwords stored by the manager. The vulnerability was discovered by Tavis Ormandy, a…
Read More →
January 12, 2016
Steal 54 Identities, Get 334 Years in Prison
Civil rights advocates and security researchers for years have been decrying the penalties that result from prosecutions under the United States’ Computer Fraud and Abuse Act (CFAA), saying they often are too harsh. But those sentences pale in comparison to what a Turkish man is facing after his second conviction for hacking and identity theft.…
Read More →
January 11, 2016
IRS Says Identity Theft Protection Services Deductible for Companies
In the face of continued data breaches and an ever-increasing pile of identity thefts, the IRS has released a new piece of guidance that says companies are able to deduct the cost of identity theft protection, even without it being connected to a specific breach. The new guidance, released Monday, comes as consumers are beset on…
Read More →
January 5, 2016
How an IRS Employee Allegedly Stole $1 Million from Taxpayers
Few, if any, companies or government agencies store more sensitive personal information than the IRS, and consumers have virtually no insight into how that data is used and secured. But, as the results of a recent Justice Department investigation show, when you start poking around in those dark corners, you sometimes find very ugly things. Beginning…
Read More →
December 23, 2015
Google Testing New Account Authentication System
Authentication is one of the tougher problems in security, and a lot of companies have thrown a lot of money at it for a long time. Google is one of those companies, and the company is testing a new scheme that allows users to access their accounts without using a password. The system relies on…
Read More →
December 18, 2015
FTC Hits LifeLock With $100M Penalty
The Federal Trade Commission many times will allow first-time offending companies to get off relatively easily when they run afoul of consumer-protection laws, often settling with non-financial penalties. But that generosity does not extend to companies that later violate those settlements. LifeLock executives found that out the hard way on Thursday when the FTC handed the company…
Read More →
December 3, 2015
Your Voice Is Not Your Own
The security industry has been trying to replace usernames and passwords since, well, forever, and with little success. The rush to employ biometrics has produced plenty of options, some of which can be defeated by Gummy bears, and no clear winner. Voice recognition recently has emerged as one of the leaders in the clubhouse in…
Read More →
2019 Voice Intelligence Webinar Series – where voice, not touch is the main interface for customers.