PINDROP BLOG

Category: Identity

January 25, 2016
UVA Hit With Another Data Breach
A mistake by an employee who clicked on a link in a phishing email and unwittingly granted access to an attacker has resulted in a data breach at the University of Virginia that dates back to late 2014 and exposed personal information of about 1,400 people. The breach includes allowed attackers to get access to some…
Read More →
January 20, 2016
LostPass Allows Easy Phishing to Defeat Password Manager
A security researcher has developed a phishing attack against the LastPass password manager app that is virtually impossible to detect and has the ability to mimic the LastPass login sequence perfectly. The technique takes advantage of several weaknesses in the way that LastPass handles user logout notifications and the resulting authentication sequence. Sean Cassidy, the…
Read More →
January 19, 2016
Serious Yahoo Mail XSS Bug Fixed
Yahoo has fixed a serious cross-site scripting vulnerability in its webmail product that could’ve allowed an attacker to take over a victim’s email account with one malicious email. The bug is a specific kind of cross-site scripting vulnerability known as stored XSS. In order to trigger it, an attacker would only need to send a…
Read More →
January 15, 2016
Hyatt Data Breach Caused by Payment System Malware
A data breach at hundreds of Hyatt hotels that was revealed in December was caused by point-of-sale device malware that stole victims’ payment card information in transactions in hotel restaurants, spas, golf shops, and other locations. The malware was on PoS systems in more than 300 Hyatt hotels around the world, including dozens in the…
Read More →
January 12, 2016
Bug in Trend Micro Password Manager Allows Password Theft
A Google security researcher has discovered a serious, easily exploitable vulnerability in a password manager installed by default with some Trend Micro antivirus products. The bug allows an attacker not only to run arbitrary commands but also to download all of the passwords stored by the manager. The vulnerability was discovered by Tavis Ormandy, a…
Read More →
January 12, 2016
Steal 54 Identities, Get 334 Years in Prison
Civil rights advocates and security researchers for years have been decrying the penalties that result from prosecutions under the United States’ Computer Fraud and Abuse Act (CFAA), saying they often are too harsh. But those sentences pale in comparison to what a Turkish man is facing after his second conviction for hacking and identity theft.…
Read More →
January 11, 2016
IRS Says Identity Theft Protection Services Deductible for Companies
In the face of continued data breaches and an ever-increasing pile of identity thefts, the IRS has released a new piece of guidance that says companies are able to deduct the cost of identity theft protection, even without it being connected to a specific breach. The new guidance, released Monday, comes as consumers are beset on…
Read More →
January 5, 2016
How an IRS Employee Allegedly Stole $1 Million from Taxpayers
Few, if any, companies or government agencies store more sensitive personal information than the IRS, and consumers have virtually no insight into how that data is used and secured. But, as the results of a recent Justice Department investigation show, when you start poking around in those dark corners, you sometimes find very ugly things. Beginning…
Read More →
December 23, 2015
Google Testing New Account Authentication System
Authentication is one of the tougher problems in security, and a lot of companies have thrown a lot of money at it for a long time. Google is one of those companies, and the company is testing a new scheme that allows users to access their accounts without using a password. The system relies on…
Read More →
December 18, 2015
FTC Hits LifeLock With $100M Penalty
The Federal Trade Commission many times will allow first-time offending companies to get off relatively easily when they run afoul of consumer-protection laws, often settling with non-financial penalties. But that generosity does not extend to companies that later violate those settlements. LifeLock executives found that out the hard way on Thursday when the FTC handed the company…
Read More →