Google Adds New Anti-Phishing Feature to G Suite
Google is rolling out a new security feature for enterprises customers of its G Suite hosted apps that allows administrators to choose exactly which apps have access to user data. The feature is designed as a barrier against phishing attacks, many of which try to fool or confuse users into giving attackers access to sensitive […]
Europol Dismantles International Fraud Ring
Police have dismantled a payment-card fraud network that stretched across Europe and had the capability to clone payment cards, install skimmers on ATMs, and is responsible for hundreds of thousands of dollars in losses. The fraud ring was operating not just in Europe, but also in the United States, the Dominican Republic, Peru, Malaysia, Costa Rica, […]
Phishing Attacks Using SSL Spike
Phishing crews increasingly are using sites with valid SSL certificates in order to make their attacks appear more legitimate, a new report shows. In the last couple of years it has become much easier and faster for site owners to obtain SSL certificates for their sites, thanks to the emergence of free CAs such as […]
Apple to Switch Users to 2FA on iOS 11, macOS High Sierra
With the upcoming releases of iOS 11 and macOS High Sierra later this year, Apple is planning to force many users to adopt two-factor authentication for their accounts. The company this week sent an email to customers who have the existing two-step verification enabled for their Apple IDs, informing them that once they install the public […]
Preventing Forgery With Paper Fingerprinting
In a new study out from a UK based research team, scientists have discovered an inexpensive and easy-to-use way to validate the authenticity of any paper document solely by taking a picture of it with a camera. Capturing the random interweaving of the wooden particles that are used to make up paper, the research team […]
RoughTed Malvertising Campaign Bypasses Ad Blockers
A long-running, multi-faceted, malvertising campaign has been found using a technique that enables the sites involved to bypass the protections of ad blockers. Malvertising campaigns can take a lot of different forms and they often involve multiple layers of compromised or malicious sites and lots of redirections. Some campaigns are connected to malware operations and […]
DocuSign Says Breach Led to Phishing Campaign
A recent compromise of a system at DocuSign, the electronic document signing vendor, led to a phishing campaign that’s hitting some of the company’s customers right now. Officials at DocuSign said they had noticed an increase in phishing emails to some customers and users in recent days and began investigating whether the company’s eSignature service […]
Facebook Launches Beta of New Account Recovery System
Facebook has opened a beta program for its new Delegated Account Recovery system, which is designed to replace traditional email or SMS-based recovery processes. The Facebook system allows users to connect their Facebook accounts with other services and use that trusted link to recover access to one of the accounts. The company has published an SDK and […]
Inside the Total Compromise of a $25 Billion Bank
ST. MAARTEN–On a quiet Saturday afternoon in October 2016, security researchers in Latin America began noticing some odd behavior in the Brazilian banking system. Customers visiting the website of one of the country’s larger banks were being hit with automatic malware downloads, but as the researchers began investigating the incident, it quickly became clear that […]