Researchers Tie Bank Attacks to North Korea
ST. MAARTEN–New details discovered in the investigation into the string of attacks on banks around the world using the SWIFT network show have linked the intrusions to attackers based in North Korea. Separate research conducted by experts at SWIFT, Kaspersky Lab, and BAE Systems uncovered a trail of clues that, taken together, point to North […]
Highly Effective Phishing Attack Targets Corporate Travelers
Attackers are using the lure of airline reservations as part of a highly effective phishing campaign that researchers say is successful about 90 percent of the time. The campaign targets corporate victims, and the attackers behind it seem to be doing quite a bit of research before sending the phishing emails. The messages are constructed […]
Another Critical Bug Hits LastPass
A few days after LastPass released a fix for some critical security flaws in its extensions for Chrome and Firefox, a researcher has identified a new vulnerability in the browser extension that allows an attacker to get full code execution on a target machine. The details of the new bug are not public yet, but […]
Android Trojan Spreads Through Fake Cell Towers
Attackers in China are using rogue cell base stations to spread versions of an Android banking Trojan that steals user credentials and has the ability to bypass two-factor authentication. The malware, known as the Swearing Trojan for some impolite language found in the Chinese code, has been in circulation for several months and uses a […]
Nest Adds Two-Step Verification for Users
Nest, maker of smart home thermostats and other devices, is adding two-step verification to its authentication process, making it more difficult for attackers to take over users’ devices. The company said on Tuesday that it is implementing the ability for users to require a short code sent by SMS as part of the sign-in process […]
Google Adds New Protections to G Suite
OAKLAND–Google is making a pair of changes to its hosted G Suite Gmail service for enterprises to enhance the security of the service. The most significant change is the addition of hosted S/MIME encryption. This will allow enterprise customers to get the benefits of secure email without having to deal with all of the challenges […]
‘We Need to Embrace the Mundane’ in Security
OAKLAND–The security industry as a whole is really good at identifying interesting new problems and coming up with fancy products to solve them. But there is still a long list of boring, known problems that no one has fixed yet, and those are the ones that need the most attention, experts say. One of those boring problems […]
Facebook Unveils Delegated Recovery Account Security System
OAKLAND–Facebook has developed a new account-recovery system that eschews the typical communications channels used for this process, and instead relies on a user’s connections with other services. The scheme allows users to regain access to accounts without providing any identifiable information to other services. The Delegated Recovery system, which Facebook introduced at the Enigma conference here […]
FTC Files Complaint Against D-Link Over Router, Camera Security
D-Link didn’t “take reasonable software testing and remediation measures” to protect users of its routers and IP-enabled cameras, failed to protect the private keys that sign the software on those devices, and put thousands of consumers at risk of attack, according to a new complaint brought against the technology vendor by the Federal Trade Commission. In […]