129 matches found
Patched Flaw in Bosch Diagnostic Dongle Allowed Researchers to Shut Off Engine
Two vulnerabilities were identified in Bosch’s Drivelog Connect OBD-II dongle and smartphone app that allowed researchers to shut off the engine of a vehicle. One of the issues was patched via server-side fix, Bosch said in an April 13 statement, while the other in the dongle itself will be handl...
Google Adds Security Key Enforcement to G Suite Apps
Google on Wednesday pumped more life into the use of physical keys as a second form of authentication when it added Security Key enforcement support to G Suite. Admins inside enterprises managing deployments of the suite of cloud-based productivity apps, formerly known as Google Apps, can now...
WhatsApp Adds 2-Step Verification Passcode — Enable this Security Feature
WhatsApp has introduced a new security feature that fixes a loophole in the popular messaging platform, which if exploited, could allow an attacker to hijack victim's account with just knowing the victim's phone number and some hacking skills. The attack does not exploit any vulnerability in...
Dropbox Forces Password Reset for Older Users
Online storage service Dropbox began notifying users over the weekend that if they haven’t updated their password since 2012, they’ll be prompted to update it the next time they log into their account. The company claims the move is “purely a preventative measure” and stressed that there’s no pro...
Google makes 2-Factor Authentication a lot Easier and Faster
When it comes to data breaches of major online services like LinkedIn, MySpace, Twitter and VK.com, it's two-factor authentication that could save you from being hacked. Two-factor authentication or 2-step verification is an effective way to secure online accounts, but many users avoid enabling t...
Shopify: Bypassed password authentication before enabling OTP verification
When we enable Two step verification then shopify first ask for password then allow user to set OTP verification. Here i bypassed this password verification. Steps to reproduce the vulnerability. 1.To produce this vulnerability i created two account on shopify . For easy understand let give them...
Yahoo Deploys Passwordless Account Key Tool
In hopes of eliminating the password, at least on the company’s mobile apps, Yahoo on Friday deployed a stable version of its Account Key mechanism. The feature, essentially two-step authentication—without the first step—allows Yahoo users to log into the company’s Finance, Fantasy, Mail,...
Instagram Adds Two-Step Verification to Prevent Account from being Hacked
Hijacking an online account is not a complicated procedure, not at least in 2016. Today, Instagram confirmed that the company is in the process to roll out two-factor authentication for its 400 Million users. It is impossible to make your online accounts hack-proof, but you can make them less...
Here's How Iranian Hackers Can Hack Your Gmail Accounts
Hackers are getting smarter in fooling us all, and now they are using sophisticated hacking schemes to get into your Gmail. Yes, Iranian hackers have now discovered a new way to fool Gmail's tight security system by bypassing its two-step verification – a security process that requires a security...
Charlie Miller to Leave Twitter Security Team
Charlie Miller, one of the more respected and accomplished security researchers in the industry, is leaving Twitter’s security team after three years. Miller said on Monday that he is leaving the company at the end of this week and that he plans to announce his new job next week. Miller joined...
Automattic: Verification code issues for Two-Step Authentication
Hi there, I noticed two issues regarding the verification code that is sent to the phone as Two-Step Authentication for Wordpress accounts. I found out that verification code sent as SMS while enabling Two-Step Authentication can be reused infinitely for login. Issue1 The application does not...
Apple Moving to 2FA, Six-Digit Passcodes in iOS 9
With each new release of iOS, Apple has been improving the security of the mobile operating system, adding new features, inserting exploit mitigations, and taking away avenues for attack. In the forthcoming iOS 9.0 release, the company is continuing this movement with the addition of two-factor...
Google Adds Content Security Policy Support to Gmail
Google has added another layer of security for users of Gmail on the desktop, which now supports content security policy, a standard that’s designed to help mitigate cross-site scripting and other common Web-based attacks. CSP is a W3C standard that has been around for several years, and it’s bee...
Twitter Launches Digits – A Password Free Login Service For App Developers
There’s a good news for app developers. On Wednesday at Twitter’s first annual developer conference Flight, the company announced a new tool for developers which will allow users to log-in to mobile applications using their phone numbers rather than a traditional username and password combination...
Dropbox Denies Hack, Says 'Your Stuff is Safe'
Dropbox officials on Monday said that a large cache of usernames and passwords posted online and alleged to have come from the company’s users are not related to Dropbox customer accounts. A spate of media reports reported yesterday that attackers had stolen several million sets of credentials fr...
vBulletin Two-Step External Link Module 'externalredirect.php' Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/39597/info Two-Step External Link module for vBulletin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execut...
Apple Devices Hacked by 'Oleg Pliss', held to Ransom
From last few years Ransomware malwares are targeting Windows users Worldwide and experts predicted that it was just a matter of time until ransomware would hit mobile devices and other Desktop operating systems like Mac, iOS, Android etc. A Few weeks back we reported about a Ransomware malware...
Warning: Malware Campaign targeting Jailbroken Apple iOS Devices
A new piece of malicious malware infection targeting jailbroken Apple iOS devices in an attempt to steal users’ credentials, has been discovered by Reddit users. The Reddit Jailbreak community discovered the malicious infection dubbed as ‘Unflod Baby Panda’, on some jailbroken Apple iOS devices o...
EA Games website hacked; Phishing page hosted to steal Apple IDs
Recently we aware you about the tricky phishing scam targeting Google Docs and Google Drive, a similar phishing scam has been detected by the researchers targeting Apple users to steal users’ credentials. According to the researchers at Netcraft, a UK based security services company, the hackers...
Ultrasonic Password Security for Google Accounts
Does a Strong Password Guarantee you the Security of your Online Account? If yes, then you should once check out our 'Data breaches' section on the website. A Startup Company, SlickLogin has developed a technology that enables you to login into online accounts using Ultrasonic sound, instead of...