2552 matches found
Apple adds two-factor authentication to iCloud and Apple ID
Apple is beefing up the security of its iCloud and Apple ID accounts by adding two-factor authentication to the account login process. Users who activate the option will be required to enter a four-digit code they may receive via SMS message, aside from the usual password. Two-factor authenticati...
Dropbox Users Reporting More Spam Following Last Summer's Breach
It appears the breach of cloud-based storage service Dropbox last year has spurned another wave of spam over the last week or so. Users began posting complaints on the service’s Bugs and Troubleshooting forum yesterday claiming that their Dropbox-specific accounts started receiving spam again las...
Researchers Bypass Google Two-Factor Authentication
For some time, attackers had the ability to bypass Google’s two-step authentication system through access to users’ app-specific passwords, giving them full access to victims’ Google accounts, including Gmail. The vulnerability that enables this attack, discovered by researchers from DuoSecurity,...
Google Says Gmail Security Measures Have Reduced Account Hijacks By 99 Percent
Gmail accounts are high-priority targets for attackers of all stripes, particularly spam crews and state-sponsored attackers who use them to monitor the activities of activists and journalists. Hijacking those accounts can be quite useful for spammers and malware gangs as well, but Google said th...
Could Smart-Watches Replace Passwords as Authenticators?
Good passwords are hard to remember while passwords that are easily remembered are often just as easily guessed. Therein lies the reason passwords are such a security headache. The race to replace passwords is ever-present in the security industry, and the newest entrant is the smart-watch. “If t...
Zitmo Trojan Variant Eurograbber Beats Two-Factor Authentication to Steal Millions
Online banking customers in Europe are falling victim by the thousands to a new banking Trojan that is infecting Android and BlackBerry devices and is capable of defeating two-factor authentication. The Trojan, dubbed Eurograbber by researchers at Check Point Software Technologies and Verasafe, i...
Go Daddy Attributes DNS Hack to Phishing
A spokesman at Go Daddy, the popular domain registrar and Web host company, believes that some of its users may have been phished – and that’s to blame for the barrage of ransomware some customers have been seeing in past week or so. Last week it was reported that attackers had placed malicious D...
Go Daddy Sites Serve Up Ransomware Malware
Domain name registrar and website hosting provider Go Daddy is responding to a DNS attack targeting a "small number" of its hosted websites that one security firm said is enabling cyber criminals to spread ransomware. The DNS Domain Name System is what transfers host-names into IP addresses,...
Attackers Had Access for Months in South Carolina Data Breach
Attackers had two months of unfettered access to South Carolina’s Department of Revenue systems in a classic targeted attack that began with a phishing email and ended with the loss of electronic tax return data, and payment card and personal information on 3.8 million filers, possibly dating bac...
Planned Cyberattacks on US Banks on Hold
Upwards of 30 major U.S. banks and financial institutions have been given a reprieve. The hacker behind a coordinated attack against giants such as Bank of America, Chase, Citibank, PNC, Wells Fargo and nearly two dozen other banks has called off the operation after media reports surfaced a month...
Blizzard Sued Over Data Breach, Authenticator Sales
UPDATED–A group of customers is suing gaming giant Blizzard Entertainment in connection with a data breach in August that resulted in user email addresses, hashed passwords and other information being stolen by attackers. The suit claims that the company did not do enough to secure users’ account...
Remotely controlled Malware as Browser extensions
"Browser extensions extend the functionality of the web browser. These extensions improve the appearance, functionality, security or other parts of the browser. Extensions were also developed with malicious intent, in order to generate revenue or just spread the code between more and more browser...
Operation High Roller Banked on Fast-Flux Botnet to Steal Millions
A fraud ring that attacked financial transfer systems in an attempt to get at wealthy high-end banking customers used a complicated web of malware and compromised servers in several countries to walk off with an estimated $78 million earlier this year. While the attacks targeted financial systems...
Cybercrime Gang Recruiting Botmasters for Large-Scale MiTM Attacks on American Banks
A slew of major American banks, some already stressed by a stream of DDoS attacks carried out over the past 10 days, may soon have to brace themselves for a large-scale coordinated attack bent on pulling off fraudulent wire transfers. RSA’s FraudAction research team has been monitoring undergroun...
Developer Warns Millions of Virgin Mobile Subscribers About Authentication Flaw
An Alamo, Texas developer on Monday warned Virgin Mobile U.S. subscribers that their accounts can be hacked after the company failed to respond with a fix. “I reported the issue to Virgin Mobile a month ago and they have not taken any action, nor informed me of any concrete steps to fix the...
Looking to Bolster Security, Dropbox Adds Two-Factor Authentication
Several weeks after announcing that some of its users’ log-ins and passwords had been stolen, file storage company Dropbox announced it has added a two-step authentication process over the weekend to help reinforce the security of its users’ accounts. The added layer of security is currently...
Airport VPN hacked using Citadel malware
It sounds like an air traveler's nightmare, Researchers at Trusteer recently uncovered a variant of the Citadel Trojan targeting the virtual private network VPN credentials used by employees at a major airport.The firm would not disclose the name of the airport because the situation is being...
Dropbox Blames Breach for Recent Spam Targeting Customers
Over the last few weeks an attacker used a collection of illicitly obtained usernames and passwords to infiltrate a number of Dropbox accounts, including one belonging to a Dropbox employee. The usernames and passwords were stolen from other, third-party websites, Dropbox officials said, finally...
New E-Banking Trojans Target Android Users
The security firm Trusteer reports that new Web-based attacks are targeting Android smartphone users in a campaign to circumvent two-factor sign-on features used by many banks to protect account holders. Writing on the Trusteer blog on Tuesday, CTO Amit Klein of Trusteer said that researchers the...
An Unhappy Birthday For Uncle Sam On Cyber Security
Here’s the good news on America’s birthday: the last year has seen the U.S. emerge as an undisputed global leader in the use of offensive cyber operations. Averting another “Sputnik” moment, the nation’s longest running and most successful democracy blazed new trails in non-kinetic warfare,...