Apple is the latest firm to join the FIDO Alliance, an industry standards group developing more secure ways to log in to online accounts and apps using multi-factor authentication (MFA), biometric authentication and physical security keys. Computerworld's Lucas Mearian joins Ken Mingis and Juliet Beauchamp to discuss the Apple move, how different forms of authentication work and how far away we are from a password-less world.
Credit to Author: Malwarebytes Labs| Date: Mon, 30 Dec 2019 16:55:11 +0000
 | |
| A roundup of cybersecurity news from December 23 – 29, including a retrospective look at trends in online privacy legislation in the US. Categories: Tags: a week in securityGoogle Chromeonline privacyonline privacy lawonline privacy legislationpasswordsRoombaRyuk ransomwareToTokUS Coast Guardweek in security |
The post A week in security (December 23 – 29) appeared first on Malwarebytes Labs.
Read more
Credit to Author: Lisa Vaas| Date: Thu, 19 Dec 2019 11:25:53 +0000
It’s not a bread line, and it’s not a line to see Santa – it’s an analog response to a nasty cyber attack.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/Iubgv-x9nTA” height=”1″ width=”1″ alt=””/>
Read more
Credit to Author: Danny Bradbury| Date: Thu, 12 Dec 2019 17:03:59 +0000
Version 79 of Chrome is out, and it promises to do a better job of protecting you against phishing sites and credential stuffing attacks.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/kPx8Ii–vqQ” height=”1″ width=”1″ alt=””/>
Read moreCredit to Author: Christopher Boyd| Date: Fri, 06 Dec 2019 20:29:26 +0000
 | |
| We take a look at a pressure-filled phishing attempt sent to players of the Elder Scrolls Online video game. Categories: Tags: elder scrolls onlineESOgamersgaminggaming scamsgaming securityMMORPGpasswordsphishphishingplaystationscamscammersSocial Engineering |
The post Fake Elder Scrolls Online developers go phishing on PlayStation appeared first on Malwarebytes Labs.
Read moreCredit to Author: Threat Intelligence Team| Date: Tue, 03 Dec 2019 18:06:13 +0000
 | |
| We take a deep dive into the IcedID Trojan, describing the new payloads of this advanced malware. Categories: Tags: backdoorbanking Trojanbanking Trojanscredential stealingdownloaderhooking browsersIcedID Trojanmalwaremalware analysisman-in-the-browser attackspasswordsstealerstealer functionalitystealing passwordsstealthy malwaretrickbotTrojans |
The post New version of IcedID Trojan uses steganographic payloads appeared first on Malwarebytes Labs.
Read more
Credit to Author: Lisa Vaas| Date: Tue, 26 Nov 2019 11:30:16 +0000
We have to protect the constitutional rights of the innocent, and that can mean shielding guilty-as-hell child abusers, the court said.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/tytTDlPZrB0″ height=”1″ width=”1″ alt=””/>
Read moreCredit to Author: Christopher Boyd| Date: Fri, 22 Nov 2019 16:27:47 +0000
 | |
| IoT laws and guidelines abound, as we take a look what’s happening around the world in the name of securing Internet-connected devices. Categories: Tags: AustraliaCaliforniainternetInternet of ThingsIoTiot lawsiot legislationpasswordstechnology lawstechnology legislationukunited statesus |
The post IoT bills and guidelines: a global response appeared first on Malwarebytes Labs.
Read more
Credit to Author: Sharky| Date: Mon, 28 Oct 2019 03:00:00 -0700
Pilot fish and his help desk colleagues do a lot of password resets and have learned that it’s best to sympathize with the callers and normalize forgetting those strings of letters, numbers and symbols. It can happen to anybody is the message.
But some forgetfulness is more normal than others, finds fish, who told one user, “I’m going to reset your password to your last name, with the first letter capitalized.”
Reports fish: “He said, ‘Wait a minute. Let me get a pencil and paper to write that down.
“I then spelled his last name for him and reminded him to capitalize the first letter. He thanked me and hung up the phone.
“Surreal doesn’t even begin to describe how this felt!”
Credit to Author: Sharky| Date: Fri, 25 Oct 2019 03:00:00 -0700
This pilot fish builds a lot of Linux systems that have to be compliant with U.S. Department of Defense/Defense Information Systems Agency STIG security requirements, but he tries to lessen the pain by assigning root passwords that are secure but easily remembered. Naturally, he sends them to the owner via encrypted email.
When the Nvidia driver in one of those machines gets corrupted after the system goes down hard in a power outage, fish needs root access to reinstall the driver. Unfortunately, the user of that machine (who, just incidentally, had ignored the warnings about that planned power outage) has no recollection of the root password, and he can’t get it from his email. Why? He has uninstalled all his old encryption certs, so older encrypted emails can no longer be decrypted.