Apple, the FIDO Alliance and the future of passwords


Apple is the latest firm to join the FIDO Alliance, an industry standards group developing more secure ways to log in to online accounts and apps using multi-factor authentication (MFA), biometric authentication and physical security keys. Computerworld's Lucas Mearian joins Ken Mingis and Juliet Beauchamp to discuss the Apple move, how different forms of authentication work and how far away we are from a password-less world.

Read more

A week in security (December 23 – 29)

Credit to Author: Malwarebytes Labs| Date: Mon, 30 Dec 2019 16:55:11 +0000

A roundup of cybersecurity news from December 23 – 29, including a retrospective look at trends in online privacy legislation in the US.

Categories:

Tags:

(Read more…)

The post A week in security (December 23 – 29) appeared first on Malwarebytes Labs.

Read more

Get in line! 38,000 students and staff forced to queue for new passwords

Credit to Author: Lisa Vaas| Date: Thu, 19 Dec 2019 11:25:53 +0000

It’s not a bread line, and it’s not a line to see Santa – it’s an analog response to a nasty cyber attack.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/Iubgv-x9nTA” height=”1″ width=”1″ alt=””/>

Read more

Chrome 79 includes anti-phishing and hacked password protection

Credit to Author: Danny Bradbury| Date: Thu, 12 Dec 2019 17:03:59 +0000

Version 79 of Chrome is out, and it promises to do a better job of protecting you against phishing sites and credential stuffing attacks.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/kPx8Ii–vqQ” height=”1″ width=”1″ alt=””/>

Read more

Fake Elder Scrolls Online developers go phishing on PlayStation

Credit to Author: Christopher Boyd| Date: Fri, 06 Dec 2019 20:29:26 +0000

We take a look at a pressure-filled phishing attempt sent to players of the Elder Scrolls Online video game.

Categories:

Tags:

(Read more…)

The post Fake Elder Scrolls Online developers go phishing on PlayStation appeared first on Malwarebytes Labs.

Read more

New version of IcedID Trojan uses steganographic payloads

Credit to Author: Threat Intelligence Team| Date: Tue, 03 Dec 2019 18:06:13 +0000

We take a deep dive into the IcedID Trojan, describing the new payloads of this advanced malware.

Categories:

Tags:

(Read more…)

The post New version of IcedID Trojan uses steganographic payloads appeared first on Malwarebytes Labs.

Read more

Court says suspect can’t be forced to reveal 64-character password

Credit to Author: Lisa Vaas| Date: Tue, 26 Nov 2019 11:30:16 +0000

We have to protect the constitutional rights of the innocent, and that can mean shielding guilty-as-hell child abusers, the court said.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/tytTDlPZrB0″ height=”1″ width=”1″ alt=””/>

Read more

IoT bills and guidelines: a global response

Credit to Author: Christopher Boyd| Date: Fri, 22 Nov 2019 16:27:47 +0000

IoT laws and guidelines abound, as we take a look what’s happening around the world in the name of securing Internet-connected devices.

Categories:

Tags:

(Read more…)

The post IoT bills and guidelines: a global response appeared first on Malwarebytes Labs.

Read more

Memory-Lane Monday: Please tell me his name wasn’t Jones

Credit to Author: Sharky| Date: Mon, 28 Oct 2019 03:00:00 -0700

Pilot fish and his help desk colleagues do a lot of password resets and have learned that it’s best to sympathize with the callers and normalize forgetting those strings of letters, numbers and symbols. It can happen to anybody is the message.

But some forgetfulness is more normal than others, finds fish, who told one user, “I’m going to reset your password to your last name, with the first letter capitalized.”

Reports fish: “He said, ‘Wait a minute. Let me get a pencil and paper to write that down.

“I then spelled his last name for him and reminded him to capitalize the first letter. He thanked me and hung up the phone.

“Surreal doesn’t even begin to describe how this felt!”

To read this article in full, please click here

Read more

Name game

Credit to Author: Sharky| Date: Fri, 25 Oct 2019 03:00:00 -0700

This pilot fish builds a lot of Linux systems that have to be compliant with U.S. Department of Defense/Defense Information Systems Agency STIG security requirements, but he tries to lessen the pain by assigning root passwords that are secure but easily remembered. Naturally, he sends them to the owner via encrypted email.

When the Nvidia driver in one of those machines gets corrupted after the system goes down hard in a power outage, fish needs root access to reinstall the driver. Unfortunately, the user of that machine (who, just incidentally, had ignored the warnings about that planned power outage) has no recollection of the root password, and he can’t get it from his email. Why? He has uninstalled all his old encryption certs, so older encrypted emails can no longer be decrypted.

To read this article in full, please click here

Read more