Google Adopts Open-Source, Secure Password-Less Logins

The FIDO Alliance, a consortium for open source authentication standards, is trying to make passwords obsolete, expanding its secure login protocols. Its efforts were boosted by Google’s announcement that it added certified support for the FIDO2 standard, impacting the vast majority of devices running Android 7 or later. That means owners of these Android 7-based devices should be able to log in seamlessly without passwords on mobile browsers such as Chrome. Websites can now be designed to interact with FIDO2 management. Continue reading Google Adopts Open-Source, Secure Password-Less Logins

Google, Yubico Security Keys May Lead to End of Passwords

Swedish-based Yubico, in business for 10 years, debuted its latest online security product, YubiKey 5, a device that plugs into a computer to authenticate the user with a “handshake” that is more secure than a password or authentication code. Google has come out with a similar device, the Titan Key. Both devices can also be used with some smartphones, by plugging into a port or via a wireless communication. These keys are the first arrivals in an Internet security strategy that might displace the password. Continue reading Google, Yubico Security Keys May Lead to End of Passwords

Machine Learning Used in Detection of Harmful Android Apps

The Google Play Protect detection service, which scans Android apps for malicious activity, is enabled on more than 2 billion devices and detected 60.3 percent of Potentially Harmful Apps (PHAs) in 2017 using machine learning, according to Google’s Android Security 2017 Year in Review report. Google removed over 700,000 apps for violating its policies last year. While Play Protect uses a variety of tactics, machine learning is highly effective for catching PHAs, detecting things like inappropriate content, impersonation, and malware.

Continue reading Machine Learning Used in Detection of Harmful Android Apps

Ghostery Goes Open Source and Intros New Business Model

Ghostery, an ad blocker recommended by Edward Snowden, just published all its code on GitHub. The company was acquired last year by Cliqz, “the first browser with integrated privacy protection,” including anti-tracking and anti-phishing. Ghostery’s revenue model has been hard to understand for some users, who opt-in to share data about the ad trackers they find on the web. Ghostery then sells that data to e-commerce websites and other companies, a seeming incongruity with its stated mission. Continue reading Ghostery Goes Open Source and Intros New Business Model

Symantec Publishes Global Security Findings in Latest Report

Today’s consumers are “overconfident in their security prowess,” which has resulted in a record year for cyberattacks, according to the “2017 Norton Cyber Security Insights Report.” The Symantec report found that 978 million people across 20 countries were impacted last year by cybercrime, and 44 percent of consumers were affected in the last 12 months. “As a result,” notes the report, “consumers who were victims of cybercrime globally lost $172 billion — an average of $142 per victim — and nearly 24 hours globally (or almost three full work days) dealing with the aftermath.” Continue reading Symantec Publishes Global Security Findings in Latest Report

Google Creates a Unified Corporate, Consumer Gmail Policy

Google has just standardized its Gmail policy, saying it will no longer scan the user emails of its free consumer service in order to serve targeted ads. The company adopted this policy with its G Suite corporate customers’ emails, and now adds its consumer service to avoid confusion and create a single policy. Google says the new policy, which will impact 1.2 billion consumers, will become active later this year. The company will continue to serve ads, but will draw data from YouTube or search rather than emails. Continue reading Google Creates a Unified Corporate, Consumer Gmail Policy

Google Docs Users Targeted in Widespread Phishing Attack

A major phishing attack mimicking cloud-based Google Docs software spread across news organizations and other companies yesterday. Gmail users have been reporting massive numbers of fraudulent emails that masquerade as a message from Google Docs. The emails appear as an invitation to join a Google Doc and often claim to be sent by an individual in the user’s address book. However, clicking on the embedded link directs recipients to grant access to a Google Docs app that is actually a program that sends spam to addresses in the recipient’s email. Continue reading Google Docs Users Targeted in Widespread Phishing Attack

Cybersecurity and How to Build Speed Bumps Against Hackers

At a CES CyberSecurity Forum, journalist/author Wayne Rash led a discussion on the various ways that companies are failing to protect their intellectual property and remain vulnerable to malicious code and ransomware. According to Yubico chief executive Stina Ehrensvard, 70 percent of hacks are related to passwords. “The password is the weak link,” agrees Authentic8 chief executive Scott Petry. “Reusing passwords is a problem. If you use your Yahoo password for other sites, you’re in trouble.” Continue reading Cybersecurity and How to Build Speed Bumps Against Hackers

International Law Enforcement Takes Down Avalanche Botnet

An international team of law enforcement agencies and security firms just took down “Avalanche,” a botnet that has been engaged in phishing attacks and at least 17 different malware families since at least late 2009. The team took offline more than 221 servers and more than 800,000 domain names used by Avalanche, and conducted searches and arrests in five countries, according to a statement released by the FBI and U.S. Department of Justice. Avalanche malware impacted victims in over 180 countries. Continue reading International Law Enforcement Takes Down Avalanche Botnet

Ethical Hacking: Going Undercover to Train Employees

Businesses have been training their employees to be more aware of potential cyberattacks. However, here’s the twist: the employees don’t always know they are being trained. So-called “ethical hackers” have been hired to lure employees with different tactics such as fake emails promising work bonuses and pictures of adorable cats with links or software that teaches workers how to avoid online dangers. Continue reading Ethical Hacking: Going Undercover to Train Employees