Last month, three alleged hackers were arrested for manipulating Twitter to control 45 accounts of high-profile figures including Jeff Bezos, Joe Biden and Elon Musk. Now, the technique these young malefactors used — dubbed “phone spear phishing” — is being used by so many other bad actors that experts dub it a crime wave. Phone spear phishing, also known as “vishing,” a mashup of “voice phishing,” has been used this last month to attack banks, web hosting companies and cryptocurrency exchanges, said investigators. Continue reading Twitter Hack Technique Is Being Replicated for Other Attacks

Since 2015, Twitter chief executive Jack Dorsey and the company board have been warned annually about internal cybersecurity risks. In fact, there are about 1,500 employees plus contractors with the power to make changes in 186 million daily user accounts, and the company had experienced breaches due to internal sources. Then, on July 15, hackers tricked employees to compromise 130 Twitter accounts, including those of Jeff Bezos, Joe Biden, Barack Obama and Elon Musk, stealing data from eight unidentified accounts. Continue reading Latest Twitter Hack Puts Spotlight on Internal Security Issues

Cybersecurity firm Cyren recently discovered Syrk, a free tool that allows players to cheat at video game “Fortnite.” It also learned that Syrk can disable anti-malware software and encrypt batches of user files for ransom. Akamai has reported a significant rise in so-called credential-stuffing attacks, by which criminals use stolen identities in automated attacks to break into accounts. Akamai found 55 billion credential stuffing attacks from November 2017 to the end of March 2019. Gaming sites had 12 billion of these attacks. Continue reading Games Are Targets for Ransomware and Credential Stuffing

The FIDO Alliance, a consortium for open source authentication standards, is trying to make passwords obsolete, expanding its secure login protocols. Its efforts were boosted by Google’s announcement that it added certified support for the FIDO2 standard, impacting the vast majority of devices running Android 7 or later. That means owners of these Android 7-based devices should be able to log in seamlessly without passwords on mobile browsers such as Chrome. Websites can now be designed to interact with FIDO2 management. Continue reading Google Adopts Open-Source, Secure Password-Less Logins

Swedish-based Yubico, in business for 10 years, debuted its latest online security product, YubiKey 5, a device that plugs into a computer to authenticate the user with a “handshake” that is more secure than a password or authentication code. Google has come out with a similar device, the Titan Key. Both devices can also be used with some smartphones, by plugging into a port or via a wireless communication. These keys are the first arrivals in an Internet security strategy that might displace the password. Continue reading Google, Yubico Security Keys May Lead to End of Passwords

The Google Play Protect detection service, which scans Android apps for malicious activity, is enabled on more than 2 billion devices and detected 60.3 percent of Potentially Harmful Apps (PHAs) in 2017 using machine learning, according to Google’s Android Security 2017 Year in Review report. Google removed over 700,000 apps for violating its policies last year. While Play Protect uses a variety of tactics, machine learning is highly effective for catching PHAs, detecting things like inappropriate content, impersonation, and malware.

Continue reading Machine Learning Used in Detection of Harmful Android Apps

Ghostery, an ad blocker recommended by Edward Snowden, just published all its code on GitHub. The company was acquired last year by Cliqz, “the first browser with integrated privacy protection,” including anti-tracking and anti-phishing. Ghostery’s revenue model has been hard to understand for some users, who opt-in to share data about the ad trackers they find on the web. Ghostery then sells that data to e-commerce websites and other companies, a seeming incongruity with its stated mission. Continue reading Ghostery Goes Open Source and Intros New Business Model

Today’s consumers are “overconfident in their security prowess,” which has resulted in a record year for cyberattacks, according to the “2017 Norton Cyber Security Insights Report.” The Symantec report found that 978 million people across 20 countries were impacted last year by cybercrime, and 44 percent of consumers were affected in the last 12 months. “As a result,” notes the report, “consumers who were victims of cybercrime globally lost $172 billion — an average of $142 per victim — and nearly 24 hours globally (or almost three full work days) dealing with the aftermath.” Continue reading Symantec Publishes Global Security Findings in Latest Report

Google has just standardized its Gmail policy, saying it will no longer scan the user emails of its free consumer service in order to serve targeted ads. The company adopted this policy with its G Suite corporate customers’ emails, and now adds its consumer service to avoid confusion and create a single policy. Google says the new policy, which will impact 1.2 billion consumers, will become active later this year. The company will continue to serve ads, but will draw data from YouTube or search rather than emails. Continue reading Google Creates a Unified Corporate, Consumer Gmail Policy

A major phishing attack mimicking cloud-based Google Docs software spread across news organizations and other companies yesterday. Gmail users have been reporting massive numbers of fraudulent emails that masquerade as a message from Google Docs. The emails appear as an invitation to join a Google Doc and often claim to be sent by an individual in the user’s address book. However, clicking on the embedded link directs recipients to grant access to a Google Docs app that is actually a program that sends spam to addresses in the recipient’s email. Continue reading Google Docs Users Targeted in Widespread Phishing Attack

At a CES CyberSecurity Forum, journalist/author Wayne Rash led a discussion on the various ways that companies are failing to protect their intellectual property and remain vulnerable to malicious code and ransomware. According to Yubico chief executive Stina Ehrensvard, 70 percent of hacks are related to passwords. “The password is the weak link,” agrees Authentic8 chief executive Scott Petry. “Reusing passwords is a problem. If you use your Yahoo password for other sites, you’re in trouble.” Continue reading Cybersecurity and How to Build Speed Bumps Against Hackers

An international team of law enforcement agencies and security firms just took down “Avalanche,” a botnet that has been engaged in phishing attacks and at least 17 different malware families since at least late 2009. The team took offline more than 221 servers and more than 800,000 domain names used by Avalanche, and conducted searches and arrests in five countries, according to a statement released by the FBI and U.S. Department of Justice. Avalanche malware impacted victims in over 180 countries. Continue reading International Law Enforcement Takes Down Avalanche Botnet

Businesses have been training their employees to be more aware of potential cyberattacks. However, here’s the twist: the employees don’t always know they are being trained. So-called “ethical hackers” have been hired to lure employees with different tactics such as fake emails promising work bonuses and pictures of adorable cats with links or software that teaches workers how to avoid online dangers. Continue reading Ethical Hacking: Going Undercover to Train Employees