Android users can now take advantage of the Password Checkup feature that Google first introduced in its Chrome web browser in late 2019, the OS maker announced today. From a report: On Android, the Password Checkup feature is now part of the “Autofill with Google” mechanism, which the OS uses to select text from a cache and fill in forms. The…
Tag: Data breaches
The Worst Passwords of 2020 Show We Are Just As Lazy About Security As Ever
After analyzing 275,699,516 passwords leaked during 2020 data breaches, NordPass and partners found that the most common passwords are incredibly easy to guess — and it could take less than a second or two for attackers to break into accounts using these credentials. Only 44% of those recorded were considered “unique.” ZDNet reports: On Wednesday, the password manager solutions provider published…
US Secret Service Creates New Cyber Fraud Task Force
The U.S. Secret Service announced the creation of the Cyber Fraud Task Force (CFTF) after the merger of its Financial Crimes Task Forces (FCTFs) and Electronic Crimes Task Forces (ECTFs) into a single unified network. Bleeping Computer reports: CFTF’s main goal is to investigate and defend American individuals and businesses from a wide range of cyber-enabled financial crimes, from business email…
Police Are Buying Access To Hacked Website Data
Some companies are selling government agencies access to data stolen from websites in the hope that it can generate investigative leads, with the data including passwords, email addresses, IP addresses, and more. Motherboard reports: Motherboard obtained webinar slides by a company called SpyCloud presented to prospective customers. In that webinar, the company claimed to “empower investigators from law enforcement agencies and…
Firefox 78: Protections Dashboard, New Developer Features, and the End of the Line For Older MacOS Versions
williamyf shares a report from The Register: Mozilla has released Firefox 78 with a new Protections Dashboard and a bunch of updates for web developers. This is also the last supported version of Firefox for macOS El Capitan (10.11) and earlier. Firefox is on a “rapid release plan,” which means a new version every four to five weeks. This means that…
George Floyd: Anonymous Hackers Reemerge Amid US Unrest
An anonymous reader quotes a report from the BBC: As the United States deals with widespread civil unrest across dozens of cities, “hacktivist” group Anonymous has returned from the shadows. The hacker collective was once a regular fixture in the news, targeting those it accused of injustice with cyber-attacks. After years of relative quiet, it appears to have re-emerged in the…
Silicon Valley Legends Launch ‘Beyond Identity’ To Eliminate All Passwords
SecurityWeek editor wiredmikey shares new that Jim Clark and Tom Jermoluk (past founders of Netscape, Silicon Graphics and @Home Network) “have launched a phone-resident personal certificate-based authentication and authorization solution that eliminates all passwords.” Security Week reports:
The technology used is not new, being based on X.509 certificates and SSL (invented by Netscape some 25 years ago and still the bedrock of…
Over 500,000 Zoom Accounts Sold On Hacker Forums, the Dark Web
An anonymous reader quotes a report from Bleeping Computer: Over 500,000 Zoom accounts are being sold on the dark web and hacker forums for less than a penny each, and in some cases, given away for free. These credentials are gathered through credential stuffing attacks where threat actors attempt to login to Zoom using accounts leaked in older data breaches. The…
Are There Security Risks When Millions are Suddenly Working from Home?
“The dramatic expansion of teleworking by U.S. schools, businesses and government agencies in response to the coronavirus is raising fresh questions about the capacity and security of the tools many Americans use to connect to vital workplace systems and data,” reports CNN: As of last week the Air Force’s virtual private networking software could only support 72,000 people at once, according…
Are APIs Putting Financial Data At Risk?
We live in a world where billions of login credentials have been stolen, enabling the brute-force cyberattacks known as “credential stuffing”, reports CSO Online. And it’s being made easier by APIs:
New data from security and content delivery company Akamai shows that one in every five attempts to gain unauthorized access to user accounts is now done through application programming interfaces (APIs)…