Android users can now take advantage of the Password Checkup feature that Google first introduced in its Chrome web browser in late 2019, the OS maker announced today. From a report: On Android, the Password Checkup feature is now part of the “Autofill with Google” mechanism, which the OS uses to select text from a cache and fill in forms. The…
Tag: Data breaches
The Worst Passwords of 2020 Show We Are Just As Lazy About Security As Ever
After analyzing 275,699,516 passwords leaked during 2020 data breaches, NordPass and partners found that the most common passwords are incredibly easy to guess — and it could take less than a second or two for attackers to break into accounts using these credentials. Only 44% of those recorded were considered “unique.” ZDNet reports: On Wednesday, the password manager solutions provider published…
US Secret Service Creates New Cyber Fraud Task Force
The U.S. Secret Service announced the creation of the Cyber Fraud Task Force (CFTF) after the merger of its Financial Crimes Task Forces (FCTFs) and Electronic Crimes Task Forces (ECTFs) into a single unified network. Bleeping Computer reports: CFTF’s main goal is to investigate and defend American individuals and businesses from a wide range of cyber-enabled financial crimes, from business email…
Police Are Buying Access To Hacked Website Data
Some companies are selling government agencies access to data stolen from websites in the hope that it can generate investigative leads, with the data including passwords, email addresses, IP addresses, and more. Motherboard reports: Motherboard obtained webinar slides by a company called SpyCloud presented to prospective customers. In that webinar, the company claimed to “empower investigators from law enforcement agencies and…
Silicon Valley Legends Launch ‘Beyond Identity’ To Eliminate All Passwords
SecurityWeek editor wiredmikey shares new that Jim Clark and Tom Jermoluk (past founders of Netscape, Silicon Graphics and @Home Network) “have launched a phone-resident personal certificate-based authentication and authorization solution that eliminates all passwords.” Security Week reports:
The technology used is not new, being based on X.509 certificates and SSL (invented by Netscape some 25 years ago and still the bedrock of…
Over 500,000 Zoom Accounts Sold On Hacker Forums, the Dark Web
An anonymous reader quotes a report from Bleeping Computer: Over 500,000 Zoom accounts are being sold on the dark web and hacker forums for less than a penny each, and in some cases, given away for free. These credentials are gathered through credential stuffing attacks where threat actors attempt to login to Zoom using accounts leaked in older data breaches. The…
Are There Security Risks When Millions are Suddenly Working from Home?
“The dramatic expansion of teleworking by U.S. schools, businesses and government agencies in response to the coronavirus is raising fresh questions about the capacity and security of the tools many Americans use to connect to vital workplace systems and data,” reports CNN: As of last week the Air Force’s virtual private networking software could only support 72,000 people at once, according…
Are APIs Putting Financial Data At Risk?
We live in a world where billions of login credentials have been stolen, enabling the brute-force cyberattacks known as “credential stuffing”, reports CSO Online. And it’s being made easier by APIs:
New data from security and content delivery company Akamai shows that one in every five attempts to gain unauthorized access to user accounts is now done through application programming interfaces (APIs)…