Collaborate Disseminate
Her accounts were drained in spite of using 2FA, showing that SIM swaps can still circumvent what’s a good security tool. Continue reading Food writer Jack Monroe loses at least £5,000 in SIM-swap fraud
FBI’s Cyber Division issued a Private Industry Notification (PIN) warning businesses and other organizations that criminals are using a variety of hacking attacks and social engineering to bypass multi-factor authentication. “FBI reporting … Continue reading FBI Warns of Criminals Using Social Engineering, Technical Attacks to Bypass Multi-Factor Authentication
…and wouldn’t know 2FA from a hole in the ground, according to Pew Research. Continue reading Most Americans don’t have a clue what https:// means
Some types of 2FA security can no longer be guaranteed to keep the bad guys out, the FBI warned US companies. Continue reading Hackers bypassing some types of 2FA security FBI warns
In the hustle and bustle of our modern world, we can all get easily lost in the noise. One kind of noise is most frustrating for security teams: the noise of security incidents. With more and more data feeds into your security analytics products, … Continue reading Empowering Employees to Reduce Security Incidents
It might be difficult to fathom how this isn’t already mandatory, but Microsoft Corp. says it will soon force all Cloud Solution Providers (CSPs) that help companies manage their Microsoft Azure and Office365 accounts to use multi-factor authentication. The move comes amid a noticeable uptick in phishing and malware attacks targeting CSP employees and contractors. Continue reading Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers
Enterprises struggle to understand what is truly going on in their organization: what their users are doing and how to stop risky activity. Add in the complexity of a hybrid cloud environment, multiple legacy systems, unmanaged endpoints, and unsa… Continue reading Ping + Preempt: Securing All Access In Hybrid Cloud Environments
Google is recalling its Titan security key after discovering a Bluetooth vulnerability that could allow a hacker located within roughly 30 feet of the device to communicate with it, the company announced Wednesday. Google released the key-shaped Titan last August, offering the physical authentication tool as a remedy to phishing and other attacks. The device connects with other hardware via Bluetooth pairing. A misconfiguration in its protocol could allow attackers to communicate with the security key or communicate with the device connected to it, Google said. This vulnerability is difficult to exploit, the company said, and would require an outsider to already have obtained a victim’s username and password to access their account. Google is offering free replacements to affected users. “This security issue does not affect the primary purpose of security keys, which is to protect you against phishing by a remote attacker,” the company said in a blog post. “Security keys […]
The post Google to replace Titan keys for free after uncovering Bluetooth flaw appeared first on CyberScoop.
Continue reading Google to replace Titan keys for free after uncovering Bluetooth flaw
This is your Shared Security Weekly Blaze for May 6th 2019 with your host, Tom Eston. In this week’s episode: Is this the end of password expiration policies, are there camera’s recording you on an airplane, and the unknown data breach expo… Continue reading The End of Password Expiration Policies, Seat-Back Camera’s on Airplanes, Unknown Data Breach
Several enterprise virtual private networking apps are vulnerable to a security bug that can allow an attacker to remotely break into a company’s internal network, according to a warning issued by Homeland Security’s cybersecurity division. An alert was published Friday by the government’s Cybersecurity and Infrastructure Security Agency following a public disclosure by CERT/CC, the vulnerability […] Continue reading Homeland Security warns of security flaws in enterprise VPN apps