Category Archives: Yubico

Phishing attacks against mobile devices rise 85 percent annually

Posted on by

People can talk about zero-day exploits, IoT botnets and APTs all day long, but often times the simplest approach for attackers remains the most effective. Phishing, which has long been the top attack vector against all manner of targets, is as pervasive and effective as ever. Hackers are increasingly targeting ubiquitous mobile devices and victims are readily falling for it. The rate at which victims are falling for phishing attacks on mobile has increased and average of 85 percent every year since 2011, according to new research from the mobile security company Lookout. “Mobile devices have opened a profitable new window of opportunity for criminals executing phishing attacks,” the researchers wrote. “Attackers are successfully circumventing existing phishing protection to target the mobile device. These attacks are highlighting security shortcomings and exposing sensitive data and personal information at an alarming rate.” The numbers add up. More than ever, internet users’ most important device — for work and personal data […]

The post Phishing attacks against mobile devices rise 85 percent annually appeared first on Cyberscoop.

Continue reading Phishing attacks against mobile devices rise 85 percent annually

Twitter upgrades two-factor authentication options by allowing third party apps

Posted on by

After a decade of prodding, Twitter drastically improved its two-factor authentication on Wednesday, expanding an important security tool widely adopted elsewhere online, including Google and Facebook. The social media company announced support for apps like Google Authenticator and Authy that work offline, independent of carrier or location and are more resistant to eavesdropping or hijacking. Crucially, users can now turn off SMS authentication for the first time. It’s considered one of the least-secure methods of two-factor authentication. Two-factor authentication typically works by requiring a password as well as a second method to log in. Commonly used second factors include SMS codes, small pieces of  hardware — such as USB keys or dongles — or even biometric authenticators like fingerprints or face scans. Security experts strongly recommend all users turn on two-factor authentication for important internet accounts including email, banking and social media. Twitter users can upgrade in the settings and privacy section of their profiles. We’re rolling out an update to […]

The post Twitter upgrades two-factor authentication options by allowing third party apps appeared first on Cyberscoop.

Continue reading Twitter upgrades two-factor authentication options by allowing third party apps

Most Americans have never heard of multi-factor authentication

Posted on by

Most Americans have never heard of two-factor authentication, even as the world’s biggest tech companies are pushing increasingly strong versions of multi-factor authentication in hopes of solving a vast array of cybersecurity problems. According to a new survey from Duo Security, only 28 percent of Americans use two-factor authentication and over 56 percent never heard of the technology before the survey. Just over half (54 percent) of Americans using two-factor authentication began doing so voluntarily. About 45 percent of respondents began because they were forced or incentivized to do so. There may be some good news hidden in these numbers. Of the people who have turned on two-factor authentication, only about 1 percent ended up turning it off. Every one of them cited inconvenience as the reason. Two-factor authentication is a way for people to prove their identity in two ways using something they know (like a password) and something they have (like their phone or a security key). […]

The post Most Americans have never heard of multi-factor authentication appeared first on Cyberscoop.

Continue reading Most Americans have never heard of multi-factor authentication

New dime-sized YubiKey adds more mobility to authentication keys

Posted on by

YubiKeys are getting smaller as they grow more and more popular. The cybersecurity hardware that acts as a secure key to machines and accounts now comes in a dime-sized package. The YubiKey 4C Nano launched Monday for $60. Yubico, the company behind the powerful authentication keys, has had a big year. A “huge spike” in orders beginning late last year preceded a $30 million investment round in June and reports of over 100,000 customers including Google and Facebook. The 4C Nano is meant for mobility. It’s tiny, measuring in at 12mm x 10.1mm x 7mm, meant to meet demand for an even smaller tool than the keychain-sized keys Yubico has offered for a decade. It’s designed for use in USB-C ports on computers like the HP Spectre, Dell XPS 15, Apple Macbook Pro and newer Chromebooks. Experts praise tools like the YubiKey because they are the most secure form of multifactor authentication. In order to prevent […]

The post New dime-sized YubiKey adds more mobility to authentication keys appeared first on Cyberscoop.

Continue reading New dime-sized YubiKey adds more mobility to authentication keys

New dime-sized YubiKey adds more mobility to authentication keys

Posted on by

YubiKeys are getting smaller as they grow more and more popular. The cybersecurity hardware that acts as a secure key to machines and accounts now comes in a dime-sized package. The YubiKey 4C Nano launched Monday for $60. Yubico, the company behind the powerful authentication keys, has had a big year. A “huge spike” in orders beginning late last year preceded a $30 million investment round in June and reports of over 100,000 customers including Google and Facebook. The 4C Nano is meant for mobility. It’s tiny, measuring in at 12mm x 10.1mm x 7mm, meant to meet demand for an even smaller tool than the keychain-sized keys Yubico has offered for a decade. It’s designed for use in USB-C ports on computers like the HP Spectre, Dell XPS 15, Apple Macbook Pro and newer Chromebooks. Experts praise tools like the YubiKey because they are the most secure form of multifactor authentication. In order to prevent […]

The post New dime-sized YubiKey adds more mobility to authentication keys appeared first on Cyberscoop.

Continue reading New dime-sized YubiKey adds more mobility to authentication keys

Pentagon now testing behavioral ID pilot that would replace CAC card

Posted on by

The Pentagon has finally inked a deal to pilot behavioral biometric technology to identify those using its computer network, more than a year after then-CIO Terry Halvorsen first pledged to get rid of the ubiquitous Common Access Card. Vancouver, Canada-based Plurilock announced the deal last week. The company’s BioTrack technology develops a unique profile of users based on the way they interact with computer keyboards, mice and touchscreens. “After just 20 minutes’ tracking a user’s keystroke style and speed, mouse use, and other behaviors, Plurilock’s software builds a biometric profile unique to that user,” states the company in the release. Behavioral biometrics are thought to provide additional security because they cannot be easily spoofed and they work continuously during the user session, rather than simply identifying the user at the start. “Today’s systems cannot verify user identity with certainty. Hackers steal passwords and tokens, create fake fingerprint impressions, and even re-route phone authentication […]

The post Pentagon now testing behavioral ID pilot that would replace CAC card appeared first on Cyberscoop.

Continue reading Pentagon now testing behavioral ID pilot that would replace CAC card

YubiKey’s maker lands $30 million investment

Posted on by

The cybersecurity hardware company Yubico announced Wednesday a $30 million investment from a mix of European and North American firms including the California-based Valley Fund and the Swedish equity firm Bure. Yubico, which reports over 100,000 customers including Google and Facebook, builds and sells YubiKey, a small, anti-phishing authentication key that tech giants and individual security experts have added to their defenses. The money will be put toward developing new products, the company said in a statement. In an age when phishing is the most-high profile and successful cyberattack vector, physical devices like YubiKey provide the most secure multifactor authentication. “We’ve been traditionally getting individual orders in the hundreds for agencies, divisions, small groups over the past years,” Jerrod Chong, the company’s Vice President of Solutions, told CyberScoop late last year. “This year we are seeing orders in the tens of thousands. It’s a sizable magnitude.” Founded in 2007, Yubico is half-owned by […]

The post YubiKey’s maker lands $30 million investment appeared first on Cyberscoop.

Continue reading YubiKey’s maker lands $30 million investment

Threatpost News Wrap, February 3, 2017

Posted on by

Mike Mimoso and Chris Brook recap the news of the week, including a Microsoft SMB zero day, the latest Netgear router vulnerability, and a new HTTPS milestone. Continue reading Threatpost News Wrap, February 3, 2017

Threatpost News Wrap, February 3, 2017

Posted on by

Mike Mimoso and Chris Brook recap the news of the week, including a Microsoft SMB zero day, the latest Netgear router vulnerability, and a new HTTPS milestone. Continue reading Threatpost News Wrap, February 3, 2017