Users

now browsing by tag

 
 

#hacking | Facebook reportedly derailed Europe terror probe by alerting users of phone hack

Source: National Cyber Security – Produced By Gregory Evans

Facebook in October reportedly derailed an investigation into an Islamic State terror suspect by European law enforcement and an Israeli intelligence firm by warning users that their phones had been hacked.

The company’s massively popular messaging platform, WhatsApp, notified some 1,400 users, including the suspect, that an “advanced cyber actor” had gained access to their devices. The suspect, who was believed to be planning a terror attack during the holiday season, disconnected shortly after.

The officials in the unnamed Western European country had hacked the suspect’s phone with software developed by Israel’s NSO group, which they secured with a government contract and the approval of a judge, according to a Wall Street Journal report.

The WhatsApp warning message to users said: “An advanced cyber actor exploited our video calling to install malware on user devices. There’s a possibility this phone number was impacted.”

The company was reportedly unaware of the security investigations.

A Western intelligence official told Channel 12 that the notification had been sent to both Islamic State and Al Qaeda suspects, calling the intelligence breach “a disturbing and dangerous fact,” according to a Sunday report.

The alert foiled investigations into some 20 cases, including into suspected terrorists and pedophiles, the official said.

Investigators breached suspects’ phones “surgically” using a loophole in the app, had been monitoring the suspects for a long time, and following the alert had to start the investigations anew, he said.

The investigation into the Islamic State suspect planning a holiday season attack had relied on the suspect’s phone for information on his activities and communications, and had only had access to the device for a few days — not enough time to complete the probe.

One European intelligence official said that the NSO technology had given his team information on a violent bank-robbing outfit and weapons dealers, which led to arrests. He said that officials in other countries in Western Europe had told him that over 10 investigations may have been thwarted by the WhatsApp message to users.

On October 29, the same day as the alert, WhatsApp sued NSO Group, accusing it of using the platform to conduct cyber-espionage on journalists, human rights activists and others.

The suit, filed in a California federal court, contended that NSO Group tried to infect approximately 1,400 “target devices” with malicious software to steal valuable information from those using the messaging app.

WhatsApp said NSO Group’s hacking was illegal and that it was acting to protect its users.

NSO Group told The Wall Street Journal that its tools were “only licensed, as a lawful solution, to government intelligence and law-enforcement agencies for the sole purpose of preventing and investigating terror and serious crime.”

Most of its clients are Democracies in Europe that use its technology to fight crime and terror, NSO Group said.

NSO Group came to prominence in 2016 when researchers accused it of helping to spy on an activist in the United Arab Emirates.

Its best-known product is Pegasus, a highly invasive tool that can reportedly switch on a target’s phone camera and microphone, and access data on it.

The firm has been adamant that it only licenses its software to governments for “fighting crime and terror,” and that it investigates credible allegations of misuse, but activists say the technology has been instead used for human rights abuses.

Source link

The post #hacking | Facebook reportedly derailed Europe terror probe by alerting users of phone hack appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | TikTok Tightens Rules on Video Content and Users

Source: National Cyber Security – Produced By Gregory Evans TikTok has overhauled its guidelines to clarify what kind of content is off-limits, from racial slurs to critical remarks about other users’ hygiene, at a time when the popular video app is facing increased scrutiny over its security. The more expansive rules released Wednesday cover 10 […] View full post on AmIHackerProof.com

#cybersecurity | #infosec | Facebook and Twitter warn some users’ private data accessed via SDK

Source: National Cyber Security – Produced By Gregory Evans

Facebook and Twitter have announced that personal data related to hundreds of users may have been improperly accessed after users logged into third-party Android apps with their social media accounts.

According to a report by CNBC, users of Android apps that made use of a software development kit (SDK) named oneAudience may have unwittingly shared information such as their email addresses, usernames and recent tweets.

CNBC says that amongst the offending Android apps are the photo-editing tools Giant Square and Photofy. Presently there is no indication that iOS users are affected by the issue.

According to an advisory published by Twitter, data extracted from accounts via the use of the oneAudience SDK (which it describes as “malicious”) in a smartphone app could be used to take control of a Twitter account, although it has seen no evidence that this has occurred.

Twitter was keen to emphasise that the “issue is not due to a vulnerability in Twitter’s software, but rather the lack of isolation between SDKs within an application,” and says it will be notifying users of the Twitter for Android app who may have been affected.

Furthermore, Twitter says it has “informed Google and Apple about the malicious SDK so they can take further action if needed.” I presume what they mean by that is that so Google and Apple can kick any offending apps out of their respective app stores.

In response, oneAudience has issued a statement claiming the “data was never intended to be collected, never added to [its] database and never used.”

According to the company, it “proactively” updated its SDK in mid-November so user data could not be collected, and asked developer partners to update to the new version. However, it has now announced it is shutting down the offending SDK.

Facebook meanwhile has issued a statement saying that it is taking action against not only the oneAudience SDK, but also an SDK from marketing company MobiBurn:

“Security researchers recently notified us about two bad actors, One Audience and Mobiburn, who were paying developers to use malicious software developer kits (SDKs) in a number of apps available in popular app stores.”

“After investigating, we removed the apps from our platform for violating our platform policies and issued cease and desist letters against One Audience and Mobiburn. We plan to notify people whose information we believe was likely shared after they had granted these apps permission to access their profile information like name, email and gender. We encourage people to be cautious when choosing which third-party apps are granted access to their social media accounts.”

On its website, MobiBurn describes how it helps app developers generate revenue – not by placing more ads within an app, but through the “monetization of your applications’ valuable data in a safe and confidential way.”

However, in light of the revelations and action taken by Facebook and Twitter, MobiBurn says it has “stopped all its activities” until investigations are complete.

mobiburn statement

This is all very well and good, but what are users supposed to do to protect themselves?

When they install an app, they have no way of knowing whether the developers chose to make use of a malicious SDK which might leave personal information exposed.

All you can realistically do is exercise restraint regarding which third-party apps you connect to your social media profiles. The fewer apps you connect to your Facebook and Twitter, the smaller the chance that someone’s code will be abusing that connection to access information you would rather not share.


Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

Source link

The post #cybersecurity | #infosec | Facebook and Twitter warn some users’ private data accessed via SDK appeared first on National Cyber Security.

View full post on National Cyber Security

Google Cloud Update Gives Users Greater Data Control

Source: National Cyber Security – Produced By Gregory Evans

External Key Manager and Key Access Justification are intended to give organizations greater visibility into requests for data access.

Google Cloud today debuted new capabilities, External Key Manager and Key Access Justifications, to give customers greater visibility into who requests access to their information and the reasoning behind these requests. They also have the ability to approve or deny them.

Google Cloud encrypts customer data-at-rest by default; users have several options to manage encryption keys. External Key Manager, coming soon in beta, is the next level of control. It works with Cloud KMS and lets users encrypt data in BigQuery and Compute Engine. Encryption keys are stored and managed in a third-party system outside Google. The idea is to let companies separate data and encryption keys while still using cloud compute and analytics.

Key Access Justifications is a new capability designed to work with External Key Manager. When an encryption key is requested to decrypt data, this tool provides visibility into the request and its justification, along with a mechanism to approve or deny the key in the context of that request, using an automated policy set by the administrator via third-party functionality.

This feature is coming soon to alpha for BigQuery and Compute Engine/Persistent Disk, and it covers the transition from data-at-rest to data-in-use, Google reports.

Read more details here and here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

More Insights

Source link

The post Google Cloud Update Gives Users Greater Data Control appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | Woolworths issues coupon-scam alert for Facebook users looking for Christmas savings

Source: National Cyber Security – Produced By Gregory Evans

Woolworths yesterday issued an urgent scam alert over a branded coupon offering Facebook users $100 off their next transaction.

The post is heavily branded with convincing features such as disclaimers and a barcode. Users are asked to activate the coupon by sharing the link with their family and friends.

Woolworths has reported the scam to the Australian Competition and Consumer Commission (ACCC) and Scamwatch, and asks shoppers to be vigilant with guarding their personal and financial details.

“Scams are often specially designed to look genuine, and often copy features from legitimate communications such as our logo and branding,” the supermarket giant said in a statement.

“Woolworths will never email, message, or call you to ask for your personal or financial information including your password, credit card details or account information.”

Woolworths suggests users take particular care with links similar to its official web address with misspellings.

“For example, the link might take you to the website www.woolwoorths.com.au instead of www.woolworths.com.au,” the statement reads.

The Facebook scam follows a string of similar scams and subsequent warnings, such as emails posing as surveys or phishing text messages posing as package alerts from Australia Post.

According to the ACCC, more than 3,000 Aussie SMEs lost over $4.5 million due to scams in the last year.

Cyber security experts have spoken to SmartCompany about being on guard year-round as they push for policy reforms to combat the rising prevalence of sophisticated online scams.

“For a while, there were a lot of email security programs that did a good job of stopping spam, but we’ve become over-reliant on them,” Andrew Bycroft, chief executive of the international cyber resilience institute, said.

“Even if you get an email from someone you believe is a friend it could have come from anywhere.”

NOW READ: Telstra bill? Bin it. Australian inboxes targeted by sophisticated phishing scam

NOW READ: ‘Don’t trust email’: Half-a-billion lost to scams in 2018, ACCC says

Source link

The post #cyberfraud | #cybercriminals | Woolworths issues coupon-scam alert for Facebook users looking for Christmas savings appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | There’s A New Cyber Threat Targeting Netflix Users

Source: National Cyber Security – Produced By Gregory Evans

There’s a new phishing scam targeting Australian Netflix customers – and it’s incredibly easy to be fooled by it. The highly convincing email requests users to update their payment information via a link to an official looking website. Whatever you do, do not click that link. Here’s what you need to know.

Australian Netflix users have been hit by a fresh wave of phishing scams designed to steal your money. The email uses official branding and even uses the customer’s username – just like a real Netflix email. The supplied link also looks legit.

Despite being outed by the media last Friday, the scam is still reaching potential victims. I know this because my wife just received the below email:

“Sorry for the interruption, but we are having trouble authorising your Credit Card,” the email states. “Please visit www.netflix.com/youraccountpayment to enter your payment information again or to use a different payment method. When you have finished, we will try to verify your account again. If it still does not work, you will want to contact your credit card company.”

Clicking on the link takes you to a phishing site that looks just like the real Netflix site. Typing in your credit card details will result in currency theft and the locking of your Netflix account.

The only signs that something dodgy is afoot are the sender’s email address and the URL permalink (which is different to the supplied hyperlink.) While these red flags are obvious to tech-savvy users, I imagine there are many casuals out there who would fail to notice.

Needless to say, if you receive one of these emails you should delete it without clicking on any of the supplied links. You can read up on how to identify and avoid email scams here as well as in the video below.


10 Steps To Avoid Falling Victim To An Email Phishing Scam

One of the most popular ways for cybercriminals to steal personal information is by using email phishing scams. Cybercriminals often use this method of attack to trick employees from large organisations into clicking onto malicious links so they can gain access to corporate networks that contain valuable data. Here are 10 tips on how to avoid becoming a email phishing victim.

Read more

Source link

The post #cyberfraud | #cybercriminals | There’s A New Cyber Threat Targeting Netflix Users appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Fake Tor Browser Found Stealing Bitcoin From Darknet Market Users

Source: National Cyber Security – Produced By Gregory Evans

/latest/2019/10/fake-tor-browser-found-stealing-bitcoin-from-darknet-market-users/

A fake version of the popular Tor Browser, used to access the deep web, has been found to be stealing the bitcoin of users looking to shop on darknet markets.

According to researchers, the malicious version of the browser has been promoted as its Russian version on posts published on Pastebin, optimized to rank on search engines for queries related to cryptocurrencies, drugs, censorship, and politicians.

The malicious browser is distributed through two domains, created in 2014, to Russian users as it if were an official version. The website’s pages mimic those of the Tor project’s official website, but add a warning to the user telling them their privacy is at risk because their browser is supposedly outdated.

A translated version of the message reads:

Your anonymity is in danger! WARNING: Your Tor Browser is outdated. Click the button “Update”


On the Pastebin and forum posts, the cybercriminals advertise various features the Tor browser doesn’t actually have, such as an anti-captcha system that allows them to bypass checks. In reality, users download a compromised version of the official Tor browser’s 7.5 version, released in January of last year.

Cybersecurity researchers at ESET further discovered the altered Tor version stops the browser from asking users for an update, as this would update them to a non-compromised version of the official Tor browser.

To get to users’ bitcoins, the browser includes a script that detects when users are about to fund their BTC wallets on darknet markets, and replaces thee destination wallets with their own.

The criminals’ three identified bitcoin wallets made a total of 863 transactions, and currently have 4.8 BTC (around $38,000) in them. The wallets have been active since 2017. Back in July, Chainalysis found that darknet markets were on pace to see $1 billion worth of bitcoin transactions this year.

As reported U.S. authorities recently took down one of the largest child porn websites on the darknet after tracing bitcoin transactions.

Featured image by Kaur Kristjan on Unsplash.

Source link
——————————————————————————————————

The post #deepweb | <p> Fake Tor Browser Found Stealing Bitcoin From Darknet Market Users <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | Negligent Users are Biggest Cybersecurity Threat to German Organizations: Survey

Source: National Cyber Security – Produced By Gregory Evans

You are only as strong as your weakest link and the cybersecurity industry is no different. A recent survey by SolarWinds, a provider of IT management software, pointed out that negligent users are the biggest cybersecurity threat to German organizations. The company did the survey in a bid to highlight the threats the cybersecurity professionals are facing daily.

The research, which surveyed over 100 information technology professionals from Germany, stated that user errors constituted the largest share of cybersecurity incidents in the last 12 months, at a whopping 80 percent. The study stressed on the fact that internal factors are the most pressing cybersecurity threats. User errors were followed by exposures caused by poor network system or application security at 36 percent, and external actors infiltrating the company’s network at 31 percent.

To understand the factors contributing to the trend, the survey also found out that poor passwords were one of the major concerns for German techies. Nearly 45 percent of the respondents stated that poor and weak passwords were one of the biggest reasons for the breaches, while 42 percent of the respondents stated that sharing passwords is also another grave contributor. Other factors were accidental exposure, deletion, modification of critical data and even copying data into unsecured devices.

To top it all, it was also revealed that 89 percent of IT experts felt that they were unequipped to successfully implement and manage cybersecurity tasks today, with their current IT skillset.

“Our research shows once again that the biggest risk to the organization comes from the inside, aligning with research SolarWinds conducted in other regions earlier this year,” said Tim Brown, vice president of security, SolarWinds. “This underscores the continued need for organizations to address the human side of IT security and consistently educate users on how to avoid mistakes while encouraging an environment of learning and training. However, that alone is not enough; tech pros also need the best possible technology to effectively fight against both threats from the inside and potentially more sophisticated threats from the outside. SolarWinds is committed to helping IT and security teams by equipping them with powerful, affordable solutions that are easy to implement and manage. Good security should be within the reach of all organizations.”

It is not always an accidental error from insiders; sometimes these incidents are a part of a much larger scheme. Earlier this year, a recruiter from the telecommunications company AT&T Network was charged for paying insiders to upload malware on the company’s computer networks to unlock cell phones.

According to the United States Department of Justice (DOJ), the insiders, who worked in AT&T’s Bothell Customer Service Center, allegedly exploited AT&T’s proprietary locking software to remove millions of phones from the AT&T network system and payment plans, which incurred a loss of a million dollars to the company. It’s said that Fahd and his co-conspirators gave over $1 million in bribes to install malware and spying devices in the company.

Source link
____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

The post #cybersecurity | Negligent Users are Biggest Cybersecurity Threat to German Organizations: Survey appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | SolarWinds Research Reveals Negligent Users as Top Cybersecurity Threat to German Organisations

Source: National Cyber Security – Produced By Gregory Evans

BERLIN–(BUSINESS WIRE)–SolarWinds (NYSE:SWI), a leading provider of powerful and affordable IT management software, today released findings of its latest cybersecurity research at it-sa (Booth #127). The research highlights the threats technology professionals face today and those they expect over the next 12 months, revealing internal factors as the most prominent cybersecurity threat.

The research of over 100 IT professionals in Germany revealed internal user mistakes created the largest percentage of cybersecurity incidents over the past twelve months (80%), followed by exposures caused by poor network system or application security (36%), and external threat actors infiltrating the organisation’s network or systems (31%).

Poor password management ranked as the leading cause of concern for German IT professionals regarding insider threats. Forty-five percent of tech pros surveyed indicated poor password management or weak passwords as the most common cause of accidental or careless insider breaches, while 42% cited sharing passwords as the most common problem. Password management issues, accidental exposure, deletion, corruption or modification of critical data (40%), and copying data to unsecured devices (36%) were the other leading causes reported that lead to insider mistakes.

The survey results also found that 89% of tech pros surveyed indicated they feel unequipped to successfully implement and manage cybersecurity tasks today with their current IT skillset.

“Our research shows once again that the biggest risk to the organization comes from the inside, aligning with research SolarWinds conducted in other regions earlier this year,” said Tim Brown, vice president of security, SolarWinds. “This underscores the continued need for organizations to address the human side of IT security and consistently educate users on how to avoid mistakes, while encouraging an environment of learning and training. However, that alone is not enough; tech pros also need the best possible technology to effectively fight against both threats from the inside and potentially more sophisticated threats from the outside. SolarWinds is committed to helping IT and security teams by equipping them with powerful, affordable solutions that are easy to implement and manage. Good security should be within the reach of all organizations.”

SolarWinds at it-sa, The IT Security Expo and Congress

Booth 127, Hall 9

  • When: October 8 – 10, 2019
  • Where: Nuremberg, Germany

At it-sa, Europe’s largest IT security expo, SolarWinds Head Geek™, Sascha Giese, along with other technical experts, will be onsite to provide in-depth demos of SolarWinds security solutions. These include SolarWinds® Access Rights Manager (ARM), SolarWinds Security Event Manager (SEM), SolarWinds Backup, and SolarWinds Patch Manager—plus a suite of monitoring and management platforms with security baked in, including capabilities for robust endpoint detection and response. These products address the gaps identified by the research findings, including the need for more affordable solutions, technologies that help mitigate skills shortages, a layered approach to security, and solutions that fight threats from both the inside and outside of an organization’s technology infrastructure.

“SolarWinds security solutions help address the gaps identified by the research findings,” stated Sascha Giese. “ARM, for example, helps organizations detect compromises or malicious behavior from inside the company, while helping to drive more effective compliance programs. Nearly two-thirds of tech pros surveyed indicate they already use an access rights management solution, underscoring its importance. At it-sa, I’m looking forward to learning even more about the security pain points of our customers and prospects—so we can do even more to help get them resolved.”

Key Findings

Threat Trends: Internal Users Put Organisations at Risk

Types of cybersecurity threats leading to security incidents within the past 12 months:

  • Out of a variety of security incidents, 80% of respondents attributed the largest portion of cybersecurity threats to internal users making mistakes, while 31% attributed at least a portion to external threat actors; followed by 36% that indicated exposures caused by poor network system and/or application security have led to security incidents.
  • 70% indicated regular employees are the users who pose the biggest risk for insider abuse and/or misuse, followed by privileged IT administrators and executives (45% and 33%, respectively).
  • 45% named poor password management as the most common cause of accidental/careless insider breaches from employees and contractors, while 42% of tech pros surveyed state that sharing passwords is the most common cause, followed by accidentally exposing, deleting, corrupting, and/or modifying critical data and copying data to unsecured devices (40% and 36%, respectively).

The following cybersecurity threats could lead to security incidents in the next 12 months:

  • 55% of respondents are extremely concerned or moderately concerned (combined) about internal users making mistakes that put organisations at risk. This is followed by 50% and 42% indicating exposure caused by poor network system and/or system security and external threat actors infiltrating their organisation’s network and/or systems as the top concerns, respectively.
  • Nearly half of tech pros surveyed are extremely concerned or moderately concerned (combined) that cybercriminals will lead to security incidents in the next twelve months, while one-third of tech pros feel the same about cyberterrorists—and one-fifth of tech pros indicating nation-state actors as top concerns within the same timeframe.

IT Skillsets and Landscape: Not Sufficiently Equipped

  • 89% of tech pros feel unequipped to successfully implement and manage cybersecurity tasks today given their current IT skillset, while over half of tech pros surveyed (54%) feel unequipped to utilize predictive analytics to determine the likelihood of outcomes in their architecture.
  • One-fourth of tech pros feel the most significant barrier to maintaining and improving IT security within their organisation is the complexity of their IT infrastructure, followed by budget constraints (20%), and lack of manpower (19%).
  • 45% of tech pros surveyed have adopted a hybrid approach to their IT security, protecting and managing the security of their own network but also using a managed provider to deliver some security services—while 43% are self-managed and 6% outsource entirely.

Top Security Technologies

  • Top technologies used by technology professionals according to respondents include:
  • Detection:

    • Access rights management (64%)
    • IDS and/ or IPS (48%)
    • Vulnerability assessment (38%)
  • Protection:

    • Email security (77%)
    • Data encryption (70%)
    • Endpoint protection (65%)
    • Patch management (65%)
  • Risk management:

    • Identity governance (58%)
    • Asset management (55%)
    • Governance, risk, and compliance (GRC) (45%)
  • Response and recovery:

    • Backup and recovery (70%)
    • Access rights management (50%)
    • Incident response (37%)

The findings are based on a survey fielded in August/September 2019, which yielded responses from 110 technology practitioners, managers, and directors in Germany from public- and private-sector small, mid-size and enterprise organisations.

Additional Resources

Connect with SolarWinds

Information regarding employment opportunities with SolarWinds Berlin is available at https://solarwinds.jobs/jobs/?location=Germany

#SWIproducts

#SWIsecurity

#SWIresearch

About SolarWinds

SolarWinds (NYSE:SWI) is a leading provider of powerful and affordable IT infrastructure management software. Our products give organizations worldwide, regardless of type, size or IT infrastructure complexity, the power to monitor and manage the performance of their IT environments, whether on-premises, in the cloud, or in hybrid models. We continuously engage with all types of technology professionals—IT operations professionals, DevOps professionals, and managed service providers (MSPs)—to understand the challenges they face maintaining high-performing and highly available IT infrastructures. The insights we gain from engaging with them, in places like our THWACK online community, allow us to build products that solve well-understood IT management challenges in ways that technology professionals want them solved. This focus on the user and commitment to excellence in end-to-end hybrid IT performance management has established SolarWinds as a worldwide leader in network management software and MSP solutions. Learn more today at www.solarwinds.com.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks of) their respective companies.

© 2019 SolarWinds Worldwide, LLC. All rights reserved.

Source link
____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

The post #cybersecurity | SolarWinds Research Reveals Negligent Users as Top Cybersecurity Threat to German Organisations appeared first on National Cyber Security.

View full post on National Cyber Security

#androidsecurity | Google opens its Android security-key tech to iPhone and iPad users – TechCrunch

Source: National Cyber Security – Produced By Gregory Evans

Google will now allow iPhone and iPad owners to use their Android security key to verify sign-ins, the company said Wednesday.

Last month, the search and mobile giant said it developed a new Bluetooth-based protocol that will allow modern Android 7.0 devices and later to act as a security key for two-factor authentication. Since then, Google said 100,000 users are already using their Android phones as a security key.

Since its debut, the technology was limited to Chrome sign-ins. Now Google says Apple device owners can get the same protections without having to plug anything in.

Signing in to a Google account on an iPad using an Android 7.0 device (Image: Google)

Security keys are an important security step for users who are particularly at risk of advanced attacks. They’re designed to thwart even the smartest and most resourceful attackers, like nation-state hackers. Instead of a security key that you keep on your key ring, newer Android devices have the technology built-in. When you log in to your account, you are prompted to authenticate with your key. Even if someone steals your password, they can’t log in without your authenticating device. Even phishing pages won’t work because only legitimate websites support security keys.

For the most part, security keys are a last line of defense. Google admitted last month that its standalone Titan security keys were vulnerable to a pairing bug, potentially putting it at risk of hijack. The company offered a free replacement for any affected device.

The security key technology is also FIDO2 compliant, a secure and flexible standard that allows various devices running different operating systems to communicate with each other for authentication.

For the Android security key to work, iPhone and iPad users need the Google Smart Lock app installed. For now, Google said the Android security key will be limited to sign-ins to Google accounts only.

Source link

The post #androidsecurity | Google opens its Android security-key tech to iPhone and iPad users – TechCrunch appeared first on National Cyber Security.

View full post on National Cyber Security