Information

21 Mar

Twitter ends free SMS 2FA: Here’s how you can protect your account now

Information

Twitter’s ditching of free text-message authentication doesn’t mean that you should forgo using 2FA. Instead, switch to another – and, indeed, better – 2FA option. Starting today, Twitter is disabling SMS-based two-factor authentication (2FA) for all but paying users following a decision that, not unlike other recent moves by the social media giant, has been met with controversy that has reverberated far beyond the Twitterverse. “While historically a popular form of 2FA, unfortunately, we have…

Read More
21 Mar

Google Pixel phones had a serious data leakage bug – here’s what to do!

Information

by Paul Ducklin Even if you’ve never used one, you probably know what a VCR is (or was). Short for video cassette recorder, it was how we recorded and watched back videos at home in the days when digital video stored on hard disks was the absurdly expensive privilege of huge companies, typically TV stations. The cassettes were small plastic containers that held two reels and a long strip of magnetic recording tape – kind…

Read More
21 Mar

Verosint Launches Account Fraud Detection and Prevention Platform

Information, News

Security startup 443ID, which previously focused on bringing open source intelligence (OSINT) to access management, is now refocusing its solution to tackle account fraud detection and prevention, and has changed its name to Verosint to better describe its new focus. It is launching what is technically version 2 of 443ID’s IAM platform, but is effectively version 1 of Verosint’s account fraud solution. “The previous product was focused on measuring the likelihood of risk to enable…

Read More
20 Mar

Bitcoin ATM customers hacked by video upload that was actually an app

Information

by Paul Ducklin There are plenty of military puns in operating system history. Unix famously has a whole raft of personnel known as Major Number, who organise the batallions of devices such as disk drives, keyboards and webcams in your system. Microsoft once struggled with the apparently incompetent General Failure, who was regularly spotted trying to read your DOS disks and failing. Linux has intermittently has trouble with Colonel Panic, whose appearance is typically followed…

Read More
20 Mar

Why You Should Opt Out of Sharing Data With Your Mobile Provider

Data Breaches, Information, Insights

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection. Here’s a primer on why you might want to do that, and how. Image: Shutterstock Telecommunications giant AT&T disclosed this month that a breach…

Read More
20 Mar

Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes

Information, News

Cryptocurrency ATM manufacturer General Bytes over the weekend disclosed a security incident that resulted in the theft of millions of dollars’ worth of funds. The attackers, the company says, exploited a vulnerability in the master service interface that Bitcoin ATMs use to upload videos, which allowed them to upload a JavaScript script and execute it with batm user privileges. “The attacker scanned the Digital Ocean cloud hosting IP address space and identified running CAS services…

Read More
18 Mar

Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder

Information, News

Chinese technology giant Huawei has replaced thousands of product components banned by the United States with homegrown versions, its founder has said, according to a transcript of a recent speech released by a Shanghai university. A leading supplier of telecom gear, smartphones and other advanced equipment, Huawei has been repeatedly targeted by Washington in recent years over cybersecurity and espionage concerns. The administration of former president Donald Trump effectively barred American companies from doing business…

Read More
18 Mar

Banking turmoil opens opportunities for fraud – Week in security with Tony Anscombe

Information

Scammers are looking to cash in on the chaos that has set in following the startling meltdowns of Silicon Valley Bank and Signature Bank and the crisis at Credit Suisse When mayhem, panic and chaos set in – as has been the case following the meltdowns of Silicon Valley Bank (SVB) and Signature Bank and the struggles of Credit Suisse in recent days – cybercriminals jump in and seize the opportunity. In this video, Tony…

Read More
17 Mar

Feds Charge NY Man as BreachForums Boss “Pompompurin”

Information, Insights

The U.S. Federal Bureau of Investigation (FBI) this week arrested a New York man on suspicion of running BreachForums, a popular English-language cybercrime forum where some of the world biggest hacked databases routinely show up for sale. The forum’s administrator “Pompompurin” has been a thorn in the side of the FBI for years, and BreachForums is widely considered a reincarnation of RaidForums, a remarkably similar crime forum that the FBI infiltrated and dismantled in 2022.…

Read More
17 Mar

SVB collapse is a scammer’s dream: Don’t get caught out

Information

How cybercriminals can exploit Silicon Valley Bank’s downfall for their own ends – and at your expense Big news events and major crises usually trigger an avalanche of follow-on phishing attempts. The COVID-19 pandemic and Russia’s invasion of Ukraine are perhaps the most obvious examples, but the most recent one is the collapse of Silicon Valley Bank (SVB). The mid-sized US lender and a key financer of tech start-ups held tens of billions of dollars’…

Read More