The discovery was made by security researchers at Mitiga

Read More

New research analyzes email scam techniques in the build-up to this year’s Black Friday

Read More

The NCSC’s founding CEO, Ciaran Martin, explains why the cyber industry is now a public good

Read More

Twitter is having intermittent problems with its two-factor authentication system:

Not all users are having problems receiving SMS authentication codes, and those who rely on an authenticator app or physical authentication token to secure their Twitter account may not have reason to test the mechanism. But users have been self-reporting issues on Twitter since the weekend, and WIRED confirmed that on at least some accounts, authentication texts are hours delayed or not coming at all. The meltdown comes less than two weeks after Twitter laid off about half of its workers, roughly 3,700 people. Since then, engineers, operations specialists, IT staff, and security teams have been stretched thin attempting to adapt Twitter’s offerings and build new features per new owner Elon Musk’s agenda.

On top of that, it seems that the system has a new vulnerability:

A researcher contacted Information Security Media Group on condition of anonymity to reveal that texting “STOP” to the Twitter verification service results in the service turning off SMS two-factor authentication.

“Your phone has been removed and SMS 2FA has been disabled from all accounts,” is the automated response.

The vulnerability, which ISMG verified, allows a hacker to spoof the registered phone number to disable two-factor authentication. That potentially exposes accounts to a password reset attack or account takeover through password stuffing.

This is not a good sign.

Read More

Announcement recognizes growing volume of smartphone payments

Read More

Threat actors installed crypto-miner and achieved persistence

Read More

Google’s Android operating system dominates smartphone usage throughout the world — in every region except North America and Oceania, in fact. Thus, businesses in many regions are likely to support and issue Android devices to employees as their mainstay mobile devices. Even in areas where Apple’s iPhone dominates or is comparable in market share, businesses are likely to support or issue Android devices at least as a secondary option.

But Android security has long been an IT concern, despite significant security improvements made to the platform a decade ago in response to security standards put in place for iPhones, which quickly gained the security seal approval as a result. That makes the buying and support decision around Android phones more complex for CISOs — whether as corporate-liable devices (that is, the devices that enterprises buy for their employees) or as employee-liable devices or bring-your-own devices (BYOD) that IT allows access at least to work email and calendars, and often to web-based services.

To read this article in full, please click here

Read More