Security

It turns out the key to counteracting employee phishing at Google is an actual key.

The company began using physical USB-based security keys in early 2017 and since then, none of its 85,000-plus employees have been phished on their work accounts, Krebs on Security reported last week. The keys serve as an alternative to two-factor authentication, in which users first log into a website using a password and then must enter an additional one-time code that's usually sent to their phone via text or an app.

Cryptocurrency exchanges and private wallets have been fully in cyberattacker crosshairs as criminals seek to make the most of an exploding new financial market that some analysts say will reach $1 trillion by the end of the year. In response to these attacks, a number of manufacturers have come out with secure hardware wallets meant to harden the storage of the cryptographic keys that serve as proof of ownership of vast sums of money.

Have you noticed your Android device has been slower and riddled with annoying pop-ups lately? You might have contracted malware that made its way onto your phone through the Google Play Store.

In a report, technical support site BleepingComputer details a growing trend in mobile malware that involves the use of a tool known as a "dropper," which hides code within an app.

Dropbox has denied claims that researchers obtained non-anonymized data from users of the cloud file storage service.

A study by Northwestern University researchers posted Friday, and co-bylined with a Dropbox insights manager, revealed how collaborative platforms are used by teams of people.

The operator of two defunct cryptocurrency services pleaded guilty to charges that he stole his customers’ deposits and lied to investigators after hackers stole thousands of bitcoins from the services.

Google Chrome users who visit unencrypted websites will be confronted with warnings from tomorrow.

The changes will come for surfers using the latest version of Google Chrome, version 68. Any web page not running HTTPS with a valid TLS certificate will show a "Not secure" warning in the Chrome address bar from version 68 onwards. The warning will apply both to internet-facing websites and intranet sites accessed through Chrome, which has approximately 60 per cent market share.

A prolific hacking group has struck again, this time stealing close to $1 million from Russia’s PIR Bank. The July 3 heist came about five weeks after the sophisticated hackers first gained access to the bank’s network by compromising a router used by a regional branch.

A new Microsoft bug bounty program asks researchers to hunt down vulnerabilities affecting its identity services in exchange for rewards ranging from $500 to $100,000.

Microsoft has been building its portfolio of identity services for both consumer (Microsoft Account) and enterprise (Azure Active Directory) accounts. Researchers who participate in the Identity Bounty Program will submit flaws they discover in Microsoft's identity solutions and certified implementations of select OpenID standards, the company states.

Thousands of credentials for accounts associated with New Zealand-based file storage service Mega have been published online, ZDNet has learned.

The text file contains over 15,500 usernames, passwords, and files names, indicating that each account had been improperly accessed and file names scraped.

Patrick Wardle, chief research officer and co-founder at Digita Security, found the text file in June after it had been uploaded to malware analysis site VirusTotal some months earlier by a user purportedly in Vietnam. Wardle passed the data to ZDNet.

Businesses are being urged to recognise the potential security risks of lost mobile phones and computing devices in the latest report from think tank Parliament Street.

According to the report, 25,690 mobile devices were lost on tubes, trains and buses in London between April 2017 and April 2018.