Last week, a lot of tech media sites were breathlessly reporting how the National Institute of Science and Technology in the United States was saying that two-factor authentication (2FA) via SMS messages would be “deprecated” in future standards. Some took this to mean that this technique was insecure, and that users should shy away from this method. Let’s step back and see what the NIST really said:
Read MoreThe past few weeks have seen some very high-profile sites adopt two-factor authentication in one form or another. First was Twitter, followed soon by Evernote and Linkedin. For users of these sites, these represent a welcome improvement to their security. In the event that their password is (somehow) compromised, an attacker faces another barrier before…
Read MoreTrend Micro has been alerted that certain ZeuS/ZBOT variants are now able to break into users’ bank accounts in spite of two-factor authentication systems. These are frequently used to enhance bank security. These ZeuS variants can specifically use mobile malware to defeat systems that rely on text messages sent via mobile phones on Symbian OSs….
Read MoreTrend Micro Content Security discovered a phishing URL that, when loaded, displays a Web page strikingly similar to the Irish bank Permanent TSB (formerly known as the Irish Permanent Building Society). Online banking facilities usually ensure the security of transactions processed within their domains by using a secure protocol. This has become a standard for…
Read MoreThis blog post lists different kinds of attacks against WordPress, by way of payload examples we observed in the wild, and how attacks have used hacked admin access and API, Alfa-Shell deployment, and SEO poisoning to take advantage of vulnerable sites.
Read More