Posted on

Google makes 2-Factor Authentication a lot Easier and Faster

When it comes to data breaches of major online services like

LinkedIn

,

MySpace

,

Twitter

and

VK.com

, it’s two-factor authentication that could save you from being hacked.

Two-factor authentication or 2-step verification is an effective way to secure online accounts, but many users avoid enabling the feature just to save themselves from irritation of receiving and typing a six-digit code that takes their 10 to 15 extra seconds.

Now, Google has made the 2-Step Verification (2FV) process much easier for its users, allowing you to login with just a single tap instead of typing codes.

Previously, you have had to manually enter a six-digit code received via an SMS or from an authenticator app, but now…

Google has

introduced

a new method called “

Google Prompt

” that uses a simple push notification where you just have to tap on your mobile phone to approve login requests.

Also Read: Google Plans to Kill your Passwords

.

In other words, while signing in to your account, just enter your password, and you will get a pop-up message on your mobile phone asking you if you want to sign in. If you want, then press “Yes” and you’re in.

How to Set Up Google Prompt

Here’s how you can enable Google Prompt for your Google accounts:

Before enabling Google Prompt, first enable two-step verification for your Google account and you have already enabled two-step verification, you can skip this part.

  • Go to myaccount.google.com and sign in to your Google account.
  • Select ‘Signing in to Google,’ using 2-Step Verification.
  • Click on ‘Get started’ and enter your password once again.
  • Now provide your phone number you want to use for authenticating, and choose either an SMS or phone call for verification, and click on ‘Try it.’
  • Enter the 6-digit code from the SMS or phone call and select ‘Next.’
  • For setting up two-step verification, click ‘Turn ON.’

Now, once you have enabled

two-step verification

, follow these simple steps that will just take a few second. All you need is an Android or iOS device nearby.

  • Under ‘Set up alternative second step,’ click on the Google prompt option
  • Add phone and click Get started.

Then just follow the on-screen instructions and you’re all set to go.

If you have an iPhone, you are required to download the

Google Search

app first and sign in before using Google Prompt. But, if you are an Android user, just update your Google Play Service.

Two-step verification has become so easier to use, so what are you now waiting for?

via https://ift.tt/28NkTbx

Posted on

One Million IP Addresses Used In Brute-Force Attack On A Bank

Cisco says in just one week in February they detected 1,127,818 different IP addresses being used to launch 744,361,093 login attempts on 220,758,340 different email addresses — and that 93% of those attacks were directed at two financial institutions in a massive Account Takeover (ATO) campaign.

 

Crooks used 993,547 distinct IPs to check login credentials for 427,444,261 accounts. For most of these attacks, the crooks used proxy servers, but also two botnets, one of compromised Arris cable modems, and one of ZyXel routers/modems. Most of these credentials have been acquired from public breaches or underground hacking forums.

 

For more information, read the full article here.

Posted on

Cryptocurrency raider takes $60 million in digital cash

A cryptocurrency is only as reliable as the technology that keeps it running, and Ethereum is learning this the hard way. An attacker has taken an estimated $60 million in Ethereum’s digital money (Ether) by exploiting vulnerabilities in the Decentralized Autonomous Organization, an investment collective. The raider took advantage of a "recursive call" flaw in the DAO’s code-based smart contracts, which administer the funds, to scoop up Ether many times in a single pass.

 

Ethereum’s Vitalik Buterin has revealed a planned software fork that would prevent the intruder from using the ill-gotten goods, but there are still plenty of headaches in store for both contract creators and investors. Contract makers will have to take extra care to avoid the flaw and limit the value of their contracts so that a bad actor doesn’t make off with a huge sum of cash. Buterin says that Ethereum itself is safe — miners can carry on, and users should "sit tight and remain calm" while they wait to trade again. Still, it’s easy to imagine everyone being nervous.

 

The kicker? People were convinced that the bug posed no risk to DAO funds just a few days prior. Clearly, that wasn’t true. While the invader didn’t get away scot-free, the breach has caused a lot of chaos. And while one person’s claims that they legitimately took the funds is sketchy, Bloomberg notes that the code defining the smart contracts may have explicitly allowed this attack even if that’s not what the DAO wanted. This may not be so much a hack as exploitation of poorly-defined terms, and there may not be a legal recourse. In short: basing an investment framework around code instead of human-made contracts may have been too optimistic.

 

Read the full article here.

Posted on

Corporate Email Phishing Scams Result in $3.1B Loss, Near 1300% Increase in 18 Months

Total number of Business Email Compromise (BEC) related crimes have reached epidemic levels, at nearly $3.1 billion in losses and involving 22,143 victims worldwide since January 2015, according to a new FBI report.

 

BEC or Business Email Compromise is defined by FBI as "a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds."

 

Most victims, according to reports to FBI, "use wire transfers as a common method of transferring funds for business purposes; however, some victims report using checks as a common method of payment. The fraudsters will use the method most commonly associated with their victim’s normal business practices."

 

The BEC scam continues to grow, evolve, and target businesses of all sizes the FBI reports. Since January 2015, there has been a 1,300% increase in identified exposed losses (i.e. Exposed dollar loss which includes actual and attempted loss in United States dollars.) The scam has been reported by victims in all 50 states and in 100 countries. Reports to FBI indicate fraudulent transfers have been sent to 79 countries with the majority going to Asian banks located within China and Hong Kong.

 

Characteristics of BEC Complaints

The IC3 has noted the following characteristics of BEC complaints

•  Businesses and associated personnel using open source email accounts are predominantly targeted.

•  Individuals responsible for handling wire transfers within a specific business are targeted.

•  Spoofed emails very closely mimic a legitimate email request.

•  Hacked emails often occur with a personal email account.

•  Fraudulent email requests for a wire transfer are well-worded, specific to the business being victimized, and do not raise suspicions to the legitimacy of the request.

•  The phrases “code to admin expenses” or “urgent wire transfer” were reported by victims in some of the fraudulent email requests.

•  The amount of the fraudulent wire transfer request is business-specific; therefore, dollar amounts requested are similar to normal business transaction amounts so as to not raise doubt.

•  Fraudulent emails received have coincided with business travel dates for executives whose emails were spoofed.

•  Victims report that IP addresses frequently trace back to free domain registrars.

The FBI recommends victims to always file a complaint regardless of dollar loss or timing of incident at www.IC3.gov.

Read the full article here.

Posted on

Problems With Chrome? Use Google’s Free Cleanup Tool.

Google Chrome recently overtook Internet Explorer to become the most-used browser on the web. To be fair to Microsoft; however, we should note that Windows 10 encourages people to use the new Edge browser and so it was always inevitable that IE usage would decline. Still, it’s a great achievement by Google and, in my own experience, Chrome is an excellent, fast browser.

 

As with all software, though, things can go wrong. Settings can become corrupted, or you may install an extension that has subsequently been identified as being malware.

 

Probably the most powerful tool to help clean up a Chrome installation is something called the Chrome Cleanup Tool. It’s an official Google release and is free of charge. You’ll find the Windows version at https://www.google.com/chrome/cleanup-tool/ and it’s a download of around 3 MB. The program is malware-free according to VirusTotal and Web of Trust.

 

Although the cleanup tool is very useful, do take heed of the warning screen when you run it. It will clear various settings, including your home page, so don’t use it until you actually have a real problem.

Posted on

LG Sells Mosquito-Repelling TV In India

In effort to fight Zika, dengue and malaria, LG has released the “LG 32LG52D” TV with “Mosquito Away Technology. According to Reuters, the TV uses ultrasonic waves that are inaudible to humans but cause mosquitoes to fly away. The TV has been released in India Thursday, and will go on sale next month in the Philippines and Sri Lanka, with no plans to market it elsewhere. It is available in two models, priced at 26,500 rupees and 47,500 rupees ($394 and $706). LG says the same technology used in its new TV has been used in some of its air conditioners and washing machines.

 

Source: https://news.slashdot.org/story/16/06/17/1943256/lg-sells-mosquito-repelling-tv-in-india

Posted on

How to Hack Someones Facebook Account Just by Knowing their Phone Numbers

Hacking Facebook account is one of the major queries on the Internet today. It’s hard to find — how to hack Facebook account, but researchers have just proven by taking control of a Facebook account with only the target’s phone number and some hacking skills.

 

Hackers with skills to exploit the SS7 network can hack your Facebook account. All they need is your phone number.

 

The weaknesses in the part of global telecom network SS7 not only let hackers and spy agencies listen to personal phone calls and intercept SMSes on a potentially massive scale but also let them hijack social media accounts to which you have provided your phone number.

 

SS7 or Signalling System Number 7 is a telephony signaling protocol that is being used by more than 800 telecommunication operators worldwide to exchange information with one another, cross-carrier billing, enabling roaming, and other features.

 

However, an issue with the SS7 network is that it trusts text messages sent over it regardless of their origin. So, malicious hackers could trick SS7 into diverting text messages as well as calls to their own devices.

 

All they need is the target’s phone number and some details of the target’s device to initiate the silent snooping.

 

The researchers from Positive Technologies, who recently showed how they could hijack WhatsApp and Telegram accounts, now gave the demonstration of the Facebook hack using similar tricks, Forbes reported.

 

Read the full article here.

Posted on

VDesk for Windows 10: launch programs on virtual desktops

VDesk is a free, open source, program for the Windows 10 operating system that extends a system’s virtual desktop functionality.

 

Microsoft added a virtual desktop feature to Windows 10 that is completely optional to use. It adds options to Windows 10 to create a number of virtual desktops that users can switch between to separate programs from each other.

 

Programs can be moved around between desktops, but there is no option to configure Windows to open programs on virtual desktops (all the time) when they are started.

 

Read the full article here.

Posted on

Singapore banks adopt voice biometrics for user authentication

Citi is launching voice biometric verification for customers in Singapore to help to cut user authentication time.

 

The bank has already implemented voice biometrics for consumer customers in Taiwan, with Singapore, Hong Kong and Australia to follow soon. The service will be available to all 12 of Citi’s consumer banking markets in Asia-Pacific by 2017.

 

Read the full article here.