Facebook Adding Physical Security Key Support For Mobile Devices

Facebook Adding Physical Security Key Support For Mobile Devices

Many industry insiders consider physical security keys used in the context of two-factor authentication login schemes to be the final word in digital security. That is because even if your password is compromised, if you’re using a physical piece of hardware that has to be inserted when prompted for to complete the process, a hacker can’t breach the account in question without first having physical access to the key. Facebook has supported physical security key 2FA for desktop environments since 2017, but until quite recently, iOS and Android users simply didn’t have that option. That has now changed, thanks to a recent announcement by Facebook that they were expanding their physical security key 2FA offering to support both product ecosystems. Almost universally, privacy and security experts applaud this move. Far and away the most common form of two-factor authentication in use today is the text code. You enter your password as you normally would, and then the site you’re logging into send you a six or eight digit code to your phone. You enter that code to complete the login process. The problem with that approach, however, is that text messages can be intercepted by determined hackers, which makes that form of 2FA not as robust or secure as a physical key. Granted, it’s still heads and shoulders better than not having 2FA enabled at all. However, if you’re looking for maximum security with a minimally intrusive process, then a physical security key will make your organization and the sensitive data you’re trying to protect that much more secure. Kudos to Facebook for expanding their physical security key offering,...
Be Careful Downloading Clubhouse App On Android

Be Careful Downloading Clubhouse App On Android

Clubhouse has taken the internet by storm. Or rather, it has taken the iOS ecosystem by storm, since the company has yet to release an Android version of their increasingly popular app. If you’re not sure what all the fuss is about, Clubhouse is an audio chat app that is invitation only. If you get an invite, you can listen in on and participate in audio chats in real time. Elon Musk is personally responsible for at least some of the hype surrounding the app, having sung its praises recently in a tweet. As mentioned, the catch is that the app is only available to iOS users at this point, and there’s a growing demand for it in the Android sphere. Naturally, hackers and scammers, who seldom miss an opportunity, have been flocking to at least pretend to fill the gap, offering what they claim is the long-awaited Android version of Clubhouse. Naturally, it is no such thing. In fact, those who fall for the hype and install it without doing a bit of due diligence will soon discover that they have, in fact, downloaded the BlackRock Trojan. If there’s a silver lining to these recent events, it lies in the fact that to this point, the hackers and scammers haven’t managed to get their poisoned wares passed Google’s security, which means that the app isn’t on the Play Store. Those who download it are getting it from less trustworthy sources. Although security researchers note that the hooks scattered about the web attempting to lure people into downloading it invariably use some variant of “Get it on Google Play”...
Another Malware Evolves To Gain Access To More Systems

Another Malware Evolves To Gain Access To More Systems

One of the more disturbing trends this year is that worms are becoming popular among the hackers of the world again. We’ve seen a handful of new malware strains introduced in recent months with worm modules added to their code, allowing them to scan and infect Windows systems connected to the initial source of the infection. That’s bad news for IT Security professionals around the globe. In the early days of the internet, some of the most devastating attacks were worm-based and caused no end of trouble to organizations of all shapes and sizes. Now, it seems that today’s hackers are dusting off one of yesteryear’s favorite tactics and giving it a new lease on life. Purple Fox malware is the latest strain spotted with a worm module attacked. Purple Fox has been around a while as malware goes, being first spotted in the wild in 2018, when it infected in excess of 30,000 devices during the first campaign known to utilize it. As was the case then, Purple Fox isn’t terribly damaging in and of itself, but is primarily used as a dropper, to deploy other, more devastating forms of malware once it has gained a foothold on a target system. Given that, and its new worm-like capabilities that allow it to spread like wildfire once it gets a toehold somewhere, it should be considered dangerous indeed. Even more worrisome is the fact that after the initial spate of infections in 2018, the controllers of the code went relatively quiet until May of this year (2020), when Purple Fox attacks suddenly intensified, with more than 90,000 separate attacks...
Memory Savings Improvements Makes Windows 10 Google Chrome Faster

Memory Savings Improvements Makes Windows 10 Google Chrome Faster

If you’re a Google Chrome user, and you’re interested in maximizing the overall performance of your system, then Google’s recent announcement about their browser is sure to make you smile. The release of Chrome 89 includes enhancements design to make it run notably faster on Windows 10 and use significantly fewer resources on both Android and macOS-driven devices. According to the company’s most recent claims, in testing, in the Windows 10 environment, they saw up to 22 percent percent memory savings when measuring the browser process. They saw another 8 percent percent reduction thanks to improvements in the renderer, and a further 3 percent percent reduction in the GPU thanks to improved memory allocation. If those numbers even come close to being replicated in real world conditions, that represents a significant improvement indeed. If you’re a macOS user, then the newest version of Chrome will give you a more modest memory savings. Even so, an 8 percent improvement is nothing to sneeze at, and version 89 will also include a new tool designed to help you keep your Mac cooler, courtesy of its tab throttling feature. Again, based on the research from Google’s engineering team, they’re reporting up to a 65 percent improvement on the Apple Energy Impact score in the macOS Activity Monitor for background tabs when employing this feature. That’s certainly impressive in its own right. Finally, if you’re an Android user, you can expect to see a 5 percent reduction in memory usage, a 7.5 percent faster browser startup and 2 percent faster page loads. That might not make a big difference on any particular page,...
Internet Browsers Blocking Some Ports Due To Security Vulnerabilities

Internet Browsers Blocking Some Ports Due To Security Vulnerabilities

If you rely on TCP port 554, you’ll probably want to do a bit of reconfiguration. Last year, security researchers discovered a new version of the NAT Slipstream vulnerability that allowed hackers to deploy malicious scripts in order to bypass a website visitor’s NAT firewall and access any TCP/UDP port on the visitor’s internal network. If this issue sounds vaguely familiar, it’s because this isn’t the first time it has come up. When the issue was first reported, Google released Chrome 87, which began blocking HTTP and HTTPS access to TCP ports 5060 and 5061. Then in January of this year (2021) Google expanded their efforts, blocking HTTP, HTTPS, and FTP access to ports 69, 137, 161, 1719, 1720, 1723, and 6566. Google has, in the past, also blocked port 554, but when they did so initially, they received push back from Enterprise users who asked that the port be unblocked. Google did so, but have now reversed course, and port 554 is once again on the blocked list. It should also be noted that Google isn’t alone. In addition to Chrome 89, Firefox 84+ and Apple’s Safari browser are already blocking Port 554. So if you host a website on any of the ports mentioned above, you should reconfigure to allow visitors to continue to have unfettered access. Obviously, if you don’t currently utilize that port there’s nothing to do here. If you’re not sure, you will be soon enough, because you’re apt to get complaints from users who can no longer access your site or whatever web-based application you’re running that relies on it. Despite some back...