Security News
A new Android malware called 'FluHorse' has been discovered, targeting users in Eastern Asia with malicious apps that imitate legitimate versions. The apps mimicked by the FluHorse carrier apps are 'ETC,' a toll-collection app used in Taiwan, and 'VPBank Neo,' a banking app in Vietnam.
On April 25, security researchers Tommy Mysk and Talal Haj Bakry, who are known collectively on Twitter as Mysk, warned users of Google's Authenticator 2FA app to not turn on a new syncing feature. The change came about when Google enabled its 2FA Authenticator app to sync credentials across different devices.
The Google Authenticator 2FA app has featured strongly in cybersecurity news stories lately, with Google adding a feature to let you backup your 2FA data into the cloud and then restore it onto other devices. The six-digit codes commonly generated by 2FA apps get calculated right on your phone, not on your laptop; they're based on a "Seed" or "Starting key" that's stored on your phone; and they're protected by the lock code on your phone, not by any passwords you routinely type in on your laptop.
Google has updated Google Authenticator, its mobile authenticator app for delivering time-based one-time authentication codes, and now allows users to sync their codes to their Google account. They can later be seamlessly synced to a new device once the Google Authenticator app is installed on it and connected to the users' Google account.
The Google Authenticator app has received a critical update for Android and iOS that allows users to back up their two-factor authentication one-time passwords to their Google Accounts and have multi-device support. Google Authenticator is an immensely popular authentication app with over 100 million installs that lets users generate these one-time passwords for 2FA verification.
Joe Burton, CEO of digital identity authentication company Telesign, spoke with TechRepublic about how the "Fuzzy" realm between statistical analysis and artificial intelligence can fuel global, fast and accurate identity management. Burton said the company is looking forward, with big plans to use new technologies and services powered by AI to set itself apart from competitors.
Security researchers discovered a new malicious browser extension called Rilide, that targets Chromium-based products like Google Chrome, Brave, Opera, and Microsoft Edge. Researchers at Trustwave SpiderLabs found that Rilide mimicked benign Google Drive extensions to hide in plain sight while abusing built-in Chrome functionalities.
Starting March 13, GitHub will gradually introduce the 2FA enrollment requirement to groups of developers and administrators, beginning with smaller groups. In case your account is selected for enrollment, you will receive a notification via email and see a banner on GitHub.com requesting you to enroll in 2FA. You will have a 45-day window to configure 2FA on your account, and before that date, you can continue to use GitHub as usual except for the occasional reminders.
GitHub will start requiring active developers to enable two-factor authentication on their accounts beginning next week, on March 13. The gradual rollout will start next week with GitHub reaching out to smaller groups of administrators and developers via email and will speed up as the end of the year approaches to ensure that onboarding is seamless and users have time to sort out any issues.
On Android, Google offers its own authenticator app, unsurprisingly called Google Authenticator, that you can get from Google Play. Google's add-on app does the job of generating the needed one-time login code sequences, just like Apple's Settings > Passwords utility on iOS. But we're going to assume that at least some people, and possibly many, will perfectly reasonably have asked themselves, "What other authenticator apps are out there, so I don't have to put all my cybersecurity eggs into Apple's basket?".