Security News
Whisper, a mobile app for sharing those thoughts you'd rather not make public, turns out to be better at sharing secrets than keeping them, spilling a whopping 90 metadata fields associated with users in an exposed database. In a phone interview with The Register, Dan Ehrlich, security consultant with Twelve Security, said colleague Matt Porter had spotted the unprotected Whisper ElasticSearch database.
OpenSSH version 8.2 is out and the big news is that the world's most popular remote management software now supports authentication using any FIDO U2F hardware token. Adding support inside OpenSSH simply means that any U2F token can now be used, including older FIDO1 and more recent FIDO2 hardware.
100K or so creators in the YouTube car community were targeted by a phishing campaign that captured 2FA codes.
Microsoft-owned GitHub on Monday announced that its token scanning service will also check commits for Atlassian, Dropbox, Discord, Proctorio and Pulumi tokens that have been accidentally shared. read more
IOTA Foundation, a non-profit foundation focused on distributed ledger technology (DLT) and open-source ecosystem development, announced the release of Trinity, a secure software wallet for IOTA...
Security token maker Yubico has issued an important advisory affecting high-end versions of its YubiKey authentication key.
For FIPS sake! Yubico is recalling one of its YubiKey lines after the authentication dongles were found to have a security weakness.…
Mark Risher of Google extols the virtues of security keys: I'll say it again for the people in the back: with Security Keys, instead of the *user* needing to verify the site, the *site* has to...
Docker, the company behing the popular virtualization tool bearing the same name, has announced late on Friday that it has suffered a security breach. There was no official public announcement....
A new security feature allows users of Android 7 and later to use their smartphones to authenticate themselves to their Google accounts.