Security News

Google Employees Use a Physical Token as Their Second Authentication Factor
2018-07-26 17:18

Krebs on Security is reporting that all 85,000 Google employees use two-factor authentication with a physical token. A Google spokesperson said Security Keys now form the basis of all account...

Malicious ESLint Packages Steal Software Registry Login Tokens
2018-07-16 16:27

Following the compromise of an ESLint maintainer’s account last week, malicious packages that attempted to steal login tokens from the npm software registry were published without authorization. read more

Phishing Defense: Block OAuth Token Attacks
2018-06-21 10:03

But OAuth Attack Defense Remains Tricky, Warns FireEye's Douglas BienstockJust one click: That's all it takes for a victim to inadvertently grant attackers access to their email account via a...

Yubico snatched my login token vulnerability to claim a $5k Google bug bounty, says bloke
2018-06-18 23:21

USB gizmo biz apologies amid infosec drama Yubico has apologized to a security vulnerability researcher who had complained the dongle peddler lifted his work to nab a $5,000 Google bug bounty.…

The Google Pixelbook power button is now a 2FA token
2018-06-12 14:36

The Pixelbook's power button is a 2FA token, which is great, and almost nobody noticed, which isn't.

Scammers steal nearly $1 million from Bee Token ICO would-be investors
2018-02-02 18:28

Another day, another ICO-related scam. In an attack similar to that which fooled investors into the Enigma cryptocurrency investment platform, users who were aiming to buy Bee Tokens during a...

Tether Hacked — Attacker Steals $31 Million of Digital Tokens
2017-11-21 03:10

Again some bad news for cryptocurrency users. Tether, a Santa Monica-based start-up that provides a dollar-backed cryptocurrency tokens, has claimed that its systems have been hacked by an...

Session Hijacking Bug Exposed GitLab Users Private Tokens (Threatpost)
2017-08-31 21:00

GitLab, the popular web-based Git repository manager, fixed a vulnerability recently that could have opened its users up to session hijacking attacks.

Keys, tokens and too much trust found in container images (Help Net Security)
2017-06-16 15:00

We are all aware of the risks introduced by good old third party code. Where would we be without it? Apparently not very far. It is estimated that between 30 to 70 percent of code comes from 3rd...

Slack Fixes Cross-Origin Token Theft Bug (Threatpost)
2017-03-01 19:58

The cloud-based collaboration tool Slack was quick to fix a bug earlier this month that could have let an attacker steal a user’s private Slack token.