Heena Sharma Blog

  Twitter has announced that users can use their security keys as only form of two-factor authentication (2FA) on both mobile and web, which is the most effective way to keep the Twitter account secure. In March, Twitter had said it would soon let people use a security key as their only two-factor authentication method. Security keys are small devices that act like keys to your house. Just as you need a physical key to unlock the door to your home, you need a security key to unlock access to your account. "Security keys offer the strongest protection for your Twitter account because they have built-in protections to ensure that even if a key is used on a phishing site, the information shared can't be used to access your account," Twitter said in a statement on Wednesday. Security keys can differentiate legitimate sites from malicious ones and block phishing attempts that SMS or verification codes would not. Read More

  Cybercriminals targeting web applications have grown more reliant on automated tools as nearly 20 per cent of the attacks detected were fuzzing attacks, trying to find the points at which applications break to exploit, a report said on Wednesday. Fuzzing is the usually automated process of finding hackable software bugs by randomly feeding different permutations of data into a target programme until one of those permutations reveals a vulnerability. The cloud-enabled security solutions provider Barracuda Networks that analyzed a sample of two months of blocked data on web application attacks in the month of November and December, found that the top five attacks using automated tools were fuzzing attacks, injection attacks, fake bots, App DDoS and blocked bots. Read More

  Ransomware and fast-changing attacker behaviours from the advanced to entry level will shape the threat landscape and IT security in 2021, says a report by cybersecurity company Sophos on Monday. The gap between ransomware operators at different ends of the skills and resource spectrum will increase, according to the "Sophos 2021 Threat Report". At the high end, the big-game hunting ransomware families will continue to refine and change their tactics, techniques and procedures (TTPs) to become more evasive and nation-state-like in sophistication, targeting larger organisations with multimillion-dollar ransom demands. In 2020, such families included Ryuk and RagnarLocker. At the other end of the spectrum, Sophos anticipates an increase in the number of entry level, apprentice-type attackers looking for menu-driven, ransomware-for-rent, such as Dharma, that allows them to target high volumes of smaller prey. Read More

Microsoft Corporation has agreed to buy the domain corp.com from a private owner for an undisclosed sum, in an effort to prevent cybercriminals from abusing it owing to a problem known as "namespace collision". According to KrebsOnSecurity, a blog run by journalist Brian Krebs, Microsoft has bought the domain from its Wisconsin-based owner Mike O'Connor "in a bid to keep it out of the hands of those who might abuse its awesome power". "We released a security advisory in June of 2009 and a security update that helps keep customers safe. In our ongoing commitment to customer security, we also acquired the Corp.com domain," the company said in a statement. Mike bought corp.com 26 years ago and hoped Microsoft would buy it someday because "hundreds of thousands of confused Windows PCs are constantly trying to share sensitive data with corp.com". Read More

Even the world’s richest person couldn’t stop a nude selfie leak. When Jeff Bezos alleged in a blog post on Thursday that he was the victim of blackmail attempts by the publisher of the National Enquirer, he underscored risks particular to billionaires in the digital age. “ The perception among very affluent people is often ‘I have this level of wealth, I’m untouchable,’' said Mark Johnson, chief executive officer of Sovereign Intelligence, a McLean, Virginia-based risk analytics firm. “But the systems they have in place for protecting their personal identifiable information are very weak." Ask any family office about its biggest fears and cybersecurity is near the top. Personal protection no longer involves just bodyguards and a top-notch alarm system. The internet age has seen a massive shift in people storing their most sensitive and personal data online, where it’s vulnerable to hacking and intrusion. Read More Article Source -> Business Standard

Your brain is an inexhaustible source of secure passwords – but you might not have to remember anything. Passwords and PINs with letters and numbers are relatively easily hacked, hard to remember and generally insecure. Biometrics are starting to take their place, with fingerprints, facial recognition and retina scanning becoming common even in routine logins for computers, smartphones and other common devices. They’re more secure because they’re harder to fake, but biometrics have a crucial vulnerability: A person only has one face, two retinas and 10 fingerprints. They represent passwords that can’t be reset if they’re compromised. Like usernames and passwords, biometric credentials are vulnerable to data breaches. In 2015, for instance, the database containing the fingerprints of 5.6 million U. S. federal employees was breached. Those people shouldn’t use their fingerprints to secure any devices, whether for personal use or at work. The next breach might steal photogr