Kategorie

Posted by Christiaan Brand, Product Manager, Google Cloud 


Securing access to online accounts is critical for safeguarding private, financial, and other sensitive data online. Phishing - where an attacker tries to trick you into giving them your username and password - is one of the most common causes of data breaches. To protect user accounts, we’ve long made it a priority to offer users many convenient forms of 2-Step Verification (2SV), also known as two-factor authentication (2FA), in addition to Google’s automatic protections. These measures help to ensure that users are not relying solely on passwords for account security.

For users at higher risk (e.g., IT administrators, executives, politicians, activists) who need more effective protection against targeted attacks, security keys provide the strongest form of 2FA. To make this phishing-resistant security accessible to more people and businesses, we recently built this capability into Android phones, expanded the availability of Titan Security Keys to more regions (Canada, France, Japan, the UK), and extended Google’s Advanced Protection Program to the enterprise.

Starting tomorrow, you will have an additional option: Google’s new USB-C Titan Security Key, compatible with your Android, Chrome OS, macOS, and Windows devices.



USB-C Titan Security Key
We partnered with Yubico to manufacture the USB-C Titan Security Key. We have had a long-standing working and customer relationship with Yubico that began in 2012 with the collaborative effort to create the FIDO Universal 2nd Factor (U2F) standard, the first open standard to enable phishing-resistant authentication. This is the same security technology that we use at Google to protect access to internal applications and systems.

USB-C Titan Security Keys are built with a hardware secure element chip that includes firmware engineered by Google to verify the key’s integrity. This is the same secure element chip and firmware that we use in our existing USB-A/NFC and Bluetooth/NFC/USB Titan Security Key models manufactured in partnership with Feitian Technologies.

USB-C Titan Security Keys will be available tomorrow individually for $40 on the Google Store in the United States. USB-A/NFC and Bluetooth/NFC/USB Titan Security Keys will also become available individually in addition to the existing bundle. Bulk orders are available for enterprise organizations in select countries.


We highly recommend all users at a higher risk of targeted attacks to get Titan Security Keys and enroll into the Advanced Protection Program (APP), which provides Google’s industry-leading security protections to defend against evolving methods that attackers use to gain access to your accounts and data. You can also use Titan Security Keys for any site where FIDO security keys are supported for 2FA, including your personal or work Google Account, 1Password, Coinbase, Dropbox, Facebook, GitHub, Salesforce, Stripe, Twitter, and more.

A fake website purports to enable iPhone users to download an iOS jailbreak - but ultimately prompts them to download a gaming app and conducts click fraud.

No, it's not a patch Tuesday. It's the third Tuesday of the month, and as The Hacker News shared an early heads-up late last week on Twitter, Adobe today finally released pre-announced out-of-band security updates to patch a total of 82 security vulnerabilities across its various products. The affected products that received security patches today include: Adobe Acrobat and Reader Adobe

The bug allows users to bypass privilege restrictions to execute commands as root.

Stále častěji se kybernetičtí útočníci zaměřují na počítače průmyslově řídicích systémů (ICS) v energetickém sektoru. V prvním pololetí letošního roku zachytili bezpečnostní experti z antivirové společnosti Kaspersky útoky na téměř polovinu sledovaných počítačů. Mezi nejpočetnější hrozby se řadily červy, spyware a programy nelegálně těžící kryptoměny.

Introduction to Windows passwords Windows is the most common desktop platform currently in use. As a result, it is not uncommon for hackers to encounter a Windows password that they need to crack in order to gain access to a specific account on a machine or move laterally throughout the network. In the past, Windows […]

The post Ethical hacking: Breaking Windows passwords appeared first on Infosec Resources.

Ethical hacking: Breaking Windows passwords was first posted on October 15, 2019 at 8:03 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Introduction Have you ever wanted to use your cybersecurity know-how and skills to help organizations improve their information security and stamp out vulnerabilities? If so, the role of penetration tester is for you.  For those looking to obtain their first penetration tester role within an organization, do you know how to get to this role […]

The post Degree vs. certification: Entry-level penetration tester appeared first on Infosec Resources.

Degree vs. certification: Entry-level penetration tester was first posted on October 15, 2019 at 8:01 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Introduction Worms are a particularly virulent type of malware that has been around since the 1980s and wreaking havoc on infected systems ever since. Some believe that viruses and worms are the same thing, but this could not be less true: in fact, it is the differences between the two that make worms a unique, […]

The post Malware spotlight: What are worms? appeared first on Infosec Resources.

Malware spotlight: What are worms? was first posted on October 15, 2019 at 8:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Introduction Microsoft’s Windows operating system (OS) is possibly the most famous OS on Earth, and it is ubiquitous in the business world. But the Windows OS has also evolved since its first appearance, adding considerable security capabilities and features.  This article will show a brief history of Windows OS security development and refinement since Windows […]

The post Windows OS Security Brief History appeared first on Infosec Resources.

Windows OS Security Brief History was first posted on October 15, 2019 at 8:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

The flaw is a rare ‘unquoted path class’ described as "so thoroughly documented that you would expect programmers to be well aware..." But that's not the case.

The attack left customers unable to access key services for shipping and mailing, the company said.

Do you know Apple is sending iOS web browsing related data of some of its users to Chinese Internet company Tencent? I am sure many of you are not aware of this, neither was I, and believe me, none of us could expect this from a tech company that promotes itself as a champion of consumer privacy. Late last week, it was widely revealed that starting from at least iOS 12.2, Apple silently

Deepfake technology is becoming easier to create – and that’s opening the door for a new wave of malicious threats, from revenge porn to social-media misinformation.

Gone: Mastercard, Visa, PayPal, eBay, Stripe, Mercado Pago. Of six payments firms first involved in Libra, just one, PayU, remains.

Attention Linux Users! A new vulnerability has been discovered in Sudo—one of the most important, powerful, and commonly used utilities that comes as a core command installed on almost every UNIX and Linux-based operating system. The vulnerability in question is a sudo security policy bypass issue that could allow a malicious user or a program to execute arbitrary commands as root on a

Apple was quick to allay user concerns this weekend after someone spotted that it was working with Chinese company Tencent to check its users' website requests for malicious URLs.

Organizers said 100 leads were generated every 10 minutes by contestants using OSINT - open-source intelligence such as online searches.

In an effort to mitigate a large class of potential cross-site scripting issues in Firefox, Mozilla has blocked execution of all inline scripts and potentially dangerous eval-like functions for built-in "about: pages" that are the gateway to sensitive preferences, settings, and statics of the browser. Firefox browser has 45 such internal locally-hosted about pages, some of which are listed

More than 350 ethical hackers got together in cities across Australia on Friday for a hackathon in which they worked to cyber trace a missing face', in the first-ever capture the flag event devoted to finding missing persons. Learn more about this hackathon:

Ethics checks and balances within an organization lower risks for everyone involved. Learn more in an interesting The Next Web article: