Google Ditches Passwords in Latest Android Devices

Google has announced FIDO2 certification for devices running on Android 7 and above – meaning that users can use biometrics, fingerprint login or PINs instead of passwords.

Half of all Android users can now log into apps and websites on their devices – without having to remember a cumbersome password.

On Monday, Google and the Fast IDentity Online (FIDO) Alliance announced that devices running Android 7 or later are certified by the FIDO2 standard, meaning that users can forego using passwords and instead use their fingerprint or a PIN to log into browsers or apps on their devices.

When companies fight back against hackers

The deluge of cyberattacks sweeping across the world has governments and companies thinking about new ways to protect their digital systems, and the corporate and state secrets stored within.

For a long time, cybersecurity experts have erected firewalls to keep out unwanted traffic and set up decoy targets on their networks to distract hackers who do get in. They have also scoured the internet for hints about what cybercriminals might be up to next to better protect themselves and their clients.

Now, though, many leaders and officials are starting to think about stepping up their defensive activities, by taking more active measures. An extreme option within this field of active defense is sometimes called “hacking back” into an adversary’s systems to get clues about what they’re doing, shut down the attack or even delete data or otherwise damage an attacker’s computers.

Meeting the Threat in 2019: Cybersecurity for Financial Services

In September 2017, Equifax experienced an enormous data breach resulting from a cyberattack, with over 148 million people’s sensitive, personally-identifying information exposed. The hack that impacted Equifax resulted from a “failure to use well-known security best practices and a lack of internal controls and routine security reviews,” wrote Fortune.1

Just a few years before, in 2014, JP Morgan Chase experienced "the largest theft of customer data from a U.S. financial institution in history" up to that date, according to then-US Attorney for the Southern District of New York, Preet Bharara.2 This hack was executed by exploiting known vulnerabilities in computer programs used by the company in order to access valuable customer data. As a result of this hack, close to 76 million customers had their sensitive data jeopardized.

New Mac Malware Targets Cookies to Steal From Cryptocurrency Wallets

Mac users need to beware of a newly discovered piece of malware that steals their web browser cookies and credentials in an attempt to withdraw funds from their cryptocurrency exchange accounts.

Dubbed CookieMiner due to its capability of stealing cookies-related to cryptocurrency exchanges, the malware has specifically been designed to target Mac users and is believed to be based on DarthMiner, another Mac malware that was detected in December last year.

Uncovered by Palo Alto Networks' Unit 42 security research team, CookieMiner also covertly installs coin mining software onto the infected Mac machines to secretly mine for additional cryptocurrency by consuming the targeted Mac's system resources.