I have been busy writing for them this week, and since there is Black Hat and DEFCON in Vegas, there is a lot of news to share. Here is a recap of what I have posted.
- F5 announces new mobile app security protection
- Two new cybercrime takedowns show the global nature of these criminals and the effort involved in bringing them to justice.
- Google has promised its latest Android v.14 mobile OS will have some new security features. That is the good news. It will take time to percolate throughout their ecosystem, it is just for enterprise users, and you’ll probably need a new phone.
- The EvilProxy malware construction kit makes it easier for phishing attackers to ply their trade, and there has been a rise in such attacks according to Proofpoint telemetry. I do cite an interesting case of how Discuss (the vendor behind the popular software tool) took these MFA bypass threats to heart and spent the last year or so upgrading its authentication to using Yubico FIDO2 hardware keys.
- A new report examining the results of millions of threat simulations using Picus tools found there is plenty of room for improvement — not surprising. But the comparative analysis is worth reading in my post.
- If you think you are safe from your keystrokes being stolen, this article that shows the sound of your typing can be used to re-create your text under some extreme circumstances.
- CISA has issued warnings about malicious boot loaders taking control over UEFI firmware. Sadly, getting to the root of the problem (sorry) isn’t going to be easy.
- Finally, last week I wrote a nice analysis piece about the progress of payment tech. There has been a lot of progress since I first started covering this market sector back in the 1990s.