In a joint effort to make the web more secure and usable for all, Apple, Google and Microsoft today announced plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. The new capability will allow websites and apps to offer consistent, secure, and easy passwordless sign-ins to consumers across devices and platforms. Password-only authentication is one of the biggest security problems on the web, and managing so many passwords is cumbersome for consumers, which often leads consumers to reuse the same ones across services. This practice can lead to costly account takeovers, data breaches, and even stolen identities. While password managers and legacy forms of two-factor authentication offer incremental improvements, there has been industry-wide collaboration to create sign-in technology that is more convenient and more secure.

The expanded standards-based capabilities will give websites and apps the ability to offer an end-to-end passwordless option. Users will sign in through the same action that they take multiple times each day to unlock their devices, such as a simple verification of their fingerprint or face, or a device PIN. This new approach protects against phishing and sign-in will be radically more secure when compared to passwords and legacy multi-factor technologies such as one-time passcodes sent over SMS.

SonicWall, the publisher of the world's most quoted ransomware threat intelligence, today released the 2022 SonicWall Cyber Threat Report. The bi-annual report details a sustained meteoric rise in ransomware with 623.3 million attacks globally. Nearly all monitored threats, cyberattacks and malicious digital assaults rose in 2021 including: ransomware, encrypted threats, IoT malware and cryptojacking. "Cyberattacks become more attractive and potentially more disastrous as dependence on information technology increases," said SonicWall President and CEO Bill Conner. "Securing information in a boundless world is a near impossible and thankless job, especially as the boundaries of organizations are ever-expanding to limitless endpoints and networks."

SonicWall Capture Labs threat researchers diligently tracked the dramatic rise in ransomware, recording an astounding 318.6 million more ransomware attacks than 2020, a 105% increase. Ransomware volume has risen 232% since 2019. High-profile ransomware attacks impacted businesses, state and federal governments, schools, hospitals and even individuals. Attacks hit supply chains, causing widespread system downtime, economic loss and reputational damage. Following global trends, all industries faced large increases of ransomware volume, including government (+1,885%), healthcare (755%), education (152%) and retail (21%).

In today's world, data breaches, phishing attacks, malware, and exploits are a daily occurrence. We are all familiar with the typical phishing emails that grace our inbox day in day out. You might even get a phone call from a fake Microsoft tech support employee, who attempts to gain access to your system. However, in our always-online world, it is a bit surprising to hear about hackers that would decide to use snail mail. In what will likely elicit a few giggles, U.S. state and local government agencies, along with the Multi-State Information Sharing and Analysis Center (MS-ISAC) have issued an alert, in what I can only describe as an attack from the stone age; malware infested CDs.

The cryptocurrency phenomenon and the growth of a keen audience of cryptocurrency owners was never going to go unnoticed by cyber-criminals. To achieve their nefarious goals they typically use classical phishing techniques, however these often go beyond the 'ordinary' scenarios we have become familiar with. By drawing inspiration from ICO (initial coin offering) investments and the free distribution of crypto coins, cyber criminals have been able to profit from both avid cryptocurrency owners and rookies alike.

Some of the most popular targets are ICO investors, who seek to invest their money in start-ups in the hope of gaining a profit in the future. For this group of people, cyber-criminals create fake web pages that simulate the sites of official ICO projects, or try to gain access to their contacts so they can send a phishing email with the number of an e-wallet for investors to send their cryptocurrency to. The most successful attacks use well-known ICO projects. For example, by exploiting the Switcheo ICO using a proposal for the free distribution of coins, criminals stole more than $25,000 worth of cryptocurrency after spreading the link through a fake Twitter account.

A Malwarebytes report calls attention to the latest occurrence in the inevitable trend that that ensues a particular security vulnerability being given coverage by the media. As users' attention to the vulnerability is heightened, so is their search for a solution, for a way to reduce the risk of exposition. Hence, users search for patches; and hence, some fake patches surface that take advantage of the more distracted, or less informed, of those who really just want to be left at peace.

Case in point: Malwarebytes has identified a recently-registered domain that is particularly targeting German users (remember: you can be next; it's just a matter of Google translating the page for it be targeting you as well). The website is offering an information page with various links to external resources about Meltdown and Spectre and how it affects processors, and is affiliated with the German Federal Office for Information Security (BSI) - all good, right?

Cryptojacking is a new phenomenon, which was popularized by ThePirateBay embedding its website with a Javascript-based crypto-currency miner. It quickly sprung up the debate on whether crypto-currency miners hidden into web-pages could become the revenue model of the future, replacing online advertising or paid subscriptions. Some commentators argue that it's fine as long as users are made sufficiently aware that a website is embedding a miner, and is presented with a choice between ads and the miner. Others were steadfast against the idea as heavy Internet browsing (across multiple tabs), could bring down computers to a crawl, and have a more than tangible impact on electricity bills.

According to an ArsTechnica report, there could be at least 2,500 websites out there, with embedded crypto-currency miners that are hidden from the users. Willem de Groot, an independent cybersecurity researcher told the publication that he estimates JS miners may have proliferated to 2,496 websites, and its adoption is on the rise. Some dishonest websites embed miners as a revenue source in addition to ads and sponsored content. At the heart of the controversy is Coinhive. This company sells easy-to-integrate crypto-currency miners that can be embedded into websites as a revenue source. The company is on a marketing overdrive, writing to siteops and bloggers to spread their miners.

US Federal Communications Commission (FCC) chairman sought "smart, practical, voluntary solutions", without mandating his own, for internet service providers (ISPs) to fight online fraud and data theft. Chairman Julius Genachowski estimated that 8.4 million credit-card details are stolen online, each year. "If consumers lose trust in the Internet, this will suppress broadband adoption and online commerce and communication, and all the benefits that come with it," Genachowski said in a speech. The FCC feels ISPs can come up with solutions that prevent client PCs in the US from being forced into malicious botnets by hackers, without having to encroach upon users' privacy.

Genachowski urged ISPs to adopt DNSSEC, a system that ensures people accessing sensitive sites such as their banks' online transaction portals go to the right address, and not redirected to a fraudulent password phishing site. "To be effective, everyone who is a part of the Internet ecosystem must play a meaningful role in ensuring that private and government networks, and personal computers and devices are secured," said Comcast/NBCUniversal President Kyle McSlarrow in a blog posting. Comcast is one of America's biggest ISPs. This is an example of how threats to the sanctity of a productive internet can be defeated with highly-specific solutions that don't threaten privacy and freedoms, instead of broad-scoped legislations that potentially do.

Commtouch (NASDAQ: CTCH) today published an in-depth analysis of 2011 Facebook attacks within its Internet Threats Trend Report, a year-end synopsis of Internet threats. The report and infographic present a comprehensive analysis of scores of malicious Facebook activities during the past year, as identified by Commtouch Labs. Affiliate marketing sites are the final destination in three-fourths of all Facebook deceptions, according to the report. Visitors to these sites are induced to fill out surveys that generate affiliate payments for the scammers, victimizing legitimate businesses that pay affiliate fees.

Users are induced to click on the scams through social engineering tactics such as free merchandise offers, celebrity news, new (fake) Facebook applications, or simply a trusted friend sending a message stating: "You have to see this!" After users first click on the scams, malware or malicious scripts are to blame for the further spread of slightly over half the analyzed scams, with those falling into three main categories: likejacking, rogue applications, and malware or "self-XSS," each of which is described in the report.

Windows 8 implements a radical new user interface called Metro for desktop PC's, which has so far received a mixed reception. However, there's many other changes under the hood and one of those is how password security is handled, which we look at here. It's a fact of life, that in today's modern world, we have to remember a plethora of passwords and PIN's, which can be daunting. This leads to security issues as users end up writing down passwords and/or create very insecure ones which can be easily guessed. Windows 8 aims to uphold strong password security, while at the same time, easing the burden on the user. Also, passwords can be obtained in various ways by miscreants, such as phishing, keylogging, guessing, and cracking. Windows addresses each of these problems in three main ways: