Threatpost

13 May 2021

• Beyond MFA: Rethinking the Authentication Key
  Tony Lauro, director of security technology and strategy at Akamai, discusses hardware security dongles and using phones to act as surrogates for them.
• Fresh Loader Targets Aviation Victims with Spy RATs
  The campaign is harvesting screenshots, keystrokes, credentials, webcam feeds, browser and clipboard data and more, with RevengeRAT or AsyncRAT payloads.
• Apple’s ‘Find My’ Network Exploited via Bluetooth
  The ‘Send My’ exploit can use Apple's locator service to collect and send information from nearby devices for later upload to iCloud servers.
• Five Critical Password Security Rules Your Employees Are Ignoring
  According to Keeper Security’s Workplace Password Malpractice Report, many remote workers aren’t following best practices for password security.
• Pipeline Update: Biden Executive Order, DarkSide Detailed and Gas Bags
  FBI/CISA warn about the RaaS network behind the Colonial hack, Colonial restarts operations, and researchers detail groups that rent the ransomware.
• Researchers Flag e-Voting Security Flaws
  Paper ballots and source-code transparency are recommended to improve election security.
• Telegram Fraudsters Ramp Up Forged COVID-19 Vaccine Card Sales
  A new type of fraud is spiking across the platform: Selling fake vax records to people who want to lie their way into places where proof of vaccine is required.
• Gig Workers Being Paid $500 for Payroll Passwords
  Argyle is paying workers to help hack payroll providers, researchers suspect.
• ‘FragAttacks’: Wi-Fi Bugs Affect Millions of Devices
  Wi-Fi devices going back to 1997 are vulnerable to attackers who can steal your data if they're in range.
• TeaBot Trojan Targets Banks via Hijacked Android Handsets
  Malware first observed in Italy can steal victims’ credentials and SMS messages as well as livestream device screens on demand.