Google Security Vulnerability Allowed Two-Step Verification Bypass
Researchers at Duo Security detailed an attack that could have allowed a hacker to hijack a user's Google account
Google has fixed a security hole that permitted attackers to potentially bypass the company's two-step verification feature and take over user accounts.
According to Duo Security, the vulnerability rested in the way application-specific passwords (ASPs) were used for applications that do not support logins using two-step verification. Designed with an eye towards improving account security, two-step verification provides users with a special code via text message or phone call when they attempt to log on to their Google account. The user will then have to enter that code as well in order to log in.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.