Microsoft is officially rolling out passkey support to all consumer accounts, allowing everyone who uses a Microsoft account to drop passwords for accessing it. After introducing passkeys to Windows 11 last year, Microsoft now expands this support, allowing users to generate passkeys across Windows, Android, and iOS platforms. This feature allows for seamless sign-ins to Microsoft accounts without entering a password each time. Instead, they can sign in using their face, fingerprint, PIN, or a security key as authentication methods. “Today, you can use a passkey to sign in to Microsoft apps a ..read more

LastPass has officially separated from its former parent company, GoTo, previously known as LogMeIn. GoTo announced its decision to spin off LastPass as an independent entity in December 2021, six years after acquiring the password management company. Now, LastPass will operate independently under a shareholder holding company named LMI Parent. The move follows several high-profile attacks the company faced, which propelled it to commit to enhancing its security protocols. “Together, we are all committed to delivering solutions that never compromise on security, quality, or performance ..read more

London Drugs, a major retail and pharmacy chain, has temporarily closed its stores across Western Canada following a cybersecurity breach reported on Sunday. The B.C.-based company announced the shutdown as a precautionary measure to safeguard against further damage after detecting the security incident. According to a statement issued to CBC News around 5:30 p.m. PT on Sunday, the company acted swiftly to address the attack. “At this time, we have no reason to believe that customer or employee data has been impacted,” the company reassured the public. The closures began abruptly after an ini ..read more

The popular cybersecurity company, Trend Micro, is introducing a new AI-powered security platform to combat widespread AI abuse. The introduction of publicly accessible models like ChatGPT and Gemini helped spark AI usage across the world and has already contributed to many helpful cybersecurity projects and new technologies. At the same time, hackers and other criminals use AI to make their attacks more complex and much harder to deal with. Attacks against companies and individuals are ramping up in number, putting pressure on governments and cybersecurity companies to take action. To combat ..read more

Microsoft is warning users that the Windows update released in April 2024 might lead to failures in VPN connections. Microsoft reported the issue on Tuesday on its health dashboard, explaining that Windows devices updated with KB5036893 on April 9, or the April 2024 non-security preview update, may experience VPN connection failures. The company is developing a fix, which will be included in a future release. The problem impacts several versions of Windows 11 and Windows 10, including Windows 11 versions 23H2, 22H2, 21H2, and Windows 10 versions 22H2 and 21H2, according to Microsoft. The ..read more

The US Federal Trade Commission (FTC) slammed major wireless carriers with hefty fines for illegally selling customer data. Verizon, T-Mobile, AT&T, and Sprint are facing roughly $200 million in fines for selling customer data without consent and not providing customers a method to opt out of the data selling or protect themselves from actions taken by the recipients of the data. During the Trump administration, the FCC Enforcement Bureau was tasked with researching these four corporations. A multi-year-long investigation found that these companies illegally harvested data from customers ..read more

Japanese police are faking fake gift cards in various convenience stores around the Fukui prefecture to help find and stop scammers. The Echizen Police are deploying these dummy cards to counter two of the most common online scams. The first is fake antivirus companies that charge for virus removal and the second is delinquent charge scams. The ladder typically sees criminals pretend to have given the victim too much money for a refund and demand the victim send them the money back. In both cases, hackers will instruct the victim to use a gift card so the transaction can’t be reversed or easi ..read more

Identity and access management services provider Okta reported a surge in credential stuffing attacks aimed at online services via anonymizers like residential proxies and The Onion Router (Tor) network. In credential stuffing attacks, hackers use stolen credentials — often sourced from previous data breaches, to attempt unauthorized access across multiple platforms. Bad actors usually use automated tools to input these credentials across numerous websites, hoping to capitalize on the common habit of password reuse. The strategy behind these attacks is a numbers game: by attempting enough log ..read more

Private Internet Access (PIA) announced it recently had its no-logs policy audited by a third-party cybersecurity firm. It’s also released a new version of its Android app, featuring a redesign and updates to the app’s underlying code. The security audit was conducted by Deloitte Audit Romania. The company reviewed PIA’s VPN server network and management systems and confirmed that PIA’s server configurations don’t allow for the identification of any individual user or tracking of specific online activities, per the company’s strict no-logs policy. “They verified that our configurations a ..read more

The number of ransomware cyberattacks and similar online extortion schemes soared 67% worldwide from 2022 to 2023, according to a new report released by cybersecurity firm NTT Security Holdings in April. The company’s 2024 Global Threat Intelligence Report stated that the firm had identified more than 5,000 cyber incidents across the globe in which victims lost money. The real number is likely much higher due to victims’ reluctance to report the crimes. “We expect [the number of ransomware attacks] to soar in 2024 as threat actors create more sophisticated attacks using artificial intelligenc ..read more