Cyber Security Informer

What Is Two-Factor Authentication (2FA) and Why Should You Use It?

IT Security Guru

OCTOBER 26, 2023

Enter Two-Factor Authentication, or 2FA for short. What Exactly is 2FA? Think of 2FA as a very selective bouncer that only lets VIPs into the exclusive club that is Your Online Life. It’s a security method that requires you to present not one but two forms of ID before granting you access.

Authentication

Authentication Passwords Mobile VPN

“Substantial proportion” of Americans may have had health and personal data stolen in Change Healthcare breach

Malwarebytes

APRIL 23, 2024

Meanwhile the company says it has made strong progress restoring services impacted by the event and is prioritizing the restoration of services that impact patient access to care or medication. Better yet, let a password manager choose one for you. Enable two-factor authentication (2FA).

Healthcare

Healthcare Identity Theft Passwords Data breaches

Store manager admits SIM swapping his customers

Malwarebytes

MARCH 19, 2024

A 42-year-old manager at an unnamed telecommunications company has admitted SIM swapping customers at his store. For that reason, SIM swapping can be used to get around two-factor authentication (2FA) codes sent by SMS message. Contact the account provider if you find you no longer have access yourself.

Social Engineering

Social Engineering Computers and Electronics Mobile Identity Theft

2FA bypass in cPanel potentially exposes tens of millions of websites to hack

Security Affairs

NOVEMBER 24, 2020

2FA bypass discovered in web hosting software cPanel. More than 70 million sites are managed via cPanel software, according to the company. Researchers discovered a major issue in cPanel that could be exploited by attackers to bypass two-factor authentication for cPanel accounts. “ Digital Defense, Inc. ,

Hacking

Hacking Authentication Accountability Software

Comcast’s Xfinity breached by Citrix Bleed; 36 million customer’s data accessed

Malwarebytes

DECEMBER 21, 2023

During the data breach the attackers were able to access 35.8 On October 25, 2023, Xfinity discovered suspicious activity and subsequently determined that between October 16 and 19 unauthorized access to its internal systems occured. Better yet, let a password manager choose one for you. Enable two-factor authentication (2FA).

Data breaches

Data breaches Passwords Identity Theft Phishing

Okta breach happened after employee logged into personal Google account

Malwarebytes

NOVEMBER 7, 2023

Okta says it found that from September 28 to October 17, 2023 an attacker had unauthorized access to files inside Okta’s customer support system associated with 134 Okta customers. To gain access to that service account, the attacker compromised an Okta employee. Better yet, let a password manager choose one for you.

Accountability

Accountability Passwords Data breaches Phishing

Turn on MFA Before Crooks Do It For You

Krebs on Security

JUNE 19, 2020

Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. Both are avid gamers on Microsoft’s Xbox platform, and for years their father managed their accounts via his own Microsoft account.

Authentication

Authentication Accountability Passwords Mobile

Discord.io confirms theft of 760,000 members' data

Malwarebytes

AUGUST 16, 2023

has confirmed the authenticity of the breach, by an entity acting under the name Akhirah. directly and we do not have access to or control of information in Discord.io's custody.” directly and we do not have access to or control of information in Discord.io's custody.” Enable two-factor authentication (2FA).

Data breaches

Data breaches Authentication Passwords Phishing

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication.

Mobile

Mobile Phishing Authentication Accountability

23andMe says, er, actually some genetic and health data might have been accessed in recent breach

Malwarebytes

DECEMBER 4, 2023

The amendment says that an investigation showed that the attacker was able to directly access the accounts of roughly 0.1% The attacker accessed the accounts using credential stuffing which is where someone tries existing username and password combinations to see if they can log in to a service. Enable two-factor authentication (2FA).

Passwords

Passwords Identity Theft Accountability Data breaches

Twilio Breach Also Compromised Authy Two-Factor Accounts of Some Users

The Hacker News

AUGUST 29, 2022

Twilio, which earlier this month became a sophisticated phishing attack, disclosed last week that the threat actors also managed to gain access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service. It has since

Accountability

Accountability Phishing Authentication

Healthcare giant Norton breach leads to theft of millions of patient records

Malwarebytes

DECEMBER 12, 2023

While the attackers were in the system, Norton says, the sensitive data of the patients, and employees and their dependents was accessed. Better yet, let a password manager choose one for you. Enable two-factor authentication (2FA). 2FA that relies on a FIDO2 device can’t be phished.

Healthcare

Healthcare Identity Theft Passwords Data breaches

Mr. Cooper leaks personal data of 14 million loan and mortgage customers

Malwarebytes

DECEMBER 19, 2023

The data accessible during the attack included the names, addresses, phone numbers, Social Security numbers, dates of birth, and bank account numbers of Mr. Cooper’s customers. Better yet, let a password manager choose one for you. Enable two-factor authentication. Where possible, use a FIDO2 2FA device.

Data breaches

Data breaches Identity Theft Passwords Phishing

American Express warns customers about third party data breach

Malwarebytes

MARCH 5, 2024

American Express has sent affected customers a warning that “a third party service provider engaged by numerous merchants experienced unauthorized access to its system.” The accessed information includes account numbers, names, and card expiration dates. Better yet, let a password manager choose one for you.

Data breaches

Data breaches Passwords Accountability Identity Theft

Attackers impersonate CircleCI platform to compromise GitHub accounts

Security Affairs

SEPTEMBER 25, 2022

Threat actors target GitHub users to steal credentials and two-factor authentication (2FA) codes by impersonating the CircleCI DevOps platform. GitHub is warning of an ongoing phishing campaign targeting its users to steal credentials and two-factor authentication (2FA) codes by impersonating the CircleCI DevOps platform.

Accountability

Accountability Phishing Authentication Passwords

T-Mobile spills billing information to other customers

Malwarebytes

SEPTEMBER 22, 2023

Some users said they could access the information of several other subscribers and that they had complained about the issue before. These T-Mobile app users discovered that thei Bill tab was displaying someone else's account information, and allowed users to view and access the bill pages and profile settings of other customers.

Mobile

Mobile Data breaches Accountability Passwords

Reddit Breach Highlights Limits of SMS-Based Authentication

Krebs on Security

AUGUST 1, 2018

What’s interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security. “We point this out to encourage everyone here to move to token-based 2FA.”

Authentication

Authentication Mobile Passwords Accountability

Twitter and two-factor authentication: What's changing?

Malwarebytes

FEBRUARY 20, 2023

From March 19, users of Twitter won’t be able to use SMS-based two-factor authentication (2FA) unless they have a subscription to the paid Twitter Blue service. If you use text-based 2FA, the important thing here is not to worry. You can still use the authentication app and security key methods.

Authentication

Authentication Phishing Mobile Accountability

Android 7.0+ Phones Can Now Double as Google Security Keys

Krebs on Security

APRIL 11, 2019

Google this week made it easier for Android users to enable strong 2-factor authentication (2FA) when logging into Google’s various services. and higher can now be used as Security Keys , an additional authentication layer that helps thwart phishing sites and password theft.

Mobile

Mobile Authentication Passwords Accountability

Nude “before and after” photos stolen from plastic surgeon, posted online, and sent to victims’ family and friends

Malwarebytes

NOVEMBER 9, 2023

In February, cybercriminals gained access to Hankins & Sohn’s network, which has offices in both Henderson and Las Vegas. Better yet, let a password manager choose one for you. Enable two-factor authentication. Where possible, use a FIDO2 2FA device. Watch out for fake vendors.

Data breaches

Data breaches Identity Theft Passwords Phishing

1Password reports security incident after breach at Okta

Malwarebytes

OCTOBER 23, 2023

Password manager 1Password says it’s been affected by a breach at Okta , but it reports no user data has been stolen. Later it was confirmed that an attacker had accessed 1Password’s Okta environment using administrative privileges. Better yet, let a password manager choose one for you.

Password Management

Password Management Passwords Data breaches Phishing

Google: Security Keys Neutralized Employee Phishing

Krebs on Security

JULY 23, 2018

Security Keys are inexpensive USB-based devices that offer an alternative approach to two-factor authentication (2FA), which requires the user to log in to a Web site using something they know (the password) and something they have (e.g., a mobile device). The key works without the need for any special software drivers.

Phishing

Phishing Authentication Mobile Passwords

Top Unexpected Ways to Utilise a Password Manager for Enhanced Security and Organisation

IT Security Guru

JANUARY 22, 2024

Password managers have become integral tools for individuals and businesses alike. They are primarily known for securely saving and managing login credentials so users don’t have to remember them all or write them down, where they could be compromised.

Password Management

Password Management Passwords Banking Accountability

GUEST ESSAY: Stolen logons, brute force hacking get used the most to breach web, email servers

The Last Watchdog

AUGUST 29, 2022

Without strong, secure passwords or two-factor authentication ( 2FA ) enabled in an organization or startup, it becomes easy for attackers to access stolen credentials on their web and email servers. From the chart, it is evident that many intrusions exploit the basic (mis)management of identity.

Hacking

Hacking Passwords Password Management Data breaches

Joomla! vulnerability is being actively exploited

Malwarebytes

JANUARY 12, 2024

Content Management System (CMS) to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. Many companies, from small outfits to large enterprises, use a CMS in some form to manage their websites. Secure accounts with two-factor authentication ( 2FA ).

Passwords

Passwords Firewall Marketing Authentication

Watch out, this LastPass email with "Important information about your account" is a phish

Malwarebytes

SEPTEMBER 13, 2023

However, as convincing as it was, the email could not avoid the two red flags that allow anyone to spot almost any scam : A demand for personal information and an attempt to hurry the victim. LastPass is based on two fundamentaI principIes: the security and confidentiaIity of your personaI data. Use a password manager.

Phishing

Phishing Accountability Passwords Password Management

Safeguarding Your Privacy Online: Essential Tips and Best Practices

CyberSecurity Insiders

JUNE 5, 2023

Additionally, employ a password manager to securely store and generate unique passwords for each account. Enable Two-Factor Authentication: T wo-Factor Authentication (2FA) adds an extra layer of security by requiring you to provide an additional verification code, typically sent to your mobile device, when logging into an account.

Passwords

Passwords Encryption Media Banking

10 things to do to improve your online privacy

Malwarebytes

JANUARY 26, 2024

Set up two-factor authentication Do this for as many of your online accounts as you can, especially the major ones like your email and social media accounts. Two-factor authentication (2FA) adds an extra step of protection and makes it much harder for attackers to login as you.

Identity Theft

Identity Theft Password Management Passwords Accountability

AT&T Data Breach: How to Know If Your Information Has Been Exposed

Identity IQ

APRIL 10, 2024

This prevents creditors from accessing your credit report, making it difficult for fraudsters to open new accounts in your name. Consider using a reputable password manager to generate and store complex passwords securely. This alert notifies creditors to take extra steps in verifying your identity before extending credit in your name.

Data breaches

Data breaches Identity Theft Passwords Password Management

IDENTITY MANAGEMENT DAY 2023: Advice from Cyber Pros

CyberSecurity Insiders

APRIL 10, 2023

Tomorrow, April 11 is Identity Management Day. This day serves as an annual reminder to increase awareness and education for leaders, IT decision-makers and the general public on the importance of identity management. The dangers of improper management of digital identities are at an all-time high.

Identity Theft

Identity Theft Education Authentication Data breaches

GitHub addressed two major vulnerabilities in the NPM package manager

Security Affairs

NOVEMBER 16, 2021

Maintainers of the npm package manager for the JavaScript programming language disclosed multiple flaws that were recently addressed. GitHub disclosed two major vulnerabilities in the npm that have been already addressed. No other information, including the content of these private packages, was accessible at any time.

Authentication

Authentication Architecture Hacking Accountability

CircleCI: Malware stole GitHub OAuth keys, bypassing 2FA

Malwarebytes

JANUARY 17, 2023

Our investigation indicates that the malware was able to execute session cookie theft, enabling them to impersonate the targeted employee in a remote location and then escalate access to a subset of our production systems.". This is a kind of authentication cookie that is stored by a web browser after you successfully log in to a website.

Malware

Malware Authentication Antivirus Passwords

$800,000 recovered from Business Email Compromise attack

Malwarebytes

FEBRUARY 10, 2023

The Houston Chronicle reports that law enforcement seized $800,000 from a bank account used for pillaging funds from a construction management company. Once the attackers were inside the network with access to email, the BEC scheme was ready to begin. Use designated individuals and two-factor authentication for wire transfers.

Banking

Banking Phishing Accountability Authentication

10 Effective Ways to Prevent Compromised Credentials

Identity IQ

JULY 17, 2023

Cybercriminals are constantly evolving their tactics to get unauthorized access to sensitive data, and having your credentials compromised poses a significant threat. Data Breaches : Hackers exploit vulnerabilities in systems to gain access to a large number of user credentials.

Identity Theft

Identity Theft Password Management Passwords Authentication

10 Effective Ways to Prevent Compromised Credentials

Identity IQ

JULY 17, 2023

Cybercriminals are constantly evolving their tactics to get unauthorized access to sensitive data, and having your credentials compromised poses a significant threat. Data Breaches : Hackers exploit vulnerabilities in systems to gain access to a large number of user credentials.

Identity Theft

Identity Theft Password Management Passwords Authentication

Joomla! patches XSS flaws that could lead to remote code execution

Malwarebytes

FEBRUARY 23, 2024

posted details about four vulnerabilities it had fixed in its Content Management System (CMS), and one in the Joomla! Many companies, from small outfits to large enterprises, use a CMS in some form to manage their websites. This is a problem if you are changing the MFA method because you suspect there has been unauthorized access.

Authentication

Authentication Firewall Risk Marketing

Social Security Numbers leaked in ransomware attack on Ohio History Connection

Malwarebytes

AUGUST 29, 2023

During the attack, the cybercriminals may have had access to names, addresses, and Social Security Numbers (SSNs) of current and former OHC employees (from 2009 to 2023). Additionally, they may have gained access to W-9 reports and other records revealing the names and personal SSNs of vendors who contracted to provide services to OHC.

Ransomware

Ransomware Data breaches Passwords Phishing

Exposing the ransomware lie to “leave hospitals alone”

Malwarebytes

JANUARY 9, 2024

Better yet, let a password manager choose one for you. Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password.

Ransomware

Ransomware Passwords Backups Healthcare

Hardware-based PKI provides strong passwordless authentication

Thales Cloud Protection & Licensing

JULY 8, 2021

Hardware-based PKI provides strong passwordless authentication. PKI and Credential Management. Controlling access is at the heart of any enterprise security environment—making sure only those who have the appropriate permissions can access the data, enter the facilities, print a secure document, etc. PKI Management.

Authentication

Authentication Password Management Passwords Accountability

The Risk of Weak Online Banking Passwords

Krebs on Security

AUGUST 5, 2019

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. This targeting can occur in at least one of two ways. Image: Hold Security.

Banking

Banking Passwords Risk Password Management

ROUNDTABLE: Targeting the supply-chain: SolarWinds, then Mimecast and now UScellular

The Last Watchdog

FEBRUARY 3, 2021

21 disclosed how cybercriminals broke into its Customer Relationship Management (CRM) platform as a gateway to compromise the cell phones of an undisclosed number of the telecom giant’s customers. 6, some two days after the attackers gained unauthorized access. Andy Oehler, VP of Product Management, Zentry Security .

Phishing

Phishing Hacking Accountability Social Engineering

Microsoft Suffers Breach by Notorious SolarWinds Hackers

SecureWorld News

JANUARY 22, 2024

The breach, detected on January 12th, allowed the hackers to access email accounts belonging to members of Microsoft's senior leadership team. From there, the persistent threat actors stealthily moved laterally, ultimately accessing sensitive corporate emails and documents over the course of several months.

Passwords

Passwords Accountability Backups Hacking

0ktapus phishing campaign: Twilio hackers targeted other 136 organizations

Security Affairs

AUGUST 25, 2022

Threat actors behind the 0ktapus campaign aimed at obtaining Okta identity credentials and two-factor authentication (2FA) codes from users of the targeted organizations. Then the attackers could gain unauthorized access to any enterprise resources by using this information.

Phishing

Phishing Authentication Accountability Passwords

The NBA tells fans about data breach

Malwarebytes

MARCH 21, 2023

According to BleepingComputer the email read: We recently became aware that an unauthorized third party gained access to, and obtained a copy of, your name and email address, which was held by a third-party service provider that helps us communicate via email with fans who have shared this information with the NBA.

Data breaches

Data breaches Passwords Social Engineering Phishing

What Is Two-Factor Authentication (2FA) and Why Should You Use It?

“Substantial proportion” of Americans may have had health and personal data stolen in Change Healthcare breach

Trending Sources

Store manager admits SIM swapping his customers

2FA bypass in cPanel potentially exposes tens of millions of websites to hack

Comcast’s Xfinity breached by Citrix Bleed; 36 million customer’s data accessed

Okta breach happened after employee logged into personal Google account

Turn on MFA Before Crooks Do It For You

Discord.io confirms theft of 760,000 members' data

How 1-Time Passcodes Became a Corporate Liability

23andMe says, er, actually some genetic and health data might have been accessed in recent breach

Twilio Breach Also Compromised Authy Two-Factor Accounts of Some Users

Healthcare giant Norton breach leads to theft of millions of patient records

Mr. Cooper leaks personal data of 14 million loan and mortgage customers

American Express warns customers about third party data breach

Attackers impersonate CircleCI platform to compromise GitHub accounts

T-Mobile spills billing information to other customers

Reddit Breach Highlights Limits of SMS-Based Authentication

Twitter and two-factor authentication: What's changing?

Android 7.0+ Phones Can Now Double as Google Security Keys

Nude “before and after” photos stolen from plastic surgeon, posted online, and sent to victims’ family and friends

1Password reports security incident after breach at Okta

Google: Security Keys Neutralized Employee Phishing

Top Unexpected Ways to Utilise a Password Manager for Enhanced Security and Organisation

GUEST ESSAY: Stolen logons, brute force hacking get used the most to breach web, email servers

Joomla! vulnerability is being actively exploited

Watch out, this LastPass email with "Important information about your account" is a phish

Safeguarding Your Privacy Online: Essential Tips and Best Practices

10 things to do to improve your online privacy

AT&T Data Breach: How to Know If Your Information Has Been Exposed

IDENTITY MANAGEMENT DAY 2023: Advice from Cyber Pros

GitHub addressed two major vulnerabilities in the NPM package manager

CircleCI: Malware stole GitHub OAuth keys, bypassing 2FA

$800,000 recovered from Business Email Compromise attack

10 Effective Ways to Prevent Compromised Credentials

10 Effective Ways to Prevent Compromised Credentials

Joomla! patches XSS flaws that could lead to remote code execution

Social Security Numbers leaked in ransomware attack on Ohio History Connection

Exposing the ransomware lie to “leave hospitals alone”

Hardware-based PKI provides strong passwordless authentication

The Risk of Weak Online Banking Passwords

ROUNDTABLE: Targeting the supply-chain: SolarWinds, then Mimecast and now UScellular

Microsoft Suffers Breach by Notorious SolarWinds Hackers

0ktapus phishing campaign: Twilio hackers targeted other 136 organizations

The NBA tells fans about data breach

Stay Connected