Bleeping Computer

DECEMBER 29, 2023

Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log into users' accounts, even if an account's password was reset. [.]

Accountability 143

Accountability Malware Authentication Passwords 143

Malwarebytes

JANUARY 11, 2024

Hackers have found a way to gain unauthorized access to Google accounts, bypassing any multi-factor authentication (MFA) the user may have set up. To do this they steal authentication cookies and then extend their lifespan. It doesn’t even help if the owner of the account changes their password. Go to your Google Account.

Accountability 145

Accountability Authentication Passwords Malware 145

Security Affairs

MAY 30, 2023

PyPI is going to enforce two-factor authentication (2FA) for all project maintainers by the end of this year over security concerns. Due to security concerns, PyPI will be mandating the use of two-factor authentication (2FA) for all project maintainers by the end of this year. ” reads the announcement.

Authentication 89

Authentication Accountability Hacking Malware 89

Security Affairs

SEPTEMBER 15, 2021

Microsoft announced that users can access their consumer accounts without providing passwords and using more secure authentication methods. Microsoft says the feature will be rolled out over the coming weeks, it already provides passwordless methods to enterprise users since March 2021, and plans to roll out it for Azure AD accounts.

Authentication 102

Authentication Accountability Passwords Phishing 102

The Last Watchdog

JULY 24, 2023

Accessing vital information to complete day-to-day tasks at our jobs still requires using a password-based system at most companies. Not only are passwords vulnerable to brute force attacks, but they can also be easily forgotten and reused across multiple accounts. The next big thing is passwordless authentication.

Authentication 245

Authentication Passwords Phishing Social Engineering 245

The Last Watchdog

FEBRUARY 3, 2022

I currently have over 450 accounts that use passwords combined with a variety of two-factor authentication methods. Related: How the Fido Alliance enables password-less authentication. Only a dozen or so of my accounts get authenticated via self-hosted services. the address book web app). Scale to come.

Authentication 235

Authentication Passwords Accountability Technology 235

Malwarebytes

SEPTEMBER 22, 2023

Some T-Mobile customers logged into their accounts on Wednesday to find another customer’s billing and account information showing on their online dashboards. It said a "temporary system glitch" had misplaced some subscriber account information, causing it to appear on other subscribers’ profile pages.

Mobile 109

Mobile Data breaches Accountability Passwords 109

Malwarebytes

FEBRUARY 29, 2024

A vulnerability in Facebook could have allowed an attacker to take over a Facebook account without the victim needing to click on anything at all. In his search for an account takeover vulnerability, the four times Meta Whitehat award receiver started by looking at the uninstall and reinstall process on Android. There was one caveat.

Accountability 121

Accountability Passwords Authentication Risk 121

Security Boulevard

AUGUST 21, 2022

The post Multi-Factor Authentication Fatigue Attack, Signal Account Twilio Hack, Facebook and Instagram In-App Browser appeared first on The Shared Security Show. The post Multi-Factor Authentication Fatigue Attack, Signal Account Twilio Hack, Facebook and Instagram In-App Browser appeared first on The Shared Security Show.

Authentication 98

Authentication Accountability Hacking Ransomware 98

Malwarebytes

JANUARY 10, 2024

We have seen several high-profile accounts that were taken over on X (formerly Twitter) only to be used for cryptocurrency related promotional activities, like expressing the approval of exchange-traded funds (ETFs). The @SECGov X account was compromised, and an unauthorized post was posted. .” You’re all set.

Accountability 90

Accountability Scams Hacking Cryptocurrency 90

Malwarebytes

FEBRUARY 19, 2024

CISA (the Cybersecurity & Infrastructure Security Agency) has issued a cybersecurity advisory after the discovery of documents containing host and user information of a state government organization’s network environment—including metadata—on a dark web brokerage site. Restrict the use of multiple administrator accounts for one user.

Accountability 74

Accountability VPN Authentication Phishing 74

NetSpi Technical

FEBRUARY 28, 2024

This scalable service is well suited for high performance computing (HPC) applications, and easily integrates with the Storage Account service to support processing of large data sets. But as with any Azure service, misconfigurations (or issues with the service itself) can unintentionally expose sensitive information.

Accountability 96

Accountability Passwords Penetration Testing Authentication 96

Identity IQ

APRIL 10, 2024

AT&T Data Breach: How to Know If Your Information Has Been Exposed IdentityIQ More than 51 million people have had their personal information compromised in the recent AT&T data breach. The leaked customer information dates back to mid-2019 and earlier. What Should I Do if My Social Security Number Has Been Exposed?

Data breaches 95

Data breaches Identity Theft Passwords Password Management 95

Schneier on Security

OCTOBER 2, 2018

From Kashmir Hill : Facebook is not content to use the contact information you willingly put into your Facebook profile for advertising. This means that the junk email address that you hand over for discounts or for shady online shopping is likely associated with your account and being used to target you with ads.

Advertising 277

Advertising Authentication Accountability Adware 277

SecureWorld News

JUNE 21, 2023

Cybersecurity firm Group-IB recently uncovered a significant security breach involving ChatGPT accounts. These compromised accounts pose a serious risk to businesses, especially in the Asia-Pacific region, which has experienced the highest concentration of ChatGPT credentials for sale.

Accountability 122

Accountability Data collection Cyber threats Cybersecurity 122

Troy Hunt

OCTOBER 2, 2020

The vulnerability allow an attacker to hijack any account. I asked for technical detail so I could validated the authenticity of his claim and the info duly arrived. On a surface of it, things looked bad: complete account takeover with a very trivial attack. Full account takeover.

Accountability 363

Accountability Hacking Passwords InfoSec 363

Krebs on Security

FEBRUARY 4, 2021

Facebook, Instagram , TikTok , and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. Facebook said it targeted a number of accounts tied to key sellers on OGUsers, as well as those who advertise the ability to broker stolen account sales. THE MIDDLEMEN.

Accountability 299

Accountability Hacking Media Mobile 299

Security Affairs

AUGUST 31, 2023

Cisco is aware of attacks conducted by Akira ransomware threat actors targeting Cisco ASA VPNs that are not configured for multi-factor authentication. “This highlights the importance of enabling multi-factor authentication (MFA) in VPN implementations. . ” reads a post published by Cisco PSIRT. 200 and 162.35.92[.]242

Authentication 117

Authentication Ransomware VPN Hacking 117

SecureWorld News

JANUARY 10, 2024

Securities and Exchange Commission's (SEC) account on X (formerly Twitter) was briefly compromised on Tuesday, January 9, sending shockwaves through the cryptocurrency market and raising serious questions about the agency's cybersecurity practices. A fake announcement and market mayhem Shortly after 4 p.

Accountability 91

Accountability Hacking Marketing Cryptocurrency 91

Schneier on Security

DECEMBER 14, 2018

Attackers are targeting two-factor authentication systems: Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets' level of operational security, researchers with security firm Certfa Lab said in a blog post.

Authentication 205

Authentication Passwords Phishing Government 205

Hot for Security

MAY 19, 2021

Because it’s reported that a bogus Chrome add-on purporting to be “Microsoft Authenticator” successfully managed to sneak its way in, and duped hundreds of people into downloading it. Clearly it was an extension not to be trusted, and it’s good to know that it has since been pulled from the Chrome Web Store by Google.

Authentication 145

Authentication Accountability Software 145

Malwarebytes

AUGUST 4, 2023

In the phishing attacks the group leverages previously compromised Microsoft 365 instances, mostly owned by small businesses, to create new domains that look like technical support accounts. Once the target has done this, the attacker can use the gained access to further compromise the account. The company makes outbound support calls.

Authentication 91

Authentication Phishing Small Business Accountability 91

Malwarebytes

FEBRUARY 20, 2023

If you use text based authentication as an additional level of security for your Twitter account, you may be aware that this option will be reserved for paying Twitter Blue subscribers come mid-March. This post will explain how to enable app based authentication. Enabling app based 2 factor authentication 1. Click Next.

Authentication 66

Authentication Accountability Phishing Passwords 66

Security Affairs

SEPTEMBER 7, 2022

In the digital age, authentication is paramount to a strong security strategy. Which are the challenges of user authentication? In the digital age, authentication is paramount to a strong security strategy. User authentication seems easy, but there are inherent challenges to be aware of. User Authentication.

Authentication 98

Authentication Passwords Risk Education 98

Heimadal Security

MAY 4, 2022

As evidenced by multiple ongoing operations carried out by cybercriminals, phishing emails are increasingly targeting verified Twitter accounts with emails intended to collect their login information. On Twitter, a blue tick next to a user’s name indicates that the account has been verified. The post Watch Out!

Accountability 110

Accountability Phishing Authentication Cybersecurity 110

Security Affairs

JANUARY 4, 2024

An internet outage impacted Orange Spain after a hacker gained access to the company’s RIPE account to misconfigure BGP routing. The hacker, who uses the moniker ‘Snow’, gained access to the RIPE account of Orange Spain and misconfigured the BGP routing causing an internet outage. I have fixed your RIPE admin account security.

Internet 114

Internet Internet Accountability Passwords 114

Security Affairs

JANUARY 19, 2022

A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed threat actors to take over accounts. A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed attackers to take over accounts without having access to the victim’s phone, Varonis researchers reported.

Accountability 117

Accountability Authentication Passwords Data breaches 117

Malwarebytes

JANUARY 6, 2022

million customers have had their user accounts compromised in credential stuffing attacks. Credential stuffing is the automated injection of stolen username and password pairs in to website login forms, in order to fraudulently gain access to user accounts. Using a forum or social media account to send phishing messages or spam.

Passwords 137

Passwords Accountability Identity Theft Password Management 137

Pen Test Partners

SEPTEMBER 6, 2023

Several recent web application and API tests have revealed a common issue of responses containing too much data, and leaking sensitive and valuable information. In these cases, and many more, the common problem has been caused by the responses containing too much information, that simply did not need to be there.

Authentication 52

Authentication Accountability Encryption Software 52

Dark Reading

JANUARY 19, 2023

The credential-stuffing attack, likely fueled by password reuse, yielded personal identifiable information that can be used to verify the authenticity of previously stolen data.

Accountability 135

Accountability Authentication Passwords 135

Security Affairs

MAY 2, 2024

Threat actors breached the Dropbox Sign production environment and accessed customer email addresses and hashed passwords Cloud storage provider DropBox revealed that threat actors have breached the production infrastructure of the DropBox Sign eSignature service and gained access to customer information and authentication data.

Hacking 106

Hacking Authentication Passwords Accountability 106

eSecurity Planet

AUGUST 19, 2022

One new tactic hackers have been using is to steal cookies from current or recent web sessions to bypass multi-factor authentication (MFA). Even cloud infrastructures rely on cookies to authenticate their users. Browsers allow users to maintain authentication, remember passwords and autofill forms. How Hackers Steal Cookies.

Authentication 142

Authentication Password Management Passwords Malware 142

NetSpi Technical

FEBRUARY 28, 2024

This scalable service is well suited for high performance computing (HPC) applications, and easily integrates with the Storage Account service to support processing of large data sets. But as with any Azure service, misconfigurations (or issues with the service itself) can unintentionally expose sensitive information.

Accountability 52

Accountability Passwords Authentication 52

CyberSecurity Insiders

OCTOBER 29, 2021

A few simple changes to your devices and accounts can help discourage cyber criminals from trying to access your data. Giants like Facebook and Target have suffered breaches and password leaks, so it’s safe to say data from at least one of your online accounts could have been leaked. Getting started is easy. Prevent Data Breaches.

Passwords 141

Passwords Advertising Data breaches Accountability 141

Krebs on Security

MARCH 26, 2024

Assuming the user manages not to fat-finger the wrong button on the umpteenth password reset request, the scammers will then call the victim while spoofing Apple support in the caller ID, saying the user’s account is under attack and that Apple support needs to “verify” a one-time code.

Passwords 344

Passwords Accountability Engineering Phishing 344

Security Affairs

AUGUST 9, 2023

Cloud account takeover scheme utilizing EvilProxy hit over 100 top-level executives of global organizations EvilProxy was observed sending 120,000 phishing emails to over a hundred organizations to steal Microsoft 365 accounts. Proofpoint noticed a worrisome surge of successful cloud account compromises in the past five months.

Accountability 93

Accountability Phishing Authentication Architecture 93

Thales Cloud Protection & Licensing

OCTOBER 4, 2022

Cybersecurity Awareness Month: Resilient Multi-factor Authentication (MFA) and Strong Passwords. A CISA advisory highlights that, “MFA is one of the most important cybersecurity practices to reduce the risk of intrusions—according to industry research, users who enable MFA are up to 99% less likely to have an account compromised.”.

Authentication 127

Authentication Passwords Cybersecurity Data breaches 127