CSO Magazine

MARCH 1, 2022

Risk-based authentication (RBA), also called adaptive authentication, has come of age, and it couldn’t happen fast enough for many corporate security managers. What is risk-based authentication? To read this article in full, please click here

Authentication 93

Authentication Risk Phishing Accountability 93

CSO Magazine

DECEMBER 2, 2022

Using multi-factor authentication (MFA) is one of the key components of an organizations Identity and Access Management (IAM) program to maintain a strong cybersecurity posture. To read this article in full, please click here

Authentication 111

Authentication Accountability Cybersecurity 111

Malwarebytes

JANUARY 6, 2022

million customers have had their user accounts compromised in credential stuffing attacks. Credential stuffing is the automated injection of stolen username and password pairs in to website login forms, in order to fraudulently gain access to user accounts. Using a forum or social media account to send phishing messages or spam.

Passwords 140

Passwords Accountability Identity Theft Password Management 140

Adam Levin

OCTOBER 10, 2018

High-profile Instagram accounts are being targeted by ransomware attacks and phishing schemes, with evidence suggesting that many account holders are paying the attackers. W]e will have to delete your account within 3 hours,” the hackers’ message adds, threatening to wipe out the account if the ransom isn’t paid.

Accountability 195

Accountability Ransomware Phishing Media 195

CSO Magazine

JULY 26, 2022

Helsinki-based cybersecurity vendor WithSecure (formerly F-Secure Business) says it has discovered an operation, dubbed “DUCKTAIL,” that uses social media-based spear phishing attacks to gain access to Facebook Business accounts. Previous attacks targeting Facebook did not target Facebook Business accounts in particular.

Accountability 80

Accountability Malware Media Phishing 80

Graham Cluley

JULY 27, 2021

Twitter has revealed that the vast majority of its users have ignored advice to protect their accounts with two-factor authentication (2FA) - one of the simplest ways to harden account security. Read more in my article on the Hot for Security blog.

Authentication 98

Authentication Account Security Accountability Phishing 98

The State of Security

AUGUST 28, 2022

Most of us already know the basic principle of authentication, which, in its simplest form, helps us to identify and verify a user, process, or account. The post How to Prevent High Risk Authentication Coercion Vulnerabilities appeared first on The State of Security.

Authentication 83

Authentication Risk Accountability 83

Duo's Security Blog

APRIL 8, 2024

It is a well-known and established point that a password alone is not enough to secure an account. That’s where multi-factor authentication (MFA) comes in. But what if an attacker can just send that authentication request to their own personal phone? This type of attack is known as Account Manipulation: Device Registration.

Authentication 111

Authentication Accountability Risk Phishing 111

Malwarebytes

JULY 27, 2023

The CVE assigned to this vulnerability is: CVE-2023-35078 ( CVSS score 10 out of 10): Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, allows remote attackers to obtain Personally Identifiable Information (PII) , add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild.

Mobile 91

Mobile Authentication Government Software 91

Malwarebytes

SEPTEMBER 7, 2023

An investigation by Microsoft has finally revealed how China-based hackers circumvented the protections of a "highly isolated and restricted production environment" in May 2023 to unlock sensitive email accounts belonging to US government agencies.

Authentication 135

Authentication Accountability Government Passwords 135

Zigrin Security

JULY 19, 2023

In this comprehensive guide, we’ll explore the importance of web application penetration testing, focusing primarily on uncovering authentication bypass vulnerabilities with an example vulnerability that Dawid found in Cerebrate using the /open prefix. !

Authentication 52

Authentication Penetration Testing Cybersecurity Passwords 52

CSO Magazine

OCTOBER 6, 2022

These include a new Dark Web Insights tool that provides a breakdown of compromised passwords, a standalone authenticator app for enabling account multi-factor authentication (MFA), and a low-cost starter plan for small businesses. To read this article in full, please click here

Authentication 75

Authentication Small Business Password Management Passwords 75

CSO Magazine

APRIL 7, 2021

If the KRBTGT account password hash is stolen or broken with an attack, the attackers can then grant themselves full access to your network with the necessary authentication. To read this article in full, please click here (Insider Story) Active Directory (AD) uses the KRBTGT in the AD domain for Kerberos tickets.

Passwords 90

Passwords Accountability Authentication 90

Malwarebytes

SEPTEMBER 13, 2022

Steam users are once again under threat from a particularly sneaky tactic used to steal account details. As with so many Steam attacks currently, it accommodates for the possibility of users relying on Steam Guard Mobile Authentication for additional protection. These requests often come from compromised accounts themselves.

Phishing 95

Phishing Accountability Scams Mobile 95

Security Boulevard

AUGUST 28, 2022

Most of us already know the basic principle of authentication, which, in its simplest form, helps us to identify and verify a user, process, or account. The post How to Prevent High Risk Authentication Coercion Vulnerabilities appeared first on The State of Security.

Authentication 52

Authentication Risk Accountability 52

Hacker's King

MAY 20, 2023

Two-factor authentication (2FA) has become an essential security measure in the digital age. By combining something you know(like a password) with something you have(such as a verification code), 2FA adds an extra layer of protection to your online accounts. However, like any security system, 2FA is not foolproof.

Authentication 52

Authentication Social Engineering Spyware Engineering 52

Schneier on Security

AUGUST 7, 2023

The hackers used forged authentication tokens to access user email, using a stolen Microsoft Azure account consumer signing key. News articles. A bunch of networks, including US Government networks , have been hacked by the Chinese. Congress wants answers.

Authentication 232

Authentication Government Hacking Accountability 232

Identity IQ

JULY 3, 2023

How to Detect and Respond to Account Misuse IdentityIQ As digital connectivity continues to grow, safeguarding your online accounts from misuse is becoming increasingly crucial. Account misuse can result in alarming repercussions, including privacy breaches, financial losses, and identity theft.

Accountability 52

Accountability Identity Theft Passwords Social Engineering 52

Schneier on Security

JANUARY 21, 2020

SIM hijacking -- or SIM swapping -- is an attack where a fraudster contacts your cell phone provider and convinces them to switch your account to a phone that they control. Since your smartphone often serves as a security measure or backup verification system, this allows the fraudster to take over other accounts of yours.

Authentication 289

Authentication Wireless Backups Accountability 289

Identity IQ

JULY 31, 2023

Financial Account Fraud: The Growing Threat and How to Protect Yourself IdentityIQ With the significant and growing dependence of online platforms for financial transactions, financial account fraud is becoming a growing concern. Often, account takeover criminals will try to go unnoticed.

Accountability 52

Accountability Identity Theft Banking Passwords 52

Malwarebytes

MAY 26, 2021

You may decide to delete your Twitter account, because social media isn’t for everyone. Perhaps you set up an account to see what the big deal is. Whatever your reason, if you’re looking to delete your account, you’ve come to the right place. How to delete your Twitter account permanently. Twitter account deactivation.

Accountability 95

Accountability Mobile Internet Internet 95

Malwarebytes

DECEMBER 9, 2022

Epic have made some alterations to how accounts for kids work , with multiple features disabled for what are now known as “ Cabined Accounts ” If your children are big fans of Epic games like Fortnite and Rocket League, you may well have worried about their gaming interactions with other players at some point.

Accountability 76

Accountability Social Engineering Media Marketing 76

Joseph Steinberg

JANUARY 26, 2022

To do so, they ask you to perform a form of Google authentication in which, to confirm your identity, you need to provide them with a number that will be sent to your phone by either text or voice message. As such, the criminal’s request may seem innocuous, when it is anything but. What if you already were scammed?

Scams 316

Scams Authentication Accountability Artificial Intelligence 316

Malwarebytes

JULY 11, 2023

Like all social media platforms, Facebook constantly has to deal with fake accounts, scams and malware. In the past few weeks, there's been a resurgence in sponsored posts and accounts that impersonate Meta/Facebook's own Ads Manager. In early June, we identified fraudulent accounts running the same scam using similar lures.

Accountability 88

Accountability Scams Malware Advertising 88

CSO Magazine

JULY 18, 2022

Stytch, a company founded to spread the adoption of passwordless authentication, has announced what it's calling a modern upgrade to passwords. The cloud-based solution addresses four common problems with passwords that create security risks and account friction. Account de-duplicating. Password reuse. Better reset.

Passwords 119

Passwords Authentication Accountability Risk 119

NetSpi Technical

JANUARY 18, 2024

This article is co-authored by Gabe Rust. In this article we’ll explore security risks of TOTP and an alternative 2FA method to increase security. Time-Based One-Time Password (TOTP) Time-Based One-Time Password (TOTP) is a common two-factor authentication (2FA) mechanism used across the internet. But then it struck me.

Authentication 115

Authentication Passwords Accountability Penetration Testing 115

The State of Security

JANUARY 14, 2021

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to companies to better protect their cloud-based accounts after several recent successful attacks. Read more in my article on the Tripwire State of Security blog.

Authentication 89

Authentication Accountability Cybersecurity Phishing 89

CSO Magazine

MARCH 24, 2023

The attacks can be executed remotely without authentication because MLflow doesn't implement authentication by default and an increasing number of MLflow deployments are directly exposed to the internet. To read this article in full, please click here It's pretty brutal."

CSO 111

CSO Authentication Engineering Internet 111

Krebs on Security

MARCH 16, 2021

Lucky225 showed how anyone could do the same after creating an account at a service called Sakari , a company that helps celebrities and businesses do SMS marketing and mass messaging. From there, the attacker can reset the password of any account which uses that phone number for password reset links.

Telecommunications 359

Telecommunications Mobile Wireless Accountability 359

Schneier on Security

MARCH 19, 2021

Too many networks use SMS as an authentication mechanism. Once the hacker is able to reroute a target’s text messages, it can then be trivial to hack into other accounts associated with that phone number. In this case, the hacker sent login requests to Bumble, WhatsApp, and Postmates, and easily accessed the accounts.

Authentication 292

Authentication Accountability Mobile Advertising 292

Identity IQ

MAY 7, 2021

What is Account Takeover? Account takeover, also known as ATO, is a form of identity theft in which a malicious third party gains access to or “takes over” an online account. One of the primary reasons behind this massive rise in account takeover is the relative ease with which it can be done. Account Takeover Prevention.

Accountability 105

Accountability Data breaches Passwords Social Engineering 105

CSO Magazine

AUGUST 4, 2021

There is considerable interest in going passwordless and adopting biometric authentication for application access. IT decision makers expressed concerns around the security of passwordless methods, especially in comparison with multifactor authentication (MFA). To read this article in full, please click here

Authentication 136

Authentication Accountability 136

CSO Magazine

SEPTEMBER 29, 2021

Two-factor authentication (2FA) has been widely adopted by online services over the past several years and turning it on is probably the best thing users can do for their online account security. To read this article in full, please click here

Authentication 136

Authentication Cybercrime Passwords Accountability 136

The State of Security

MAY 27, 2021

Are you doing enough to prevent scammers from hijacking your social media accounts? Read more in my article on the Tripwire State of Security blog.

Cryptocurrency 131

Cryptocurrency Scams Media Authentication 131

CSO Magazine

JUNE 3, 2021

Multi-factor authentication (MFA) continues to embody both the best and worst of business IT security practice. As Roger Grimes wrote in this article about two-factor hacks three years ago, when MFA is done well it can be effective, but when IT managers take shortcuts it can be a disaster.

Hacking 122

Hacking Accountability Authentication 122

CSO Magazine

MARCH 9, 2023

GitHub has begun its official rollout of two-factor authentication (2FA) for developers who contribute code to the platform to enhance the security of accounts and the software supply chain. To read this article in full, please click here

Mobile 104

Mobile Software Authentication Accountability 104

Duo's Security Blog

JANUARY 23, 2024

In 2023, the United States National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) released the Top 10 Cybersecurity Misconfigurations advisory, with #7 highlighting “Weak or misconfigured multifactor authentication (MFA) methods.” You’ll have to account for any human verification as a possible risk factor.

Authentication 71

Authentication Accountability CISO Technology 71