Schneier on Security

DECEMBER 15, 2020

This is interesting : Toward the end of the second incident that Volexity worked involving Dark Halo, the actor was observed accessing the e-mail account of a user via OWA. Logs from the Exchange server showed that the attacker provided username and password authentication like normal but were not challenged for a second factor through Duo.

Authentication 357

Authentication Passwords Accountability Network Security 357

Tech Republic Security

JULY 30, 2024

Hackers managed to expose “a few thousand” accounts by circumventing the verification process on Google Workspace.

Accountability 135

Accountability Authentication 135

Security Boulevard

APRIL 12, 2021

Earlier this month, our team wrote about the latest Facebook data breach and offered suggestions on how to improve your account security. Let's now walk through the steps you can take to enable two-factor authentication on your accounts.

Authentication 124

Authentication Accountability Data breaches Account Security 124

Duo's Security Blog

SEPTEMBER 5, 2024

Before diving into the specifics of dormant accounts, it's important to take a step back and discuss a prerequisite: gaining cross-platform visibility into identity and access management data. And finally, individual users often have multiple accounts (Gmail, Yahoo, etc.) Why are dormant accounts a risk?

Accountability 141

Accountability Risk Authentication Passwords 141

Malwarebytes

JULY 30, 2024

If you were trying to download the popular Google Authenticator (a multi-factor authentication program) via a Google search in the past few days, you may have inadvertently installed malware on your computer. Fake site leads to signed payload hosted on Github The fraudulent site chromeweb-authenticators[.]com

Authentication 125

Authentication Computers and Electronics Social Engineering Malware 125

Security Affairs

SEPTEMBER 15, 2021

Microsoft announced that users can access their consumer accounts without providing passwords and using more secure authentication methods. Microsoft says the feature will be rolled out over the coming weeks, it already provides passwordless methods to enterprise users since March 2021, and plans to roll out it for Azure AD accounts.

Authentication 102

Authentication Accountability Passwords Phishing 102

The Hacker News

SEPTEMBER 11, 2024

WordPress.org has announced a new account security measure that will require accounts with capabilities to update plugins and themes to activate two-factor authentication (2FA) mandatorily. Accounts with commit access can push updates and changes to plugins and themes used by millions of WordPress sites worldwide," the

Authentication 102

Authentication Accountability Account Security 102

Security Boulevard

OCTOBER 11, 2024

Passwordless Authentication without Secrets! This highlights an increasing demand for advanced authentication methods like passkeys and multi-factor authentication (MFA), which provide robust security for most use cases. Similarly, in retail and manufacturing, delays caused by authentication procedures reduce overall efficiency.

Authentication 69

Authentication Retail Healthcare Manufacturing 69

Security Affairs

MAY 30, 2023

PyPI is going to enforce two-factor authentication (2FA) for all project maintainers by the end of this year over security concerns. Due to security concerns, PyPI will be mandating the use of two-factor authentication (2FA) for all project maintainers by the end of this year. ” reads the announcement.

Authentication 86

Authentication Accountability Hacking Malware 86

Security Boulevard

MARCH 18, 2024

Last week, Microsoft said in an SEC filing that that information stolen in a hack of senior leaders’ email accounts is now being used to “gain or attempt to gain access” to company source code repositories and other internal systems. The post Protecting Against Attacks on NTLM Authentication appeared first on Security Boulevard.

Authentication 126

Authentication Phishing Accountability Hacking 126

Schneier on Security

DECEMBER 18, 2020

The NSA has published an advisory outlining how “malicious cyber actors” are “are manipulating trust in federated authentication environments to access protected data in the cloud.” From the summary : Malicious cyberactors are abusing trust in federated authentication environments to access protected data.

Authentication 363

Authentication Hacking Accountability Cybersecurity 363

Security Through Education

OCTOBER 7, 2024

One of the main topics emphasized during this month is Multi-Factor Authentication (MFA). What is Multi-Factor Authentication (MFA)? This way, even if someone manages to get hold of your password, they still have to pass additional security steps to access your account. And how can it help protect your personal information?

Authentication 52

Authentication Social Engineering Passwords Engineering 52

Malwarebytes

MAY 16, 2024

More and more websites and services are making multi-factor-authentication (MFA) mandatory, which makes it much harder for cybercriminals to access your accounts. A type of phishing we’re calling authentication-in-the-middle is showing up in online media. That’s a great thing. Consider passkeys.

Authentication 144

Authentication Phishing Password Management Scams 144

The Last Watchdog

MAY 24, 2022

Perhaps not coincidently, it comes at a time when enterprises have begun adopting passwordless authentication systems in mission-critical parts of their internal operations. Fortifications, such as multi-factor authentication (MFA) and password managers, proved to be mere speed bumps. Our brains just won’t do it.”. Coming advances.

Authentication 342

Authentication Passwords Banking Digital transformation 342

Bleeping Computer

MARCH 4, 2024

The hacking group known as TA577 has recently shifted tactics by using phishing emails to steal NT LAN Manager (NTLM) authentication hashes to perform account hijacks. [.]

Authentication 141

Authentication Phishing Accountability Hacking 141

Heimadal Security

AUGUST 13, 2021

According to the cloud-based hosting service provider GitHub, as of August 13th, 2021, account passwords are no longer accepted for validating Git operations. The announcement is not new as in July 2020 GitHub declared that all authenticated Git operations will necessitate the use of a private access token, OAuth token, or SSH key.

Authentication 117

Authentication Passwords Accountability Cybersecurity 117

Tech Republic Security

NOVEMBER 16, 2020

Follow these steps to better protect your Zoom account with a second layer of authentication.

Authentication 166

Authentication Accountability 166

The Last Watchdog

MAY 30, 2024

From MFA to biometrics, a lot has been done to reinforce user ID and password authentication — for human users. Service accounts have multiplied exponentially in recent years and become a prime target of threat actors, since little has been done to beef up protection. LW provides consulting services to the vendors we cover.)

Accountability 130

Accountability Small Business Insurance Authentication 130

The Last Watchdog

FEBRUARY 3, 2022

I currently have over 450 accounts that use passwords combined with a variety of two-factor authentication methods. Related: How the Fido Alliance enables password-less authentication. Only a dozen or so of my accounts get authenticated via self-hosted services. the address book web app). Scale to come.

Authentication 235

Authentication Passwords Accountability Technology 235

Bleeping Computer

AUGUST 12, 2021

GitHub has announced today that account passwords will no longer be accepted for authenticating Git operations starting tomorrow. [.].

Authentication 109

Authentication Passwords Accountability 109

The Last Watchdog

MAY 26, 2020

Doing authentication well is vital for any company in the throes of digital transformation. Related: Locking down ‘machine identities’ At the moment, companies are being confronted with a two-pronged friction challenge, when it comes to authentication. LW: Can you frame the separate issue of securing service accounts?

Authentication 280

Authentication Cloud Migration Accountability Digital transformation 280

Security Boulevard

OCTOBER 2, 2021

October is Cybersecurity Awareness Month so in this episode we discuss multi-factor authentication and the use of authenticator apps. Multi-factor authentication is one of the most important things that you can enable to secure your online accounts but its unfortunately overlooked by most people.

Authentication 121

Authentication Accountability Cybersecurity 121

Security Boulevard

AUGUST 21, 2022

The post Multi-Factor Authentication Fatigue Attack, Signal Account Twilio Hack, Facebook and Instagram In-App Browser appeared first on The Shared Security Show. The post Multi-Factor Authentication Fatigue Attack, Signal Account Twilio Hack, Facebook and Instagram In-App Browser appeared first on The Shared Security Show.

Authentication 98

Authentication Accountability Hacking Ransomware 98

Bleeping Computer

MARCH 25, 2024

Cybercriminals have been increasingly using a new phishing-as-a-service (PhaaS) platform named 'Tycoon 2FA' to target Microsoft 365 and Gmail accounts and bypass two-factor authentication (2FA) protection. [.]

Phishing 143

Phishing Accountability Authentication 143

Malwarebytes

JANUARY 11, 2024

Hackers have found a way to gain unauthorized access to Google accounts, bypassing any multi-factor authentication (MFA) the user may have set up. To do this they steal authentication cookies and then extend their lifespan. It doesn’t even help if the owner of the account changes their password. Go to your Google Account.

Accountability 145

Accountability Authentication Passwords Malware 145

The Last Watchdog

JULY 24, 2023

Not only are passwords vulnerable to brute force attacks, but they can also be easily forgotten and reused across multiple accounts. The next big thing is passwordless authentication. First and foremost, most solutions rely on connected devices like mobile phones to authenticate users. They are simply not good enough.

Authentication 245

Authentication Passwords Social Engineering Phishing 245

Security Affairs

MAY 22, 2024

A critical security vulnerability in Veeam Backup Enterprise Manager could allow threat actors to bypass authentication. A critical vulnerability, tracked as CVE-2024-29849 (CVSS score: 9.8), in Veeam Backup Enterprise Manager could allow attackers to bypass authentication.

Backups 105

Backups Authentication Accountability Software 105

Bleeping Computer

NOVEMBER 7, 2023

Microsoft has introduced a new protective feature in the Authenticator app to block notifications that appear suspicious based on specific checks performed during the account login stage. [.]

Authentication 137

Authentication Accountability 137

The Last Watchdog

SEPTEMBER 24, 2024

Rather, we should treat SSN as just another piece of personally identifiable information (PII) like an email address – confidential information but not a sensitive one that unlocks your bank accounts. Governments can create a digital identity at birth to replace SSN in its current use. That identity is tied to specific vendors.

Authentication 215

Authentication Identity Theft Banking Data breaches 215

Bleeping Computer

DECEMBER 29, 2023

Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log into users' accounts, even if an account's password was reset. [.]

Accountability 138

Accountability Malware Authentication Passwords 138

The Hacker News

MAY 7, 2024

Google on Monday announced that it's simplifying the process of enabling two-factor authentication (2FA) for users with personal and Workspace accounts. Also called, 2-Step Verification (2SV), it aims to add an extra layer of security to users' accounts to prevent takeover attacks in case the passwords are stolen.

Authentication 116

Authentication Accountability Passwords 116

Security Affairs

APRIL 12, 2024

Roku announced that 576,000 accounts were compromised in a new wave of credential stuffing attacks. Roku announced that 576,000 accounts were hacked in new credential stuffing attacks, threat actors used credentials stolen from third-party platforms. Then, they enter those accounts to abuse permissions, siphoning out data, or both.

Accountability 114

Accountability Passwords Data breaches Authentication 114

Tech Republic Security

MARCH 9, 2023

Over the next nine months, the largest internet hosting service for software development and collaboration will make all code contributors add another layer of electronic evidence to their accounts. The post GitHub rolling out two-factor authentication to millions of users appeared first on TechRepublic.

Authentication 151

Authentication Internet Internet Software 151

The Hacker News

JANUARY 18, 2022

Cybersecurity researchers have disclosed details of a now-patched bug in Box's multi-factor authentication (MFA) mechanism that could be abused to completely sidestep SMS-based login verification.

Authentication 98

Authentication Accountability Cybersecurity 98

eSecurity Planet

SEPTEMBER 17, 2024

WordPress is introducing mandatory two-factor authentication (2FA) for all plugin and theme developers to tackle rising security threats, effective October 1, 2024. This move supports the platform’s security by preventing unauthorized access to developer accounts and protecting millions of websites from potential supply-chain attacks​.

Authentication 57

Authentication Passwords Accountability Data breaches 57

Bleeping Computer

MAY 3, 2024

Microsoft announced that Windows users can now log into their Microsoft consumer accounts using a passkey, allowing users to authenticate using password-less methods such as Windows Hello, FIDO2 security keys, biometric data (facial scans or fingerprints), or device PINs. [.]

Accountability 119

Accountability Authentication Passwords 119

Security Boulevard

OCTOBER 25, 2023

Security flaws in the implementation of the OAuth authentication standard left hundreds of millions of users to at least three popular online sites exposed to possible account takeover by bad actors, according to researchers at Salt Security.

Accountability 117

Accountability Authentication Mobile Cybersecurity 117