Security Affairs

MAY 30, 2023

PyPI is going to enforce two-factor authentication (2FA) for all project maintainers by the end of this year over security concerns. Due to security concerns, PyPI will be mandating the use of two-factor authentication (2FA) for all project maintainers by the end of this year. ” reads the announcement.

Authentication 85

Authentication Accountability Hacking Malware 85

Security Affairs

SEPTEMBER 15, 2021

Microsoft announced that users can access their consumer accounts without providing passwords and using more secure authentication methods. Microsoft says the feature will be rolled out over the coming weeks, it already provides passwordless methods to enterprise users since March 2021, and plans to roll out it for Azure AD accounts.

Authentication 96

Authentication Accountability Passwords Phishing 96

The Last Watchdog

FEBRUARY 3, 2022

I currently have over 450 accounts that use passwords combined with a variety of two-factor authentication methods. Related: How the Fido Alliance enables password-less authentication. Only a dozen or so of my accounts get authenticated via self-hosted services. the address book web app). Scale to come.

Authentication 229

Authentication Passwords Accountability Technology 229

Malwarebytes

FEBRUARY 29, 2024

A vulnerability in Facebook could have allowed an attacker to take over a Facebook account without the victim needing to click on anything at all. In his search for an account takeover vulnerability, the four times Meta Whitehat award receiver started by looking at the uninstall and reinstall process on Android. There was one caveat.

Accountability 121

Accountability Passwords Authentication Risk 121

Malwarebytes

SEPTEMBER 22, 2023

Some T-Mobile customers logged into their accounts on Wednesday to find another customer’s billing and account information showing on their online dashboards. It said a "temporary system glitch" had misplaced some subscriber account information, causing it to appear on other subscribers’ profile pages.

Mobile 108

Mobile Data breaches Accountability Passwords 108

The Last Watchdog

JULY 24, 2023

Accessing vital information to complete day-to-day tasks at our jobs still requires using a password-based system at most companies. Not only are passwords vulnerable to brute force attacks, but they can also be easily forgotten and reused across multiple accounts. The next big thing is passwordless authentication.

Authentication 229

Authentication Passwords Phishing Social Engineering 229

Malwarebytes

FEBRUARY 19, 2024

CISA (the Cybersecurity & Infrastructure Security Agency) has issued a cybersecurity advisory after the discovery of documents containing host and user information of a state government organization’s network environment—including metadata—on a dark web brokerage site. Restrict the use of multiple administrator accounts for one user.

Accountability 73

Accountability VPN Authentication Phishing 73

Security Boulevard

AUGUST 21, 2022

The post Multi-Factor Authentication Fatigue Attack, Signal Account Twilio Hack, Facebook and Instagram In-App Browser appeared first on The Shared Security Show. The post Multi-Factor Authentication Fatigue Attack, Signal Account Twilio Hack, Facebook and Instagram In-App Browser appeared first on The Shared Security Show.

Authentication 98

Authentication Accountability Hacking Ransomware 98

Malwarebytes

JANUARY 10, 2024

We have seen several high-profile accounts that were taken over on X (formerly Twitter) only to be used for cryptocurrency related promotional activities, like expressing the approval of exchange-traded funds (ETFs). The @SECGov X account was compromised, and an unauthorized post was posted. .” You’re all set.

Accountability 89

Accountability Scams Hacking Cryptocurrency 89

NetSpi Technical

FEBRUARY 28, 2024

This scalable service is well suited for high performance computing (HPC) applications, and easily integrates with the Storage Account service to support processing of large data sets. But as with any Azure service, misconfigurations (or issues with the service itself) can unintentionally expose sensitive information.

Accountability 96

Accountability Passwords Penetration Testing Authentication 96

Identity IQ

APRIL 10, 2024

AT&T Data Breach: How to Know If Your Information Has Been Exposed IdentityIQ More than 51 million people have had their personal information compromised in the recent AT&T data breach. The leaked customer information dates back to mid-2019 and earlier. What Should I Do if My Social Security Number Has Been Exposed?

Data breaches 88

Data breaches Identity Theft Passwords Password Management 88

Schneier on Security

OCTOBER 2, 2018

From Kashmir Hill : Facebook is not content to use the contact information you willingly put into your Facebook profile for advertising. This means that the junk email address that you hand over for discounts or for shady online shopping is likely associated with your account and being used to target you with ads.

Advertising 275

Advertising Authentication Accountability Adware 275

Troy Hunt

OCTOBER 2, 2020

The vulnerability allow an attacker to hijack any account. I asked for technical detail so I could validated the authenticity of his claim and the info duly arrived. On a surface of it, things looked bad: complete account takeover with a very trivial attack. Full account takeover.

Accountability 363

Accountability Hacking Passwords InfoSec 363

SecureWorld News

JUNE 21, 2023

Cybersecurity firm Group-IB recently uncovered a significant security breach involving ChatGPT accounts. These compromised accounts pose a serious risk to businesses, especially in the Asia-Pacific region, which has experienced the highest concentration of ChatGPT credentials for sale.

Accountability 116

Accountability Data collection Cyber threats Cybersecurity 116

Security Affairs

AUGUST 31, 2023

Cisco is aware of attacks conducted by Akira ransomware threat actors targeting Cisco ASA VPNs that are not configured for multi-factor authentication. “This highlights the importance of enabling multi-factor authentication (MFA) in VPN implementations. . ” reads a post published by Cisco PSIRT. 200 and 162.35.92[.]242

Authentication 111

Authentication Ransomware VPN Hacking 111

Krebs on Security

FEBRUARY 4, 2021

Facebook, Instagram , TikTok , and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. Facebook said it targeted a number of accounts tied to key sellers on OGUsers, as well as those who advertise the ability to broker stolen account sales. THE MIDDLEMEN.

Accountability 297

Accountability Hacking Media Mobile 297

SecureWorld News

JANUARY 10, 2024

Securities and Exchange Commission's (SEC) account on X (formerly Twitter) was briefly compromised on Tuesday, January 9, sending shockwaves through the cryptocurrency market and raising serious questions about the agency's cybersecurity practices. A fake announcement and market mayhem Shortly after 4 p.

Accountability 84

Accountability Hacking Marketing Cryptocurrency 84

Schneier on Security

DECEMBER 14, 2018

Attackers are targeting two-factor authentication systems: Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets' level of operational security, researchers with security firm Certfa Lab said in a blog post.

Authentication 202

Authentication Passwords Phishing Government 202

Hot for Security

MAY 19, 2021

Because it’s reported that a bogus Chrome add-on purporting to be “Microsoft Authenticator” successfully managed to sneak its way in, and duped hundreds of people into downloading it. Clearly it was an extension not to be trusted, and it’s good to know that it has since been pulled from the Chrome Web Store by Google.

Authentication 145

Authentication Accountability Software 145

Malwarebytes

AUGUST 4, 2023

In the phishing attacks the group leverages previously compromised Microsoft 365 instances, mostly owned by small businesses, to create new domains that look like technical support accounts. Once the target has done this, the attacker can use the gained access to further compromise the account. The company makes outbound support calls.

Authentication 90

Authentication Phishing Small Business Accountability 90

Malwarebytes

FEBRUARY 20, 2023

If you use text based authentication as an additional level of security for your Twitter account, you may be aware that this option will be reserved for paying Twitter Blue subscribers come mid-March. This post will explain how to enable app based authentication. Enabling app based 2 factor authentication 1. Click Next.

Authentication 65

Authentication Accountability Phishing Passwords 65

Security Affairs

JANUARY 4, 2024

An internet outage impacted Orange Spain after a hacker gained access to the company’s RIPE account to misconfigure BGP routing. The hacker, who uses the moniker ‘Snow’, gained access to the RIPE account of Orange Spain and misconfigured the BGP routing causing an internet outage. I have fixed your RIPE admin account security.

Internet 109

Internet Internet Accountability Passwords 109

Security Affairs

SEPTEMBER 7, 2022

In the digital age, authentication is paramount to a strong security strategy. Which are the challenges of user authentication? In the digital age, authentication is paramount to a strong security strategy. User authentication seems easy, but there are inherent challenges to be aware of. User Authentication.

Authentication 96

Authentication Passwords Risk Education 96

Pen Test Partners

SEPTEMBER 6, 2023

Several recent web application and API tests have revealed a common issue of responses containing too much data, and leaking sensitive and valuable information. In these cases, and many more, the common problem has been caused by the responses containing too much information, that simply did not need to be there.

Authentication 52

Authentication Accountability Encryption Software 52

Krebs on Security

MARCH 26, 2024

Assuming the user manages not to fat-finger the wrong button on the umpteenth password reset request, the scammers will then call the victim while spoofing Apple support in the caller ID, saying the user’s account is under attack and that Apple support needs to “verify” a one-time code.

Passwords 343

Passwords Accountability Engineering Phishing 343

Security Affairs

JANUARY 19, 2022

A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed threat actors to take over accounts. A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed attackers to take over accounts without having access to the victim’s phone, Varonis researchers reported.

Accountability 113

Accountability Authentication Passwords Data breaches 113

Malwarebytes

JANUARY 6, 2022

million customers have had their user accounts compromised in credential stuffing attacks. Credential stuffing is the automated injection of stolen username and password pairs in to website login forms, in order to fraudulently gain access to user accounts. Using a forum or social media account to send phishing messages or spam.

Passwords 136

Passwords Accountability Identity Theft Password Management 136

NetSpi Technical

FEBRUARY 28, 2024

This scalable service is well suited for high performance computing (HPC) applications, and easily integrates with the Storage Account service to support processing of large data sets. But as with any Azure service, misconfigurations (or issues with the service itself) can unintentionally expose sensitive information.

Accountability 52

Accountability Passwords Authentication 52

Dark Reading

JANUARY 19, 2023

The credential-stuffing attack, likely fueled by password reuse, yielded personal identifiable information that can be used to verify the authenticity of previously stolen data.

Accountability 135

Accountability Authentication Passwords 135

Duo's Security Blog

APRIL 10, 2024

Enrolling users to use multi-factor authentication (MFA) is an essential security step for any organization. Enrollment basics Enrollment is the process by which users are added to a Duo account and enabled to use MFA. In automatic enrollment , user information is uploaded in CSV format or synced from a directory service.

Authentication 143

Authentication Accountability Risk Government 143

eSecurity Planet

AUGUST 19, 2022

One new tactic hackers have been using is to steal cookies from current or recent web sessions to bypass multi-factor authentication (MFA). Even cloud infrastructures rely on cookies to authenticate their users. Browsers allow users to maintain authentication, remember passwords and autofill forms. How Hackers Steal Cookies.

Authentication 142

Authentication Password Management Passwords Malware 142

Security Affairs

AUGUST 9, 2023

Cloud account takeover scheme utilizing EvilProxy hit over 100 top-level executives of global organizations EvilProxy was observed sending 120,000 phishing emails to over a hundred organizations to steal Microsoft 365 accounts. Proofpoint noticed a worrisome surge of successful cloud account compromises in the past five months.

Accountability 90

Accountability Phishing Authentication Architecture 90

CyberSecurity Insiders

OCTOBER 29, 2021

A few simple changes to your devices and accounts can help discourage cyber criminals from trying to access your data. Giants like Facebook and Target have suffered breaches and password leaks, so it’s safe to say data from at least one of your online accounts could have been leaked. Getting started is easy. Prevent Data Breaches.

Passwords 141

Passwords Advertising Data breaches Accountability 141

Security Affairs

DECEMBER 5, 2023

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. The vulnerability is a Microsoft Outlook spoofing vulnerability that can lead to an authentication bypass. ” reads trhe announcement published by DKWOC.

Accountability 104

Accountability Government Phishing Authentication 104

Thales Cloud Protection & Licensing

OCTOBER 4, 2022

Cybersecurity Awareness Month: Resilient Multi-factor Authentication (MFA) and Strong Passwords. A CISA advisory highlights that, “MFA is one of the most important cybersecurity practices to reduce the risk of intrusions—according to industry research, users who enable MFA are up to 99% less likely to have an account compromised.”.

Authentication 127

Authentication Passwords Cybersecurity Data breaches 127

Security Affairs

JULY 24, 2022

million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The bug exists due to the proccess of authorization used in the Android Client of Twitter, specifically in the procces of checking the duplication of a Twitter account.” Threat actor leaked data of 5.4

Accountability 134

Accountability Advertising Authentication Hacking 134

Krebs on Security

JUNE 19, 2020

Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. Both are avid gamers on Microsoft’s Xbox platform, and for years their father managed their accounts via his own Microsoft account.

Authentication 363

Authentication Accountability Passwords Mobile 363