Security Affairs

SEPTEMBER 15, 2021

Microsoft announced that users can access their consumer accounts without providing passwords and using more secure authentication methods. SecurityAffairs – hacking, passwordless authentication). The post Microsoft announces passwordless authentication for consumer accounts appeared first on Security Affairs.

Authentication 128

Authentication Accountability Passwords Phishing 128

Security Affairs

DECEMBER 21, 2023

More than 22,000 users of Blink Mobility should take the necessary steps to protect themselves against the risk of identity theft. Los Angeles-based electric car-sharing provider Blink Mobility left a misconfigured MongoDB database open to the public.

Mobile 137

Mobile Identity Theft Passwords Phishing 137

Security Affairs

APRIL 26, 2025

Founded in 1994, it has grown to become Africa’s largest mobile network operator, serving over 290 million subscribers across 18 countries in Africa and the Middle East. The company is also expanding into areas like mobile money and digital entertainment, aiming to become Africas leading digital platform.

Data breaches 108

Data breaches Telecommunications Financial Services Mobile 108

Thales Cloud Protection & Licensing

SEPTEMBER 13, 2021

Authentication and access management increasingly perceived as core to Zero Trust Security. While many consider that remote access to corporate resources and data as the key disruption, security teams had to face many more challenges. State of Multi-Factor Authentication. Simplicity is always an ally of security.

Authentication 153

Authentication Cloud Migration IoT Technology 153

Security Affairs

DECEMBER 28, 2020

Threat intelligence analyst discovered a threat actor that is selling a database of the Italian mobile service provider Ho mobile. Ho mobile is an Italian mobile telephone service offered by Vodafone Enabler Italia, an Italian virtual mobile telephone operator. ” Bank Security told me.

Mobile 142

Mobile Banking Data breaches Phishing 142

Security Affairs

JULY 29, 2022

Therefore, strong authentication methods are needed. Therefore, strong authentication methods are needed to improve security without hindering user convenience. What is Strong Authentication? The IAM Security Boundary Strong authentication is a critical component of modern-day identity and access management.

Authentication 128

Authentication Passwords Data privacy Identity Theft 128

Security Affairs

JANUARY 24, 2025

This week, SonicWall warned customers of a critical security vulnerability, tracked as CVE-2025-23006 (CVSS score of 9,8) impacting its Secure Mobile Access (SMA) 1000 Series appliances. reads the advisory.

Authentication 99

Authentication Mobile Hacking Cybersecurity 99

Security Affairs

OCTOBER 18, 2023

Once the instance is exposed to the internet – without being secured by authentication – it’s accessible to anyone. IMEI is a unique number assigned to each mobile device and is used to identify a device on a mobile network. If that happens, it can cause disruptions to the mobile service of the device.

Mobile 138

Mobile Phishing Manufacturing Risk 138

Security Affairs

DECEMBER 30, 2024

Cisco confirmed the authenticity of the 4GB of leaked data, the data was compromised in a recent security breach, marking the second leak in the incident. Cisco confirmed the authenticity of the 4GB of leaked data, which was compromised in a recent security breach, marking it as the second leak in the incident.

Data breaches 126

Data breaches Cybercrime Authentication Technology 126

Security Affairs

MAY 1, 2025

SonicWall confirmed that threat actors actively exploited two vulnerabilities impacting its SMA100 Secure Mobile Access (SMA) appliances. SonicWall revealed that attackers actively exploited two security vulnerabilities, tracked as CVE-2023-44221 and CVE-2024-38475 , in its SMA100 Secure Mobile Access appliances.

Firmware 70

Firmware Mobile VPN Authentication 70

Security Affairs

OCTOBER 26, 2022

Cisco warns of active exploitation attempts targeting two vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows. Cisco is warning of exploitation attempts targeting two security flaws, tracked as CVE-2020-3153 (CVSS score: 6.5) Both vulnerabilities are dated 2020 and are now patched. Pierluigi Paganini.

Mobile 107

Mobile Authentication Hacking Risk 107

SecureWorld News

MARCH 20, 2025

Mobile madness: the sneaky side of cyber scams With fans constantly checking scores, streaming games, and logging into betting apps, mobile devices are a major attack surface. Fake betting apps, fraudulent login pages, and malicious streaming links can easily bypass traditional security layers.

Scams 81

Scams Social Engineering Mobile Phishing 81

Security Affairs

JULY 30, 2023

Software firm Ivanti disclosed another security vulnerability impacting Endpoint Manager Mobile (EPMM), that it said actively exploited. “A vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core.” ” reads the advisory published by the company.

Mobile 98

Mobile Authentication Software Hacking 98

Security Affairs

APRIL 23, 2022

Telecommunication giant T-Mobile confirmed the LAPSUS$ extortion group gained access to its networks in March. Telecom company T-Mobile on Friday revealed that LAPSUS$ extortion gang gained access to its networks. ” LAPSUS$ leader White/Lapsus Jobs looking up the Department of Defense in T-Mobile’s internal Atlas system.

Mobile 103

Mobile VPN Social Engineering Telecommunications 103

Security Affairs

FEBRUARY 26, 2025

A recent analysis of LightSpy servers reveals expanded command capabilities, growing from 55 to over 100 commands across multiple platforms, including mobile and desktop. The new version discovered by Hunt.io supports data extraction features to target Facebook and Instagram application database files.

Data collection 107

Data collection Spyware Media Surveillance 107

Krebs on Security

AUGUST 23, 2024

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. ” Caturegli said setting up an email server record for memrtcc.ad and schema.ad.

DNS 325

DNS Internet Internet Authentication 325

Security Affairs

SEPTEMBER 7, 2022

In the digital age, authentication is paramount to a strong security strategy. Which are the challenges of user authentication? In the digital age, authentication is paramount to a strong security strategy. End users require access to business networks and applications from mobile workspaces. End-user Needs.

Authentication 103

Authentication Passwords Risk Education 103

Security Affairs

NOVEMBER 24, 2019

Twitter announced that its users can protect their accounts with 2-Factor Authentication (2FA) even if they don’t have a phone number. Twitter is going to allow its users to protect their accounts with 2-Factor Authentication (2FA) even if they don’t have a phone number. Pierluigi Paganini.

Authentication 143

Authentication Mobile Advertising Accountability 143

Duo's Security Blog

JANUARY 27, 2022

Not all multi-factor authentication (MFA) solutions are equal. For a two-factor authentication solution, that may include hidden costs, such as upfront, capital, licensing, support, maintenance, and operating costs. Estimate and plan for how much it will cost to deploy multi-factor authentication to all of your apps and users.

Authentication 104

Authentication Software Mobile Passwords 104

Security Affairs

JULY 7, 2019

We will inform you as soon as the prospect of reopening is reached. ” 7-Eleven Japan launched in Japan the 7pay mobile payment app on July 1. Every time a customer needs to complete a payment, the mobile app displays a barcode on the phone, then the cashier scans the barcode and charges the bought products to the customer.

Mobile 104

Mobile Passwords Accountability Advertising 104

Security Affairs

APRIL 21, 2025

Since victims often do not recall their PIN immediately, the attackers guide them through their mobile banking application to retrieve this sensitive information.” Affiliates authenticate through login credentials, which bind the victims Reader to the attackers Tapper for real-time NFC data relay.

Malware 109

Malware Social Engineering Banking Engineering 109

Security Affairs

APRIL 6, 2021

Security researcher implemented a service to verify if your mobile number is included in the recent Facebook data leak. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. ” Alosefer explained. ” added the expert. ” added the expert. Pierluigi Paganini.

Mobile 103

Mobile Data breaches Accountability Phishing 103

Security Affairs

MAY 2, 2025

A remote authenticated attacker with administrative privilege can exploit the flaw to inject arbitrary commands as a nobody user, potentially leading to OS Command Injection Vulnerability. CVE-2024-38475 (CVSS score: 9.8) is an improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier.

Firmware 72

Firmware Authentication VPN Mobile 72

Security Affairs

NOVEMBER 3, 2024

Chinese threat actors use Quad7 botnet in password-spray attacks FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide PTZOptics cameras zero-days actively exploited in the wild New LightSpy spyware (..)

Cryptocurrency 111

Cryptocurrency Hacking Phishing Cyber Attacks 111

Security Affairs

AUGUST 21, 2023

Ivanti warned customers of a new critical Sentry API authentication bypass vulnerability tracked as CVE-2023-38035. The software company Ivanti released urgent security patches to address a critical-severity vulnerability, tracked as CVE-2023-38035 (CVSS score 9.8), in the Ivanti Sentry (formerly MobileIron Sentry) product.

Authentication 98

Authentication Internet Internet Mobile 98

The Last Watchdog

JANUARY 16, 2023

An essential component of ISO 27001 compliance is performing penetration tests as it can effectively identify where to make improvements to the information security management system of an organization. By now, the importance of penetration testing is known to most companies.

Penetration Testing 214

Penetration Testing Mobile Marketing Technology 214

Security Boulevard

AUGUST 21, 2022

The post Multi-Factor Authentication Fatigue Attack, Signal Account Twilio Hack, Facebook and Instagram In-App Browser appeared first on The Shared Security Show. The post Multi-Factor Authentication Fatigue Attack, Signal Account Twilio Hack, Facebook and Instagram In-App Browser appeared first on The Shared Security Show.

Authentication 98

Authentication Accountability Hacking Ransomware 98

Daniel Miessler

MAY 14, 2020

Enable two-factor authentication on all critical accounts. For your most important accounts—such as those controlling your email account, your bank, and your mobile phone account—you should enable two-factor authentication. Everything. Setting up Google 2FA.

Risk 345

Risk Passwords Password Management Accountability 345

The Last Watchdog

MAY 19, 2022

Security is also necessary if your retrieval system (such as a website or mobile app) has a paywall or is restricted to only a subset of people, such as customers or resellers. What about public information? Even if you give your content away, you don’t want to allow unauthorized people to add, delete, or tamper with your files.

Data breaches 262

Data breaches Encryption Mobile Technology 262

Security Affairs

DECEMBER 2, 2022

Experts found multiple flaws in three Android Keyboard apps that can be exploited by remote attackers to compromise a mobile phone. CyRC experts warn of weak or missing authentication mechanisms, missing authorization, and insecure communication vulnerabilities in the three apps. ” Impacted software are: Telepad versions 1.0.7

Hacking 145

Hacking Authentication Mobile Passwords 145

Security Affairs

JANUARY 24, 2025

SonicWall is waring customers of a critical security vulnerability, tracked as CVE-2025-23006 (CVSS score of 9,8) impacting its Secure Mobile Access (SMA) 1000 Series appliances. ” reads the advisory.

Firmware 75

Firmware Malware Authentication Mobile 75

Security Affairs

NOVEMBER 5, 2024

It aims to bypass bank countermeasures used to enforce users’ identity verification and authentication, combined with behavioral detection techniques applied by banks to identify suspicious money transfers.” ” reads the report published by Cleafy.

Banking 124

Banking Malware Accountability Authentication 124

Security Boulevard

MAY 13, 2025

CVE Description CVSSv3 CVE-2025-4427 Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability 5.3 CVE-2025-4428 Ivanti Endpoint Manager Mobile Remote Code Execution Vulnerability 7.2 Analysis CVE-2025-4427 is an authentication bypass vulnerability in Ivantis EPMM. CVE-2025-4428 is a RCE in Ivantis EPMM.

Mobile 52

Mobile Authentication Software Information Security 52

Security Affairs

JANUARY 14, 2021

Cisco addressed tens of high-severity flaws, including some flaws in the AnyConnect Secure Mobility Client and in its small business routers. This week Cisco released security updates to address 67 high-severity vulnerabilities, including issues affecting Cisco’s AnyConnect Secure Mobility Client and small business routers (i.e.

Software 125

Software Small Business Mobile Passwords 125

Security Affairs

DECEMBER 15, 2020

The CVE-2020-25183 is an improper authentication issue that could be exploited by an attacker to bypass the authentication between the MCL Smart Patient Reader and the Medtronic MyCareLink Smart mobile app. ” states the advisory. ” states the advisory.

Firmware 141

Firmware Authentication Mobile IoT 141

Security Affairs

NOVEMBER 5, 2019

The #FifthOfNovember has arrived, the Italian branch of Anonymous and LulzSecITA hacked websites of professional orders, prefecture of Naples, and also the telephone operator Lyca Mobile. The popular group of Italian hacktivist s LulzSecITA also joined the protest and hacked the Italian site of the telephone company Lyca Mobile.

Mobile 79

Mobile Hacking Advertising Data breaches 79

Security Affairs

APRIL 16, 2020

The answer is not immediate, but due to the various layers of protection during the authentication process that a system imposes on us today, there is a need to validate authenticity and legitimacy during this action. In a simplified way, 10 steps are necessary for a successful authentication in the target homebanking portal.

Banking 145

Banking Authentication Phishing Mobile 145