Authentication, Mobile and Technology - Cyber Security Informer

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Krebs on Security

JANUARY 16, 2025

Those who fall for the scam are asked to provide payment card data, and eventually will be asked to supply a one-time password sent via SMS or a mobile authentication app. Notably, none of the phishing pages will even load unless the website detects that the visitor is coming from a mobile device.

Phishing

Phishing Scams Mobile Passwords

U.S. Mobile Giants Want to be Your Online Identity

Krebs on Security

SEPTEMBER 12, 2018

wireless carriers today detailed a new initiative that may soon let Web sites eschew passwords and instead authenticate visitors by leveraging data elements unique to each customer’s phone and mobile subscriber account, such as location, customer reputation, and physical attributes of the device. The four major U.S.

Mobile

Mobile Authentication Wireless Scams

GUEST ESSAY: How the FIDO Alliance helps drive the move to passwordless authentication

The Last Watchdog

DECEMBER 6, 2021

This traditional authentication method is challenging to get rid of, mostly because it’s so common. And for businesses, transitioning to new authentication solutions can be expensive and time-consuming. It supports standards that make implementing newer, stronger authentication methods possible for businesses.

Authentication

Authentication Passwords Mobile Phishing

GUEST ESSAY: Why it’s high time for us to rely primarily on passwordless authentication

The Last Watchdog

JULY 24, 2023

The next big thing is passwordless authentication. For example, we have passwordless facial and fingerprint biometric logins on our mobile phones and the thousands of apps that we use, as well as on our laptops and similar portable devices. The bottom line is user authentication is vital for securing access to data and systems.

Authentication

Authentication Passwords Phishing Social Engineering

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. The targeted SMS scams asked employees to click a link and log in at a website that mimicked their employer’s Okta authentication page. Image: Amitai Cohen twitter.com/amitaico.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

News alert: Wultra secures €3M funding to help financial firms mitigate coming quantum threats

The Last Watchdog

JANUARY 15, 2025

15, 2025, CyberNewswire — Quantum computing is set to revolutionize technology, but it also presents a significant security risk for financial institutions. He played a key role in building Inmite, a mobile app development firm acquired by Avast in 2014. Prague, Czech Republic, Jan. Dvorak is no stranger to innovation.

Banking

Banking Authentication Technology Marketing

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

The Last Watchdog

AUGUST 19, 2021

At the start of this week, word got out that hackers claimed to have seized personal data for as many as 100 million T-Mobile patrons. According to the attackers, this was a configuration issue on an access point T-Mobile used for testing. T-Mobile left a gate left wide open for attackers – and attackers just had to find the gate.”.

Mobile

Mobile Data breaches Authentication Accountability

RSAC Fireside Chat: Deploying Hollywood-tested content protection to improve mobile app security

The Last Watchdog

MAY 18, 2023

Your go-to mobile apps aren’t nearly has hackproof as you might like to believe. Related: Fallout of T-Mobile hack Hackers of modest skill routinely bypass legacy security measures, even two-factor authentication, with techniques such as overlay attacks. And hard data shows instances of such breaches on the rise.

Mobile

Mobile Authentication Internet Internet

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

Krebs on Security

SEPTEMBER 4, 2018

Less than a week ago, security researcher Nitish Shah directed KrebsOnSecurity to an open database on the Web that allowed anyone to query up-to-the-minute mSpy records for both customer transactions at mSpy’s site and for mobile phone data collected by mSpy’s software. The database required no authentication. WHO IS MSPY?

Spyware

Spyware Mobile Advertising Software

The Rise of One-Time Password Interception Bots

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That is true two-factor authentication: Something you have, and something you know (and maybe also even something you are).

Passwords

Passwords Mobile Authentication Banking

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication.

Mobile

Mobile Phishing Authentication Accountability

Ubiquiti: Change Your Password, Enable 2FA

Krebs on Security

JANUARY 11, 2021

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. In an email sent to customers today, Ubiquiti Inc.

Passwords

Passwords Authentication Firmware Accountability

Authentication in the Finance Industry: Now and Next

Security Boulevard

SEPTEMBER 3, 2022

These challenges need to be addressed whilst delivering technological and business transformation that is customer centric, cloud native and mobile ready. The post Authentication in the Finance Industry: Now and Next appeared first on Security Boulevard.

Authentication

Authentication Financial Services Retail Insurance

Cisco states that the second data leak is linked to the one from October

Security Affairs

DECEMBER 30, 2024

Cisco confirmed the authenticity of the 4GB of leaked data, the data was compromised in a recent security breach, marking the second leak in the incident. Cisco confirmed the authenticity of the 4GB of leaked data, which was compromised in a recent security breach, marking it as the second leak in the incident.

Data breaches

Data breaches Cybercrime Authentication Technology

Acquisition news trending in the world of Mobile Security and Cloud

CyberSecurity Insiders

JULY 14, 2021

Motorola Solutions had made a formal announcement yesterday that it is going to acquire cloud based mobile security firm Openpath Security for an undisclosed amount. Trade analysts say that the former will integrate the innovative authentication technology of the latter to lead the access control industry.

Mobile

Mobile Technology Authentication Cybersecurity

Still Using Passwords? Get Started with Phishing-Resistant, Passwordless Authentication Now!

Cisco Security

NOVEMBER 2, 2022

Going beyond the hype, passwordless authentication is now a reality. Cisco Duo’s passwordless authentication is now generally available across all Duo Editions. “ Cisco Duo simplifies the passwordless journey for organizations that want to implement phishing-resistant authentication and adopt a zero trust security strategy.

Authentication

Authentication Passwords Phishing Mobile

Robocall Legal Advocate Leaks Customer Data

Krebs on Security

AUGUST 3, 2020

A California company that helps telemarketing firms avoid getting sued for violating a federal law that seeks to curb robocalls has leaked the phone numbers, email addresses and passwords of all its customers, as well as the mobile phone numbers and other data on people who have hired lawyers to go after telemarketers.

Mobile

Mobile Marketing Consumer Protection Wireless

Your Phone May Soon Replace Many of Your Passwords

Krebs on Security

MAY 7, 2022

Apple , Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. “I worry about forgotten password recovery for cloud accounts.”

Passwords

Passwords Authentication Accountability Mobile

Introducing Duo Wear: Seamless MFA From Your Wrist!

Duo's Security Blog

APRIL 24, 2025

Were thrilled to announce Duo Wear , a companion app for Duo Mobile that brings fast and easy multi-factor authentication (MFA) to your Wear OS smartwatch! It works together with the Duo Mobile app on your Android phone. Its quick, simple, and offers a frictionless authentication experience. What is Duo Wear?

Authentication

Authentication Mobile Technology

Samsung offers Mobile Security protection as below

CyberSecurity Insiders

NOVEMBER 25, 2021

Password compromise- Almost all devices offered by Samsung are equipped with innovative biometric authentication technology such as fingerprint, IRIS, and password secure. The post Samsung offers Mobile Security protection as below appeared first on Cybersecurity Insiders. So, why think much about security?

Mobile

Mobile Firmware Manufacturing Passwords

Authentication and access management increasingly perceived as core to Zero Trust Security

Thales Cloud Protection & Licensing

SEPTEMBER 13, 2021

Authentication and access management increasingly perceived as core to Zero Trust Security. This shift in business models and supporting technology infrastructure was so sudden that it caught several security teams off guard. State of Multi-Factor Authentication. Tue, 09/14/2021 - 05:52. Reactive vs. Pro-active Organizations.

Authentication

Authentication Cloud Migration IoT Technology

NY Man Pleads Guilty in $20 Million SIM Swap Theft

Krebs on Security

DECEMBER 16, 2021

A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud. A SIM card is the tiny, removable chip in a mobile device that allows it to connect to the provider’s network. Nicholas Truglia, holding bottle.

Cryptocurrency

Cryptocurrency Mobile Accountability Scams

FIDO: Consumers are Adopting Passkeys for Authentication

Security Boulevard

NOVEMBER 4, 2024

The FIDO Alliance found in a survey that as consumers become more familiar with passkeys, they are adopting the technology as a more secure alternative to passwords to authenticate their identities online. The post FIDO: Consumers are Adopting Passkeys for Authentication appeared first on Security Boulevard.

Authentication

Authentication Passwords Technology Data privacy

Strong Authentication – Robust Identity and Access Management Is a Strategic Choice

Security Affairs

JULY 29, 2022

Therefore, strong authentication methods are needed. Therefore, strong authentication methods are needed to improve security without hindering user convenience. What is Strong Authentication? The IAM Security Boundary Strong authentication is a critical component of modern-day identity and access management.

Authentication

Authentication Passwords Data privacy Identity Theft

SHARED INTEL: IT pros gravitate to ‘passwordless’ authentication to improve security, boost agility

The Last Watchdog

APRIL 7, 2021

Passwordless authentication as a default parameter can’t arrive too soon. The good news is that passwordless technologies are not only ready for prime time, they appear to be gaining traction in ways that suggest we’re on the cusp of a period of wide-scale adoption. Related: Top execs call for facial recognition to be regulated.

Authentication

Authentication Digital transformation Passwords Password Management

Americans urged to use encrypted messaging after large, ongoing cyberattack

Malwarebytes

DECEMBER 5, 2024

Anne Neuberger, the US deputy national security adviser for cyber and emerging technologies stated the “Chinese access was broad in terms of potential access to communications of everyday Americans” but she said the hackers only targeted prominent individuals.

Encryption

Encryption Identity Theft Media Telecommunications

Google Chrome supports passkeys for authentication

CyberSecurity Insiders

DECEMBER 19, 2022

A passkey is nothing but a passcode that enables authenticated access to a website service. It doesn’t have a text-based password in action, but is basically a password-less authentication that can be triggered by using the resources on a device like biometric scans, like facial recognition.

Authentication

Authentication Passwords Mobile Cybersecurity

How Will 5G Technology Alter IoT Security And How Can We Prepare?

CyberSecurity Insiders

JANUARY 28, 2022

The 5G technology appears to be perfect from a distance, with its grand claims of fostering efficient interconnectivity and speedy data transfers between people, objects, and devices. Whirlpool has started deploying the 5G technology; other reputable organizations like Samsung, Nokia, and Cisco jump in on the trend.

IoT

IoT Technology Mobile Software

U.S. Justice Department Cracks Down on Scattered Spider Phishing Ring

SecureWorld News

NOVEMBER 22, 2024

Some employees went to the phishing websites, entered their credentials, and sometimes authenticated their identities using a two-factor authentication request sent to their mobile phones.

Phishing

Phishing Identity Theft Cryptocurrency Cybercrime

T-Mobile spills billing information to other customers

Malwarebytes

SEPTEMBER 22, 2023

Some T-Mobile customers logged into their accounts on Wednesday to find another customer’s billing and account information showing on their online dashboards. T-Mobile denied there was an attack, but confirmed there had been a data leak. “There was no cyberattack or breach at T-Mobile. .

Mobile

Mobile Data breaches Accountability Passwords

Busting SIM Swappers and SIM Swap Myths

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. In early July 2018, Ferri was traveling in Europe when he discovered his T-Mobile phone no longer had service.

Mobile

Mobile Cryptocurrency Accountability Passwords

IT threat evolution in Q3 2022. Mobile statistics

SecureList

NOVEMBER 18, 2022

Non-mobile statistics. Mobile statistics. According to Kaspersky Security Network, in Q3 2022: A total of 5,623,670 mobile malware, adware, and riskware attacks were blocked. Droppers (Trojan-Dropper), accounting for 26.28% of detections, were the most common threat to mobile devices. Mobile threat statistics.

Mobile

Mobile Adware Banking Malware

Gmail Under Siege: FBI Warns of Unusual AI-Driven Phishing Attacks

eSecurity Planet

FEBRUARY 10, 2025

Organizations, in particular, should educate employees on the dangers of phishing, enforce strict email filtering policies, and consider advanced security measures such as multi-factor authentication (MFA) and password managers configured for URL matching.

Phishing

Phishing Artificial Intelligence Password Management Accountability

MY TAKE: A few reasons to believe RSAC 2023’s ‘stronger together’ theme is gaining traction

The Last Watchdog

APRIL 30, 2023

Multi-factor authentication ( MFA ) has raised the bar, but MFA alone is not enough to slow, much less stop, moderately-skilled bad actors. about the role of advanced wearable authentication devices, going forward. Our mobile devices, and the mobile apps on them, have become our digital appendages.

Mobile

Mobile Cloud Migration Penetration Testing Authentication

The Risk of Weak Online Banking Passwords

Krebs on Security

AUGUST 5, 2019

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. Alex Holden is founder and chief technology officer of Hold Security , a Milwaukee-based security consultancy.

Banking

Banking Passwords Risk Accountability

10 Reasons why businesses need mobile device management (MDM)

CyberSecurity Insiders

APRIL 3, 2023

Mobile device management (MDM) refers to a type of software that allows businesses to manage, configure and secure mobile devices used by their employees. Enhanced security MDM technology provides an extra layer of security for businesses, protecting them from breaches and data loss.

Mobile

Mobile Data breaches Cyber threats Software

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

technology companies during the summer of 2022. In each attack, the victims saw their email and financial accounts compromised after suffering an unauthorized SIM-swap, wherein attackers transferred each victim’s mobile phone number to a new device that they controlled. 9, 2024, U.S. Image credit: Amitai Cohen of Wiz.

Social Engineering

Social Engineering Mobile Passwords Cybercrime

Phishing-Resistant MFA: Why FIDO is Essential

Thales Cloud Protection & Licensing

MAY 7, 2025

Traditional Multi-Factor Authentication (MFA), while a step up from password-only security, is no longer enough to fight modern phishing schemes. As malefactors hone their methods, entities must adopt phishing-resistant multi-factor authentication to secure their digital identities.

Phishing

Phishing Authentication Passwords Social Engineering

Voice Phishers Targeting Corporate VPNs

Krebs on Security

AUGUST 19, 2020

The phishers will explain that they’re calling from the employer’s IT department to help troubleshoot issues with the company’s virtual private networking (VPN) technology. Most targeted employees are working from home or can be reached on a mobile device. The employee phishing page bofaticket[.]com.

Phishing

Phishing VPN Social Engineering Media

A Breach, or Just a Forced Password Reset?

Krebs on Security

DECEMBER 4, 2018

I asked if this notice had been sent to everyone, and inquired whether ShareFile offers any form(s) of multi-factor authentication options that customers could use to supplement the security of passwords. We did not enforce a password reset on accounts that are using more stringent authentication controls [emphasis added].

Passwords

Passwords Authentication Accountability Password Management

GUEST ESSAY: A primer on NIST 207A — guidance for adding ZTNA to cloud-native platforms

The Last Watchdog

MAY 24, 2023

Related: The CMMC sea change NIST SP 800-207A (SP 207A), the next installment of Zero Trust guidance from the National Institute of Standards and Technology (NIST), has been released for public review. Encryption in transit provides eavesdropping protection and payload authenticity.

Authentication

Authentication Banking Architecture Encryption

MY TAKE: RSAC 2023 roundup – evidence of ‘stronger together’ innovation takes shape

The Last Watchdog

APRIL 28, 2023

Multi-factor authentication ( MFA ) has raised the bar, but MFA alone is not enough to slow, much less stop, moderately-skilled bad actors. about the role of advanced wearable authentication devices, going forward. Our mobile devices, and the mobile apps on them, have become our digital appendages.

Mobile

Mobile Cloud Migration Penetration Testing Authentication

NEW TECH: DigiCert Document Signing Manager leverages PKI to advance electronic signatures

The Last Watchdog

JULY 21, 2021

And PKI , of course, is the behind-the-scenes authentication and encryption framework on which the Internet is built. PKI is the framework by which digital certificates get issued to authenticate the identity of users; and it is also the plumbing for encrypting data moving across the Internet. Achieving high assurance.

Computers and Electronics

Computers and Electronics Authentication Digital transformation Internet

Best Passkey Solutions for MFA, SSO & Passwordless Authentication

eSecurity Planet

JUNE 14, 2023

Passkeys can use a range of passwordless authentication methods, from fingerprint, face and iris recognition to screen lock pins, smart cards, USB devices and more. ” authID’s multi-factor authentication (MFA) solutions included biometric authentication such as fingerprint recognition and facial recognition.

Authentication

Authentication Passwords Password Management Phishing

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

U.S. Mobile Giants Want to be Your Online Identity

Trending Sources

GUEST ESSAY: How the FIDO Alliance helps drive the move to passwordless authentication

GUEST ESSAY: Why it’s high time for us to rely primarily on passwordless authentication

Feds Charge Five Men in ‘Scattered Spider’ Roundup

News alert: Wultra secures €3M funding to help financial firms mitigate coming quantum threats

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

RSAC Fireside Chat: Deploying Hollywood-tested content protection to improve mobile app security

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

The Rise of One-Time Password Interception Bots

How 1-Time Passcodes Became a Corporate Liability

Ubiquiti: Change Your Password, Enable 2FA

Authentication in the Finance Industry: Now and Next

Cisco states that the second data leak is linked to the one from October

Acquisition news trending in the world of Mobile Security and Cloud

Still Using Passwords? Get Started with Phishing-Resistant, Passwordless Authentication Now!

Robocall Legal Advocate Leaks Customer Data

Your Phone May Soon Replace Many of Your Passwords

Introducing Duo Wear: Seamless MFA From Your Wrist!

Samsung offers Mobile Security protection as below

Authentication and access management increasingly perceived as core to Zero Trust Security

NY Man Pleads Guilty in $20 Million SIM Swap Theft

FIDO: Consumers are Adopting Passkeys for Authentication

Strong Authentication – Robust Identity and Access Management Is a Strategic Choice

SHARED INTEL: IT pros gravitate to ‘passwordless’ authentication to improve security, boost agility

Americans urged to use encrypted messaging after large, ongoing cyberattack

Google Chrome supports passkeys for authentication

How Will 5G Technology Alter IoT Security And How Can We Prepare?

U.S. Justice Department Cracks Down on Scattered Spider Phishing Ring

T-Mobile spills billing information to other customers

Busting SIM Swappers and SIM Swap Myths

IT threat evolution in Q3 2022. Mobile statistics

Gmail Under Siege: FBI Warns of Unusual AI-Driven Phishing Attacks

MY TAKE: A few reasons to believe RSAC 2023’s ‘stronger together’ theme is gaining traction

The Risk of Weak Online Banking Passwords

10 Reasons why businesses need mobile device management (MDM)

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Phishing-Resistant MFA: Why FIDO is Essential

Voice Phishers Targeting Corporate VPNs

A Breach, or Just a Forced Password Reset?

GUEST ESSAY: A primer on NIST 207A — guidance for adding ZTNA to cloud-native platforms

MY TAKE: RSAC 2023 roundup – evidence of ‘stronger together’ innovation takes shape

NEW TECH: DigiCert Document Signing Manager leverages PKI to advance electronic signatures

Best Passkey Solutions for MFA, SSO & Passwordless Authentication

Stay Connected