reader comments 118 The YubiKey 5, the most widely used hardware token for two-factor authentication based on the FIDO standard, contains a cryptographic flaw that makes the finger-size device vulnerable to cloning when an attacker gains temporary physical access to it, researchers said Tuesday. The cryptographic flaw, known as a side channel, resides in a… Read More »
Getty Images reader comments 25 with Authentication service Okta said four of its customers have been hit in a recent social-engineering campaign that allowed hackers to gain control of super administrator accounts and from there weaken or entirely remove two-factor authentication protecting accounts from unauthorized access. The Okta super administrator accounts are assigned to users… Read More »
Getty Images reader comments 69 with Share this story Microsoft on Tuesday profiled software for sale in online forums that makes it easy for criminals to deploy phishing campaigns that successfully compromise accounts, even when they’re protected by the most common form of multi-factor authentication. The phishing kit is the engine that’s powering more than… Read More »
reader comments 232 with Share this story Twitter announced Friday that as of March 20, it will only allow its users to secure their accounts with SMS-based two-factor authentication if they pay for a Twitter Blue subscription. Two-factor authentication, or 2FA, requires users to log in with a username and password and then an additional… Read More »
Getty Images reader comments 21 with 0 posters participating Share this story Popular discussion website Reddit proved this week that its security still isn’t up to snuff when it disclosed yet another security breach that was the result of an attack that successfully phished an employee’s login credentials. In a post published Thursday, Reddit Chief… Read More »
Enlarge / This is definitely not a Razer mouse—but you get the idea. (credit: calvio via Getty Images) There has been a recent flurry of phishing attacks so surgically precise and well-executed that they’ve managed to fool some of the most aware people working in the cybersecurity industry. On Monday, Tuesday, and Wednesday, two-factor authentication… Read More »
Enlarge (credit: Getty Images) On Tuesday, Microsoft detailed an ongoing large-scale phishing campaign that can hijack user accounts when they’re protected with multi-factor authentication measures designed to prevent such takeovers. The threat actors behind the operation, who have targeted 10,000 organizations since September, have used their covert access to victim email accounts to trick employees… Read More »
Getty Images reader comments 0 with 0 posters participating Share this story Multi-factor authentication (MFA) is a core defense that is among the most effective at preventing account takeovers. In addition to requiring that users provide a username and password, MFA ensures they must also use an additional factor—be it a fingerprint, physical security key,… Read More »
Enlarge / On Friday afternoon, Coinbase sent email and SMS text messages to 125,000 customers, erroneously telling them that their 2FA settings had been changed. reader comments 42 with 34 posters participating, including story author Share this story Cryptocurrency exchange Coinbase sent an automated message to a large number of its customers on Friday, saying… Read More »
reader comments 71 with 43 posters participating Share this story President Joe Biden signed an executive order on Wednesday in an attempt to bolster US cybersecurity defenses after a number of devastating hacks, including the Colonial pipeline attack, revealed vulnerabilities across business and government. “Recent cybersecurity incidents… are a sobering reminder that US public and… Read More »