Tag Archives: 2fa

I’m a security reporter and got fooled by a blatant phish

Enlarge / This is definitely not a Razer mouse—but you get the idea. (credit: calvio via Getty Images) There has been a recent flurry of phishing attacks so surgically precise and well-executed that they’ve managed to fool some of the most aware people working in the cybersecurity industry. On Monday, Tuesday, and Wednesday, two-factor authentication… Read More »

Ongoing phishing campaign can hack you even when you’re protected with MFA

Enlarge (credit: Getty Images) On Tuesday, Microsoft detailed an ongoing large-scale phishing campaign that can hijack user accounts when they’re protected with multi-factor authentication measures designed to prevent such takeovers. The threat actors behind the operation, who have targeted 10,000 organizations since September, have used their covert access to victim email accounts to trick employees… Read More »

Lapsus$ and Solar Winds hackers both use the same old trick to bypass MFA

Getty Images reader comments 0 with 0 posters participating Share this story Multi-factor authentication (MFA) is a core defense that is among the most effective at preventing account takeovers. In addition to requiring that users provide a username and password, MFA ensures they must also use an additional factor—be it a fingerprint, physical security key,… Read More »

Coinbase erroneously reported 2FA changes to 125,000 customers

Enlarge / On Friday afternoon, Coinbase sent email and SMS text messages to 125,000 customers, erroneously telling them that their 2FA settings had been changed. reader comments 42 with 34 posters participating, including story author Share this story Cryptocurrency exchange Coinbase sent an automated message to a large number of its customers on Friday, saying… Read More »

Biden signs executive order to strengthen US cybersecurity

reader comments 71 with 43 posters participating Share this story President Joe Biden signed an executive order on Wednesday in an attempt to bolster US cybersecurity defenses after a number of devastating hacks, including the Colonial pipeline attack, revealed vulnerabilities across business and government. “Recent cybersecurity incidents… are a sobering reminder that US public and… Read More »

Hackers can clone Google Titan 2FA keys using a side channel in NXP chips

reader comments 45 with 37 posters participating Share this story There’s wide consensus among security experts that physical two-factor authentication keys provide the most effective protection against account takeovers. Research published today doesn’t change that, but it does show how malicious attackers with physical possession of a Google Titan key can clone it. There are… Read More »