There’s a lot that doesn’t add up in a security advisory password manager Dashlane published Monday, warning that attackers managed to obtain 20 encrypted user vaults. “Starting on Sunday, May 31, 2026, an external party launched a brute force attack against certain Dashlane user accounts,” the company said. “The goal of the attack was to… Read More: Can’t make sense of Dashlane’s vault theft notification? You’re not… »
reader comments 118 The YubiKey 5, the most widely used hardware token for two-factor authentication based on the FIDO standard, contains a cryptographic flaw that makes the finger-size device vulnerable to cloning when an attacker gains temporary physical access to it, researchers said Tuesday. The cryptographic flaw, known as a side channel, resides in a… Read More: YubiKeys are vulnerable to cloning attacks thanks to newly discovered… »
Getty Images reader comments 25 with Authentication service Okta said four of its customers have been hit in a recent social-engineering campaign that allowed hackers to gain control of super administrator accounts and from there weaken or entirely remove two-factor authentication protecting accounts from unauthorized access. The Okta super administrator accounts are assigned to users… Read More: 4 Okta customers hit by campaign that gave attackers super… »
Getty Images reader comments 69 with Share this story Microsoft on Tuesday profiled software for sale in online forums that makes it easy for criminals to deploy phishing campaigns that successfully compromise accounts, even when they’re protected by the most common form of multi-factor authentication. The phishing kit is the engine that’s powering more than… Read More: Still using authenticators for MFA? Software for sale can hack… »
reader comments 232 with Share this story Twitter announced Friday that as of March 20, it will only allow its users to secure their accounts with SMS-based two-factor authentication if they pay for a Twitter Blue subscription. Two-factor authentication, or 2FA, requires users to log in with a username and password and then an additional… Read More: Twitter’s two-factor authentication change “doesn’t make sense” »
Getty Images reader comments 21 with 0 posters participating Share this story Popular discussion website Reddit proved this week that its security still isn’t up to snuff when it disclosed yet another security breach that was the result of an attack that successfully phished an employee’s login credentials. In a post published Thursday, Reddit Chief… Read More: This week’s Reddit breach shows company’s security is (still) woefully… »
Enlarge / This is definitely not a Razer mouse—but you get the idea. (credit: calvio via Getty Images) There has been a recent flurry of phishing attacks so surgically precise and well-executed that they’ve managed to fool some of the most aware people working in the cybersecurity industry. On Monday, Tuesday, and Wednesday, two-factor authentication… Read More: I’m a security reporter and got fooled by a blatant… »
Enlarge (credit: Getty Images) On Tuesday, Microsoft detailed an ongoing large-scale phishing campaign that can hijack user accounts when they’re protected with multi-factor authentication measures designed to prevent such takeovers. The threat actors behind the operation, who have targeted 10,000 organizations since September, have used their covert access to victim email accounts to trick employees… Read More: Ongoing phishing campaign can hack you even when you’re protected… »
Getty Images reader comments 0 with 0 posters participating Share this story Multi-factor authentication (MFA) is a core defense that is among the most effective at preventing account takeovers. In addition to requiring that users provide a username and password, MFA ensures they must also use an additional factor—be it a fingerprint, physical security key,… Read More: Lapsus$ and Solar Winds hackers both use the same old… »
Enlarge / On Friday afternoon, Coinbase sent email and SMS text messages to 125,000 customers, erroneously telling them that their 2FA settings had been changed. reader comments 42 with 34 posters participating, including story author Share this story Cryptocurrency exchange Coinbase sent an automated message to a large number of its customers on Friday, saying… Read More: Coinbase erroneously reported 2FA changes to 125,000 customers »