Tag Archives: 2fa

4 Okta customers hit by campaign that gave attackers super admin control

Getty Images reader comments 25 with Authentication service Okta said four of its customers have been hit in a recent social-engineering campaign that allowed hackers to gain control of super administrator accounts and from there weaken or entirely remove two-factor authentication protecting accounts from unauthorized access. The Okta super administrator accounts are assigned to users… Read More »

Twitter’s two-factor authentication change “doesn’t make sense”

reader comments 232 with Share this story Twitter announced Friday that as of March 20, it will only allow its users to secure their accounts with SMS-based two-factor authentication if they pay for a Twitter Blue subscription. Two-factor authentication, or 2FA, requires users to log in with a username and password and then an additional… Read More »

This week’s Reddit breach shows company’s security is (still) woefully inadequate

Getty Images reader comments 21 with 0 posters participating Share this story Popular discussion website Reddit proved this week that its security still isn’t up to snuff when it disclosed yet another security breach that was the result of an attack that successfully phished an employee’s login credentials. In a post published Thursday, Reddit Chief… Read More »

I’m a security reporter and got fooled by a blatant phish

Enlarge / This is definitely not a Razer mouse—but you get the idea. (credit: calvio via Getty Images) There has been a recent flurry of phishing attacks so surgically precise and well-executed that they’ve managed to fool some of the most aware people working in the cybersecurity industry. On Monday, Tuesday, and Wednesday, two-factor authentication… Read More »

Ongoing phishing campaign can hack you even when you’re protected with MFA

Enlarge (credit: Getty Images) On Tuesday, Microsoft detailed an ongoing large-scale phishing campaign that can hijack user accounts when they’re protected with multi-factor authentication measures designed to prevent such takeovers. The threat actors behind the operation, who have targeted 10,000 organizations since September, have used their covert access to victim email accounts to trick employees… Read More »

Lapsus$ and Solar Winds hackers both use the same old trick to bypass MFA

Getty Images reader comments 0 with 0 posters participating Share this story Multi-factor authentication (MFA) is a core defense that is among the most effective at preventing account takeovers. In addition to requiring that users provide a username and password, MFA ensures they must also use an additional factor—be it a fingerprint, physical security key,… Read More »

Coinbase erroneously reported 2FA changes to 125,000 customers

Enlarge / On Friday afternoon, Coinbase sent email and SMS text messages to 125,000 customers, erroneously telling them that their 2FA settings had been changed. reader comments 42 with 34 posters participating, including story author Share this story Cryptocurrency exchange Coinbase sent an automated message to a large number of its customers on Friday, saying… Read More »

Biden signs executive order to strengthen US cybersecurity

reader comments 71 with 43 posters participating Share this story President Joe Biden signed an executive order on Wednesday in an attempt to bolster US cybersecurity defenses after a number of devastating hacks, including the Colonial pipeline attack, revealed vulnerabilities across business and government. “Recent cybersecurity incidents… are a sobering reminder that US public and… Read More »

Hackers can clone Google Titan 2FA keys using a side channel in NXP chips

reader comments 45 with 37 posters participating Share this story There’s wide consensus among security experts that physical two-factor authentication keys provide the most effective protection against account takeovers. Research published today doesn’t change that, but it does show how malicious attackers with physical possession of a Google Titan key can clone it. There are… Read More »