Tag Archives: two-factor authentication

I’m a security reporter and got fooled by a blatant phish

Enlarge / This is definitely not a Razer mouse—but you get the idea. (credit: calvio via Getty Images) There has been a recent flurry of phishing attacks so surgically precise and well-executed that they’ve managed to fool some of the most aware people working in the cybersecurity industry. On Monday, Tuesday, and Wednesday, two-factor authentication… Read More »

Ongoing phishing campaign can hack you even when you’re protected with MFA

Enlarge (credit: Getty Images) On Tuesday, Microsoft detailed an ongoing large-scale phishing campaign that can hijack user accounts when they’re protected with multi-factor authentication measures designed to prevent such takeovers. The threat actors behind the operation, who have targeted 10,000 organizations since September, have used their covert access to victim email accounts to trick employees… Read More »

Lapsus$ and Solar Winds hackers both use the same old trick to bypass MFA

Getty Images reader comments 0 with 0 posters participating Share this story Multi-factor authentication (MFA) is a core defense that is among the most effective at preventing account takeovers. In addition to requiring that users provide a username and password, MFA ensures they must also use an additional factor—be it a fingerprint, physical security key,… Read More »

Authorities bust SIM-swap ring they say took millions from the rich and famous

Enlarge / Close-up photograph of a SIM card, a SIM-card replacement, and a smartphone. reader comments 86 with 60 posters participating, including story author Share this story Ten people have been arrested in connection with a series of SIM-swapping attacks that reaped more than $100 million by taking over the mobile phone accounts of high-profile… Read More »

Hackers can clone Google Titan 2FA keys using a side channel in NXP chips

reader comments 45 with 37 posters participating Share this story There’s wide consensus among security experts that physical two-factor authentication keys provide the most effective protection against account takeovers. Research published today doesn’t change that, but it does show how malicious attackers with physical possession of a Google Titan key can clone it. There are… Read More »