2018, Authentication and Web Fraud - Cyber Security Informer

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. That’s down from 53 percent that did so in 2018, Okta found.

Mobile

Mobile Phishing Authentication Accountability

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

FEBRUARY 8, 2021

Brad Marden , superintendent of cybercrime operations for the Australian Federal Police (AFP), said their investigation into who was behind U-Admin began in late 2018, after Australian citizens began getting deluged with phishing attacks via mobile text messages that leveraged the software.

Phishing

Phishing Scams Banking Mobile

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

Many companies now require employees to supply a one-time password — such as one sent via SMS or produced by a mobile authenticator app — in addition to their username and password when logging in to company assets online. The key works without the need for any special software drivers.

Hacking

Hacking Social Engineering Phishing Scams

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Krebs on Security

SEPTEMBER 22, 2023

LastPass officially instituted this change back in 2018, but some undisclosed number of the company’s earlier customers were never required to increase the length of their master passwords. In February 2018, LastPass changed the default to 100,100 iterations. LastPass sent this notification to users earlier this week.

Passwords

Passwords Encryption Password Management Cryptocurrency

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

JANUARY 22, 2019

In July 2018, email users around the world began complaining of receiving spam which began with a password the recipient used at some point in the past and threatened to release embarrassing videos of the recipient unless a bitcoin ransom was paid. 13, 2018 bomb threat hoax. domaincontrol.com, and ns18.domaincontrol.com.

DNS

DNS Internet Internet Computers and Electronics

Local Networks Go Global When Domain Names Collide

Krebs on Security

AUGUST 23, 2024

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. Alas, in 2018, the.llc TLD was born and began selling domains.

DNS

DNS Internet Internet Authentication

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

“The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault.” In February 2018, LastPass changed the default to 100,100 iterations. And very recently, it upped that again to 600,000.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

Busting SIM Swappers and SIM Swap Myths

Krebs on Security

NOVEMBER 6, 2018

In late September 2018, the REACT Task Force spearheaded an investigation that led to the arrest of two Missouri men — both in their early 20s — who are accused of conducting SIM swaps to steal $14 million from a cryptocurrency company based in San Jose, Calif. . million customers.

Mobile

Mobile Cryptocurrency Accountability Passwords

‘Land Lordz’ Service Powers Airbnb Scams

Krebs on Security

APRIL 14, 2019

This 2018 story from travel blog goatsontheroad.com tells the tale of a couple that was very nearly scammed by a Land Lordz-like trap, before the wife figures out they’re no longer on airbnb.com. According to twofactorauth.org , Airbnb currently does not support any type of multi-factor authentication that users can enable.

Scams

Scams Advertising Accountability Phishing

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Krebs on Security

FEBRUARY 4, 2021

.” This is not the first time Instagram has come for his accounts: As documented in this story in The Atlantic , some of his accounts totaling more than 1 million followers were axed in late 2018 when the platform took down 500 usernames that were stolen, resold, and used for posting memes. WHAT YOU CAN DO.

Accountability

Accountability Hacking Media Mobile

Phishers are Angling for Your Cloud Providers

Krebs on Security

AUGUST 30, 2019

based United Rentals [ NYSE:URI ] is the world’s largest equipment rental company, with some 18,000 employees and earnings of approximately $4 billion in 2018. While phony invoices are a common malware lure, this particular campaign sent users to a page on United Rentals’ own Web site (unitedrentals.com). Stamford, Ct.-based

Phishing

Phishing Marketing Accountability DNS

Cyber Security Informer

How 1-Time Passcodes Became a Corporate Liability

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Trending Sources

When Low-Tech Hacks Cause High-Impact Breaches

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Local Networks Go Global When Domain Names Collide

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Busting SIM Swappers and SIM Swap Myths

‘Land Lordz’ Service Powers Airbnb Scams

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Phishers are Angling for Your Cloud Providers

Stay Connected