Authentication and Media - Cyber Security Informer

Failures in Twitter’s Two-Factor Authentication System

Schneier on Security

NOVEMBER 17, 2022

Twitter is having intermittent problems with its two-factor authentication system: Not all users are having problems receiving SMS authentication codes, and those who rely on an authenticator app or physical authentication token to secure their Twitter account may not have reason to test the mechanism.

Authentication

Authentication Passwords Accountability Media

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

The Last Watchdog

MAY 24, 2022

Perhaps not coincidently, it comes at a time when enterprises have begun adopting passwordless authentication systems in mission-critical parts of their internal operations. Fortifications, such as multi-factor authentication (MFA) and password managers, proved to be mere speed bumps. Coming advances.

Authentication

Authentication Passwords Banking Digital transformation

New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms

Security Affairs

FEBRUARY 26, 2025

Researchers found an updated LightSpy spyware with enhanced data collection features targeting social media platforms like Facebook and Instagram. have found an updated version of the LightSpy spyware that supports an expanded set of data collection features to target social media platforms like Facebook and Instagram.

Data collection

Data collection Spyware Media Surveillance

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

News alert: Knocknoc raises seed funding to scale its just-in-time network access control technology

The Last Watchdog

MARCH 19, 2025

” Knocknoc orchestrates network infrastructure to remove risk exposure by tying users’ network access to their SSO authentication status. It can also be used on internal networks to add multifactor authentication to legacy systems to satisfy compliance requirements.

Technology

Technology Media Telecommunications Authentication

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

The targeted SMS scams asked employees to click a link and log in at a website that mimicked their employer’s Okta authentication page. The feds then obtained records from Virgin Media, which showed the address was leased for several months to Tyler Buchanan , a 22-year-old from Dundee, Scotland.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

Booking.com said it now requires 2FA , which forces partners to provide a one-time passcode from a mobile authentication app (Pulse) in addition to a username and password. A scan of social media networks showed this is not an uncommon scam. .” The phony booking.com website generated by visiting the link in the text message.

Phishing

Phishing Accountability Artificial Intelligence Cybercrime

Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it

Malwarebytes

MAY 16, 2024

More and more websites and services are making multi-factor-authentication (MFA) mandatory, which makes it much harder for cybercriminals to access your accounts. A type of phishing we’re calling authentication-in-the-middle is showing up in online media. That’s a great thing. Consider passkeys.

Authentication

Authentication Phishing Password Management Scams

Web 3.0 Requires Data Integrity

Schneier on Security

APRIL 3, 2025

The increase in personal data, and the emergence of interactive platforms for e-commerce, social media, and online everything demanded both data protection and user privacy. The second is authentication—much more nuanced than the simple “Who are you?” Confidentiality became paramount.

Artificial Intelligence

Artificial Intelligence Architecture Internet Internet

Experts Flag Security, Privacy Risks in DeepSeek AI App

Krebs on Security

FEBRUARY 6, 2025

Public interest in the DeepSeek AI chat apps swelled following widespread media reports that the upstart Chinese AI firm had managed to match the abilities of cutting-edge chatbots while using a fraction of the specialized computer chips that leading AI companies rely on. Full disclosure: Wiz is currently an advertiser on this website.]

Risk

Risk Artificial Intelligence Mobile Encryption

Phishing evolves beyond email to become latest Android app threat

Malwarebytes

FEBRUARY 11, 2025

Of those malicious apps, 5,200 could subvert one of the strongest security practices available today, called multifactor authentication, by prying into basic text messages sent to a device. With multifactor authentication, a username and password are no longer enough to sign into an account.

Phishing

Phishing Passwords Mobile Authentication

GCHQ on Quantum Key Distribution

Schneier on Security

AUGUST 1, 2018

Ubiquitous on-demand modern services (such as verifying identities and data integrity, establishing network sessions, providing access control, and automatic software updates) rely more on authentication and integrity mechanisms -- such as digital signatures -- than on encryption. I agree with them. Read the whole thing.

Big data

Big data Encryption Authentication IoT

68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland

Troy Hunt

AUGUST 30, 2023

The advice to impacted individuals is as follows: Get a digital password manager to help you make all passwords strong and unique If you've been reusing passwords, change them to strong and unique versions now, starting with the most important services you use Turn on multi-factor authentication wherever it's available, especially for important (..)

Phishing

Phishing Password Management Passwords Banking

Voice Cloning Conundrum: Navigating Deepfakes in Synthetic Media

SecureWorld News

MAY 5, 2024

Originally coined to describe synthetic media generated by deep learning technologies, deepfakes refer to highly realistic digital content, whether images, videos, or audio, that is indistinguishable from real media. As synthetic media becomes more sophisticated, the techniques to detect such content must also evolve.

Media

Media Authentication Identity Theft Engineering

Americans urged to use encrypted messaging after large, ongoing cyberattack

Malwarebytes

DECEMBER 5, 2024

The FBI official added: “People looking to further protect their mobile device communications would benefit from considering using a cellphone that automatically receives timely operating system updates, responsibly managed encryption and phishing resistant multi-factor authentication for email, social media, and collaboration tool accounts.”

Encryption

Encryption Identity Theft Media Telecommunications

How to enhance the security of your social media accounts

Pen Test Partners

AUGUST 29, 2024

Multi-factor authentication (MFA) : MFA requires multiple forms of identification, adding an extra layer of security. Secure networks : Avoid using untrusted public Wi-Fi to access social media accounts, instead, use mobile data. You absolutely should secure your password manager with Multi-Factor Authentication (MFA).

Media

Media Accountability Password Management Passwords

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Krebs on Security

JANUARY 31, 2025

Department of Justice refers to the cybercrime group as Saim Raza , after a pseudonym The Manipulaters communally used to promote their spam, malware and phishing services on social media. “Ironically, the Manipulaters may create more short-term risk to their own customers than law enforcement,” DomainTools wrote.

Phishing

Phishing Cybercrime Advertising Malware

Apple released emergency updates for actively exploited flaws

Security Affairs

APRIL 17, 2025

Processing an audio stream in a maliciously crafted media file may result in code execution. RPAC (CVE-2025-31201) – An attacker with read/write access could bypass Pointer Authentication on iOS. The company acknowledged Googles TAG (Threat Analysis Group) for reporting this flaw.

Surveillance

Surveillance Media Authentication Hacking

GUEST ESSAY: Ponemon study warns: AI-enhanced deepfake attacks taking aim at senior execs

The Last Watchdog

APRIL 22, 2025

Typically, the attacker collects authentic media samples of their target, including still images, videos, and audio clips, to train the deep learning model. The more training data used, the more authentic the deepfake appears.

Authentication

Authentication Social Engineering Technology Media

News alert: Wultra secures €3M funding to help financial firms mitigate coming quantum threats

The Last Watchdog

JANUARY 15, 2025

Czech cybersecurity startup Wultra has raised 3 million from Tensor Ventures, Elevator Ventures, and J&T Ventures to accelerate the development of its post-quantum authentication technology, safeguarding banks and fintech against the coming wave of quantum threats. Prague, Czech Republic, Jan.

Banking

Banking Authentication Technology Marketing

EDR-as-a-Service makes the headlines in the cybercrime landscape

Security Affairs

APRIL 7, 2025

This can impact not only the general public but also pose a heightened risk to individuals with significant media exposure, including activists, journalists, and politicians. These EDRs, representing the official cooperation channels between law enforcement agencies and social media platforms, are at risk of becoming a double-edged sword.

Cybercrime

Cybercrime Social Engineering Accountability Government

Convicted SIM Swapper Gets 3 Years in Jail

Krebs on Security

NOVEMBER 20, 2020

From there, attackers can gain access to any accounts that allow password resets via SMS or automated calls, from email and social media profiles to virtual currency trading platforms. One way to protect your accounts against SIM swappers is to remove your phone number as a primary or secondary authentication mechanism wherever possible.

Cryptocurrency

Cryptocurrency Mobile Authentication Accountability

Crooks bank on Microsoft’s search engine to phish customers

Malwarebytes

NOVEMBER 4, 2024

In this blog post, we take a look at how criminals are abusing Bing and stay under the radar at the same time while also bypassing advanced security features such as two-factor authentication. We should also note that SMS verification is one of the weakest methods for two-factor authentication.

Engineering

Engineering Phishing Banking Authentication

Understanding the Deepfake Threat

SecureWorld News

FEBRUARY 13, 2025

Deepfakes involve AI-generated synthetic media that convincingly mimics real individuals' voices and faces. Traditionally, attackers relied on phishing emails to impersonate executives, but deepfakes now enable fraudsters to conduct real-time video and voice calls that appear authentic.

Social Engineering

Social Engineering Authentication Identity Theft Education

Google fixed actively exploited kernel zero-day flaw

Security Affairs

FEBRUARY 3, 2025

An authenticated local attacker could exploit the flaw to elevate privileges in low-complexity attacks. Google as usual did not share details about the attacks exploiting the above vulnerability, The vulnerability is a privilege escalation security flaw in the Kernel’s USB Video Class driver. ” reads the advisory.

Media

Media Authentication Hacking Accountability

The Rise of One-Time Password Interception Bots

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That is true two-factor authentication: Something you have, and something you know (and maybe also even something you are).

Passwords

Passwords Mobile Authentication Banking

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Krebs on Security

FEBRUARY 4, 2021

At the center of the account ban wave are some of the most active members of OGUsers , a forum that caters to thousands of people selling access to hijacked social media and other online accounts. “ Amp ,” a major middleman and account seller on OGUusers.

Accountability

Accountability Hacking Media Mobile

Election season raises fears for nearly a third of people who worry their vote could be leaked

Malwarebytes

OCTOBER 15, 2024

Elsewhere, 60% had received election-related ads through emails, 58% through physical mailers, 55% through text messages, 40% through social media, and 29% through phone calls. of survey participants said they “have not received any election related ads” this year. Those ads may be falling on deaf ears, though.

Scams

Scams Identity Theft Cybercrime Accountability

From Notifications to Deepfakes: How Human Behaviour Is Shifting and What It Means for Cybersecurity

Jane Frankland

JANUARY 19, 2025

In it, she highlighted a fascinating shift in social media behaviour: the most common action people are now taking isnt liking or commenting on public postsits actually having private conversations in direct messages or small, private groups. A few minutes earlier, Id been scrolling through LinkedIn when a video caught my attention.

Cybersecurity

Cybersecurity Technology Scams Risk

How to Outsource Your Humanity 101

Javvad Malik

APRIL 15, 2025

But when we start outsourcing our most fundamental human connections to algorithms, we’re not just losing out on authentic relationships we’re actively eroding what makes us human. – Thanks to Joseph Cox over at 404 Media for finding this gem of a story. So go on, pick up the phone. Be a human.

Technology

Technology Media Authentication

Voice Phishers Targeting Corporate VPNs

Krebs on Security

AUGUST 19, 2020

For now at least, they appear to be focusing primarily on companies in the financial, telecommunications and social media industries. Zack Allen is director of threat intelligence for ZeroFOX , a Baltimore-based company that helps customers detect and respond to risks found on social media and other digital channels.

Phishing

Phishing VPN Social Engineering Media

Hackers Exploit Zoom's Remote Control Feature in Cryptocurrency Heists

SecureWorld News

APRIL 22, 2025

Attack methodology: a step-by-step breakdown The Elusive Comet campaign begins with cybercriminals impersonating venture capitalists, media representatives, or business partners to lure cryptocurrency professionals into Zoom meetings. Victims are sent unsolicited invitations to join Zoom calls, often via links in phishing emails or messages.

Cryptocurrency

Cryptocurrency Social Engineering Cybercrime Engineering

Apple patches security vulnerabilities in iOS and iPadOS. Update now!

Malwarebytes

APRIL 17, 2025

The zero-day CVEs patched in these updates are: CVE-2025-31200 : Processing an audio stream in a maliciously crafted media file may result in code execution due to a memory corruption issue which was addressed with improved bounds checking. This issue was addressed by removing the vulnerable code. This deserves a bit of an explanation.

Authentication

Authentication Software Mobile Media

FBI, CISA Echo Warnings on ‘Vishing’ Threat

Krebs on Security

AUGUST 21, 2020

The joint FBI/CISA alert (PDF) says the vishing gang also compiles dossiers on employees at the specific companies using mass scraping of public profiles on social media platforms, recruiter and marketing tools, publicly available background check services, and open-source research.

VPN

VPN Social Engineering Authentication Engineering

Cisco states that the second data leak is linked to the one from October

Security Affairs

DECEMBER 30, 2024

Cisco confirmed the authenticity of the 4GB of leaked data, the data was compromised in a recent security breach, marking the second leak in the incident. Cisco confirmed the authenticity of the 4GB of leaked data, which was compromised in a recent security breach, marking it as the second leak in the incident.

Data breaches

Data breaches Cybercrime Authentication Technology

The Unsexy Threat to Election Security

Krebs on Security

JULY 25, 2019

But according to a report quietly issued by a California grand jury this week, more attention needs to be paid to securing social media and email accounts used by election officials at the state and local level. Public confidence is at stake, even if the vote itself is secure.”

Media

Media Accountability Mobile Authentication

U.S. CISA adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 18, 2025

Processing an audio stream in a maliciously crafted media file may result in code execution. RPAC (CVE-2025-31201) An attacker with read/write access could bypass Pointer Authentication on iOS. The company acknowledged Googles TAG (Threat Analysis Group) for reporting this flaw. ” Microsoft warns.

Authentication

Authentication Surveillance Passwords Media

E-Verify’s “SSN Lock” is Nothing of the Sort

Krebs on Security

JULY 4, 2020

After verifying my email address, I was asked to pick a strong password and select a form of multi-factor authentication (MFA). The most secure MFA option offered (a one-time code generated by an app like Google Authenticator or Authy) was already pre-selected, so I chose that.

Accountability

Accountability Passwords Authentication Insurance

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

A review of EDR vendors across many cybercrime forums shows that some fake EDR vendors sell the ability to send phony police requests to specific social media platforms, including forged court-approved documents. .” An ad from Pwnstar for fake EDR services. “Unlimited Emergency Data Requests. .”

Hacking

Hacking Accountability Government Social Engineering

Are You One of the 533M People Who Got Facebooked?

Krebs on Security

APRIL 6, 2021

From there, the bad guys can reset the password of any account to which that mobile number is tied, and of course intercept any one-time tokens sent to that number for the purposes of multi-factor authentication. Usually, this is a mobile app like Authy or Google Authenticator that generates a one-time code.

Mobile

Mobile Accountability Passwords Authentication

GUEST ESSAY: How the ‘Scattered Spiders’ youthful ring defeated MFA to plunder Vegas

The Last Watchdog

NOVEMBER 19, 2023

As the companies face nine federal lawsuits for failing to protect customer data, it’s abundantly clear hackers have checkmated multi-factor authentication (MFA). But the coup de gras was how easily they brushed aside the multi-factor authentication protections. How they steamrolled multi-factor authentication is a reason for pause.

Social Engineering

Social Engineering Passwords Authentication Marketing

News alert: One Identity wins 2024 Cyber Defense Award: Hot Company – PAM category

The Last Watchdog

DECEMBER 5, 2024

These solutions empower organizations to manage, authenticate, and analyze privileged access, streamlining the granting of credentials with role-based access controls and automated workflows. With these scalable and reliable PAM solutions , organizations of all sizes can address their complex and ever-evolving cybersecurity challenges.

InfoSec

InfoSec Cyber Risk CISO Cybersecurity

Europol warns about counterfeit goods and the criminals behind them

Malwarebytes

OCTOBER 28, 2024

The report states: “The rise of social media, influencers and online commerce have changed consumers’ behavior, increasing their appetite for IP infringing goods or content, while having a low awareness of risks.” And some of the larger webstores use “Authenticity Guarantee” badges on their listings.

Cybercrime

Cybercrime Advertising Media Risk

Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

Malwarebytes

MARCH 26, 2025

Our free Digital Footprint scan searches the dark web, social media, and other online sources, to tell you where your data has been exposed. Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password. Find out what information is already out there.

Phishing

Phishing Malware Passwords Password Management

Sendgrid Under Siege from Hacked Accounts

Krebs on Security

AUGUST 28, 2020

Sendgrid’s parent company Twilio says it is working on a plan to require multi-factor authentication for all of its customers, but that solution may not come fast enough for organizations having trouble dealing with the fallout in the meantime. Image: Wikipedia. ” . ”

Accountability

Accountability Hacking Authentication Marketing

Failures in Twitter’s Two-Factor Authentication System

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

Webinars

Trending Sources

New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms

Webinars

News alert: Knocknoc raises seed funding to scale its just-in-time network access control technology

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Booking.com Phishers May Leave You With Reservations

Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it

Web 3.0 Requires Data Integrity

Experts Flag Security, Privacy Risks in DeepSeek AI App

Phishing evolves beyond email to become latest Android app threat

GCHQ on Quantum Key Distribution

68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland

Voice Cloning Conundrum: Navigating Deepfakes in Synthetic Media

Americans urged to use encrypted messaging after large, ongoing cyberattack

How to enhance the security of your social media accounts

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Apple released emergency updates for actively exploited flaws

GUEST ESSAY: Ponemon study warns: AI-enhanced deepfake attacks taking aim at senior execs

News alert: Wultra secures €3M funding to help financial firms mitigate coming quantum threats

EDR-as-a-Service makes the headlines in the cybercrime landscape

Convicted SIM Swapper Gets 3 Years in Jail

Crooks bank on Microsoft’s search engine to phish customers

Understanding the Deepfake Threat

Google fixed actively exploited kernel zero-day flaw

The Rise of One-Time Password Interception Bots

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Election season raises fears for nearly a third of people who worry their vote could be leaked

From Notifications to Deepfakes: How Human Behaviour Is Shifting and What It Means for Cybersecurity

How to Outsource Your Humanity 101

Voice Phishers Targeting Corporate VPNs

Hackers Exploit Zoom's Remote Control Feature in Cryptocurrency Heists

Apple patches security vulnerabilities in iOS and iPadOS. Update now!

FBI, CISA Echo Warnings on ‘Vishing’ Threat

Cisco states that the second data leak is linked to the one from October

The Unsexy Threat to Election Security

U.S. CISA adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog

E-Verify’s “SSN Lock” is Nothing of the Sort

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Are You One of the 533M People Who Got Facebooked?

GUEST ESSAY: How the ‘Scattered Spiders’ youthful ring defeated MFA to plunder Vegas

News alert: One Identity wins 2024 Cyber Defense Award: Hot Company – PAM category

Europol warns about counterfeit goods and the criminals behind them

Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

Sendgrid Under Siege from Hacked Accounts

Stay Connected