The Last Watchdog

AUGUST 19, 2021

At the start of this week, word got out that hackers claimed to have seized personal data for as many as 100 million T-Mobile patrons. According to the attackers, this was a configuration issue on an access point T-Mobile used for testing. T-Mobile left a gate left wide open for attackers – and attackers just had to find the gate.”.

Mobile 235

Mobile Data breaches Authentication Accountability 235

The Last Watchdog

JULY 24, 2023

The next big thing is passwordless authentication. For example, we have passwordless facial and fingerprint biometric logins on our mobile phones and the thousands of apps that we use, as well as on our laptops and similar portable devices. The bottom line is user authentication is vital for securing access to data and systems.

Authentication 245

Authentication Passwords Phishing Social Engineering 245

Krebs on Security

APRIL 6, 2021

To my mind, this just reinforces the need to remove mobile phone numbers from all of your online accounts wherever feasible. Many people may not consider their mobile phone number to be private information, but there is a world of misery that bad guys, stalkers and creeps can visit on your life just by knowing your mobile number.

Mobile 359

Mobile Accountability Passwords Authentication 359

Security Affairs

MARCH 29, 2025

Data Theft: Captures Google Authenticator screen content to steal OTP codes. Crocodilus steals OTP codes from Google Authenticator via Accessibility Logging, enabling account takeovers. Hidden RAT Mode: Can enable “hidden” remote access while muting the phone and displaying a black overlay to conceal activities.

Banking 67

Banking Mobile Identity Theft Malware 67

The Last Watchdog

MAY 18, 2023

Your go-to mobile apps aren’t nearly has hackproof as you might like to believe. Related: Fallout of T-Mobile hack Hackers of modest skill routinely bypass legacy security measures, even two-factor authentication, with techniques such as overlay attacks. And hard data shows instances of such breaches on the rise.

Mobile 202

Mobile Authentication Internet Internet 202

Schneier on Security

JANUARY 15, 2021

We all know that our cell phones constantly give our location away to our mobile network operators; that’s how they work. The players are the user, a traditional mobile network operator (MNO) like AT&T or Verizon, and a new mobile virtual network operator (MVNO). A group of researchers has figured out a way to fix that.

Surveillance 351

Surveillance Mobile Authentication VPN 351

Malwarebytes

FEBRUARY 11, 2025

Of those malicious apps, 5,200 could subvert one of the strongest security practices available today, called multifactor authentication, by prying into basic text messages sent to a device. They started developing entire mobile apps on Android that could provide the same level of theft. Here, cybercriminals have again found loopholes.

Phishing 128

Phishing Passwords Mobile Authentication 128

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. In an Aug.

Mobile 344

Mobile Phishing Authentication Accountability 344

Krebs on Security

NOVEMBER 21, 2024

technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. The targeted SMS scams asked employees to click a link and log in at a website that mimicked their employer’s Okta authentication page. Image: Amitai Cohen twitter.com/amitaico.

Identity Theft 258

Identity Theft Phishing Cryptocurrency Accountability 258

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That is true two-factor authentication: Something you have, and something you know (and maybe also even something you are).

Passwords 348

Passwords Mobile Authentication Banking 348

Krebs on Security

OCTOBER 1, 2021

Federal Communications Commission (FCC) is asking for feedback on new proposed rules to crack down on SIM swapping and number port-out fraud, increasingly prevalent scams in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s online identity.

Wireless 347

Wireless Mobile Passwords Authentication 347

Krebs on Security

MARCH 16, 2021

SMS text messages were already the weakest link securing just about anything online, mainly because there are tens of thousands of employees at mobile stores who can be tricked or bribed into swapping control over a mobile phone number to someone else. “It’s an industry-wide thing.

Telecommunications 363

Telecommunications Mobile Accountability Wireless 363

Security Boulevard

APRIL 16, 2024

Not OK: SMS 2FA — Widespread spam targets carrier employees, as scrotes try harder to evade two-factor authentication. The post SIM Swappers Try Bribing T-Mobile and Verizon Staff $300 appeared first on Security Boulevard.

Mobile 132

Mobile Authentication Social Engineering Wireless 132

Krebs on Security

JUNE 19, 2020

Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. When the two of them sat down to reset his password, the screen displayed a notice saying there was a new Gmail address tied to his Xbox account.

Authentication 363

Authentication Accountability Passwords Mobile 363

Daniel Miessler

MARCH 10, 2022

People are starting to get the fact that texts (SMS) are a weak form of multi-factor authentication (MFA). It might have been a text, or it could have been something “strong”, like a mobile authenticator app like Google Authenticator or Authy. It completely changes how authentication is done.

Authentication 364

Authentication Phishing Passwords Accountability 364

Duo's Security Blog

NOVEMBER 29, 2023

Epic’s new flagship EPCS healthcare management mobile apps Haiku and Canto integrate with Cisco Duo to provide multi-factor authentication (MFA). Duo integrates with Epic Haiku and Canto mobile apps seamlessly to provide a strong second authentication factor to protect patient electronic health records. Summary

Mobile 130

Mobile Healthcare Authentication Passwords 130

Krebs on Security

NOVEMBER 20, 2020

The defendant is part of an alleged conspiracy involving at least eight others in the United States who stand accused of theft via SIM swapping , a crime that involves convincing mobile phone company employees to transfer ownership of the target’s phone number to a device the attackers control.

Cryptocurrency 298

Cryptocurrency Mobile Authentication Accountability 298

Duo's Security Blog

OCTOBER 13, 2023

Multi-factor Authentication (MFA) protects your environment by guarding against password weaknesses with strong authentication methods. In our last blog, we discussed using strong passwords and a password manager to provide better defense at the first layer of the authentication process. What is MFA?

Authentication 145

Authentication Accountability Passwords Mobile 145

Security Affairs

NOVEMBER 13, 2024

is a buffer overflow issue that an authenticated attacker could exploit. “Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.” is an improper input validation issue that can be exploited remotely without authentication.

Authentication 114

Authentication Mobile Hacking Information Security 114

The Last Watchdog

JANUARY 15, 2025

Czech cybersecurity startup Wultra has raised 3 million from Tensor Ventures, Elevator Ventures, and J&T Ventures to accelerate the development of its post-quantum authentication technology, safeguarding banks and fintech against the coming wave of quantum threats. Prague, Czech Republic, Jan. Dvorak is no stranger to innovation.

Banking 130

Banking Authentication Technology Marketing 130

eSecurity Planet

FEBRUARY 26, 2025

Cybercriminals are shifting their focus from emails to text messages, using mishing a more deceptive form of phishing to target mobile users and infiltrate corporate networks, according to new security research by Zimperium. Zimperium found that mishing activity peaked in August 2024, with over 1,000 daily attacks recorded. What is mishing?

Phishing 88

Phishing Mobile Social Engineering Data breaches 88

Krebs on Security

JANUARY 11, 2021

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. In an email sent to customers today, Ubiquiti Inc.

Passwords 363

Passwords Authentication Firmware Accountability 363

Schneier on Security

JULY 21, 2022

One flaw is the use of unencrypted HTTP communications that makes it possible for remote hackers to conduct adversary-in-the-middle attacks that intercept or change requests sent between the mobile application and supporting servers.

Manufacturing 324

Manufacturing Surveillance Mobile Authentication 324

Krebs on Security

AUGUST 25, 2023

19, 2023, someone targeted a T-Mobile phone number belonging to a Kroll employee “in a highly sophisticated ‘SIM swapping’ attack.” ” T-Mobile has not yet responded to requests for comment. . ” T-Mobile has not yet responded to requests for comment. Why do I suggest this?

Mobile 236

Mobile Cyber Risk Data breaches Cryptocurrency 236

Thales Cloud Protection & Licensing

FEBRUARY 1, 2024

Passkeys and The Beginning of Stronger Authentication madhav Fri, 02/02/2024 - 05:23 How passkeys are rewriting the current threat landscape Lillian, an experienced CISO, surveyed the threat landscape. Lillian knew that a shift in authentication couldn't wait. FIDO is an overarching framework for secure and passwordless authentication.

Authentication 138

Authentication Passwords CISO Password Management 138

Duo's Security Blog

OCTOBER 23, 2024

Available now in all paid Duo subscriptions The launch of Duo Mobile in the early 2010s changed how businesses enabled secure authentication. Other means of authentication outside of smartphones — hardware tokens, phone call authentication, SMS, etc. have proven to be either antiquated, expensive or vulnerable. .

Authentication 116

Authentication Mobile Manufacturing Risk 116

Krebs on Security

AUGUST 12, 2020

As KrebsOnSecurity observed back in 2018 , many people — particularly older folks — proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including everything from utilities and mobile phones to retirement benefits and online banking services. YOUR CREDIT FILES.

Accountability 359

Accountability Mobile Banking Passwords 359

Security Affairs

DECEMBER 21, 2023

More than 22,000 users of Blink Mobility should take the necessary steps to protect themselves against the risk of identity theft. Los Angeles-based electric car-sharing provider Blink Mobility left a misconfigured MongoDB database open to the public.

Mobile 134

Mobile Identity Theft Passwords Phishing 134

Malwarebytes

FEBRUARY 25, 2025

Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password. Keep threats off your mobile devices by downloading Malwarebytes for iOS , and Malwarebytes for Android today. Choose a strong password that you dont use for anything else.

Passwords 145

Passwords Password Management Phishing Authentication 145

Tech Republic Security

AUGUST 11, 2023

Looking for an alternative to Google Authenticator? Here's our comprehensive list covering the top competitors and alternatives to help you find your best fit.

Authentication 148

Authentication Software Mobile 148

Malwarebytes

JUNE 21, 2024

A moderator of the notorious data breach trading platform BreachForums is offering data for sale they claim comes from a data breach at T-Mobile. These screenshots show T-Mobile’s infrastructure, posted at a known—yet unnamed—third-party vendor’s servers, from where they were stolen.

Mobile 120

Mobile Data breaches Authentication Software 120

Adam Shostack

JANUARY 2, 2025

Authentication is more frustrating to your customers when you dont threat model. When he did, they sent him a text message to authenticate him, and it says DO NOT share this access code with anyone. Only enter it on the bank mobile app or website. Please: threat model your authentication processes. Happier customers.

Banking 130

Banking Passwords Password Management Authentication 130

Krebs on Security

JANUARY 19, 2022

The agency says that by the summer of 2022, the only way to log in to irs.gov will be through ID.me , an online identity verification service that requires applicants to submit copies of bills and identity documents, as well as a live video feed of their faces via a mobile device. The IRS says it will require ID.me McLean, Va.-based

Mobile 364

Mobile Accountability Insurance Government 364

Krebs on Security

DECEMBER 16, 2021

Nicholas Truglia was part of a group alleged to have stolen more than $100 million from cryptocurrency investors using fraudulent “SIM swaps,” scams in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s online identities. Nicholas Truglia, holding bottle.

Cryptocurrency 363

Cryptocurrency Mobile Accountability Scams 363

Krebs on Security

AUGUST 3, 2020

A California company that helps telemarketing firms avoid getting sued for violating a federal law that seeks to curb robocalls has leaked the phone numbers, email addresses and passwords of all its customers, as well as the mobile phone numbers and other data on people who have hired lawyers to go after telemarketers.

Mobile 359

Mobile Marketing Consumer Protection Wireless 359

Schneier on Security

MARCH 19, 2021

Some firms say they only allow customers to reroute messages for business landlines or VoIP phones, while others allow mobile numbers too. Too many networks use SMS as an authentication mechanism. A wide ecosystem of these companies exist , each advertising their own ability to run text messaging for other businesses.

Authentication 336

Authentication Accountability Advertising Mobile 336

IT Security Guru

JANUARY 22, 2025

The Evolving Web Landscape Before we dive into the plugins, let’s look at some website basics that are so crucial in 2025: Mobile-First Indexing: Google loves mobile-friendly websites. Equal attention should be given to both desktop and mobile experiences. Your site needs to be responsive and perform well on all devices.

Artificial Intelligence 117

Artificial Intelligence Backups Mobile Firewall 117