Krebs on Security

FEBRUARY 28, 2023

Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. Countless websites and online services use SMS text messages for both password resets and multi-factor authentication.

Mobile 346

Mobile Phishing Authentication Advertising 346

Krebs on Security

AUGUST 18, 2021

T-Mobile is warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. T-Mobile hasn’t yet responded to requests for clarification regarding how many of the 7.8

Mobile 270

Mobile Identity Theft Accountability Cybercrime 270

Krebs on Security

MARCH 20, 2023

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection.

Mobile 323

Mobile Wireless Advertising Telecommunications 323

Krebs on Security

JANUARY 17, 2019

My inbox and Twitter messages positively lit up today with people forwarding stories from Wired and other publications about a supposedly new trove of nearly 773 million unique email addresses and 21 million unique passwords that were posted to a hacking forum. 000002 cents per password). Please don’t do that.

Passwords 54

Passwords Accountability Hacking Password Management 54

Krebs on Security

MAY 7, 2022

Apple , Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. “I worry about forgotten password recovery for cloud accounts.” Image: Blog.google.

Passwords 262

Passwords Authentication Accountability Mobile 262

Krebs on Security

AUGUST 5, 2019

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. Crooks are constantly probing bank Web sites for customer accounts protected by weak or recycled passwords.

Banking 258

Banking Passwords Risk Accountability 258

Tech Republic Security

MAY 5, 2022

The post Google, Apple, Microsoft promise end to passwords, courtesy of your mobile phone appeared first on TechRepublic. Adopting a new authentication method from the FIDO Alliance, the three major OS vendors will let you use encrypted credentials stored on your phone to automatically sign you into your online accounts.

Mobile 162

Mobile Passwords Encryption Authentication 162

Krebs on Security

APRIL 6, 2021

To my mind, this just reinforces the need to remove mobile phone numbers from all of your online accounts wherever feasible. Many people may not consider their mobile phone number to be private information, but there is a world of misery that bad guys, stalkers and creeps can visit on your life just by knowing your mobile number.

Mobile 360

Mobile Accountability Passwords Authentication 360

Tech Republic Security

AUGUST 20, 2021

In response to a breach that compromised the personal data of millions of subscribers, T-Mobile customers should change their password and PIN and set up two-step verification.

Mobile 205

Mobile Data breaches Accountability Passwords 205

Tech Republic Security

JULY 26, 2022

Keeping track of all of your passwords has never been easier. Learn how to fill and save passwords on your mobile device with 1Password. The post 1Password password manager: How it works with apps appeared first on TechRepublic.

Password Management 176

Password Management Passwords Mobile Software 176

Security Affairs

DECEMBER 23, 2023

Mobile virtual network operator Mint Mobile suffered a new data breach, threat actors had access to customers’ personal information. Mint Mobile experienced a recent data breach, exposing customers’ personal information to unauthorized access by threat actors.

Mobile 141

Mobile Data breaches Wireless Data collection 141

The Last Watchdog

JANUARY 31, 2022

We all rely on passwords. For better or worse, we will continue to use passwords to access our computing devices and digital services for years to come. Related : The coming of password-less access. Passwords were static to begin with. They have since been modified in two directions: biometrics and dynamic passwords.

Passwords 232

Passwords Computers and Electronics Password Management Artificial Intelligence 232

The Last Watchdog

APRIL 28, 2022

Passwords have become ubiquitous with digital. The humble password is nothing more than a digital key that opens a door. And they use passwords to open a device, a system, an account, a file and so on. Which begs the question: why do people create their own passwords? Yet most people don’t know how to use them properly.

Passwords 237

Passwords Encryption Phishing Social Engineering 237

Krebs on Security

MAY 19, 2021

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can be devastating.

Mobile 361

Mobile Wireless Authentication Accountability 361

The Last Watchdog

AUGUST 19, 2021

At the start of this week, word got out that hackers claimed to have seized personal data for as many as 100 million T-Mobile patrons. According to the attackers, this was a configuration issue on an access point T-Mobile used for testing. T-Mobile left a gate left wide open for attackers – and attackers just had to find the gate.”.

Mobile 235

Mobile Data breaches Authentication Accountability 235

Tech Republic Security

FEBRUARY 14, 2024

While LogMeOnce comes with a lot of the features we want in a password manager, it’s held back by an unpolished user interface and a half-baked mobile application.

Password Management 158

Password Management Passwords Mobile 158

Krebs on Security

MARCH 16, 2021

SMS text messages were already the weakest link securing just about anything online, mainly because there are tens of thousands of employees at mobile stores who can be tricked or bribed into swapping control over a mobile phone number to someone else. “It’s an industry-wide thing. ” WHAT CAN YOU DO?

Telecommunications 363

Telecommunications Mobile Accountability Wireless 363

Tech Republic Security

MAY 9, 2023

Changing an Apple ID password typically isn't as simple as just entering a replacement password. The post Apple ID: 3 things to remember when changing this password appeared first on TechRepublic. Prepare more effectively for the process by remembering three key facts.

Passwords 197

Passwords Big data Mobile Cybersecurity 197

Krebs on Security

OCTOBER 1, 2021

Federal Communications Commission (FCC) is asking for feedback on new proposed rules to crack down on SIM swapping and number port-out fraud, increasingly prevalent scams in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s online identity.

Wireless 321

Wireless Mobile Passwords Authentication 321

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices.

Mobile 329

Mobile Phishing Authentication Accountability 329

Security Affairs

JANUARY 5, 2024

The MyEstatePoint Property Search app leaked data on nearly half a million of its users, exposing their names and plain-text passwords, the Cybernews research team has found. Scammers can use email addresses and plain text passwords for various attacks. However, the instance has been closed off since.

Passwords 142

Passwords Identity Theft Mobile Technology 142

Krebs on Security

AUGUST 12, 2020

As KrebsOnSecurity observed back in 2018 , many people — particularly older folks — proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including everything from utilities and mobile phones to retirement benefits and online banking services. YOUR CREDIT FILES.

Accountability 360

Accountability Mobile Banking Passwords 360

Tech Republic Security

MARCH 25, 2022

Apple's iOS allows you to choose your own password manager. Learn how to make that change and integrate your passwords no matter which password manager you choose for iOS. The post How to use AutoFill Passwords in iOS appeared first on TechRepublic.

Passwords 171

Passwords Password Management Mobile 171

Krebs on Security

FEBRUARY 1, 2021

Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. agency advertises a service designed to help intercept one-time passwords needed to log in to various websites.

Phishing 348

Phishing Telecommunications Advertising Mobile 348

Krebs on Security

JANUARY 30, 2024

In each attack, the victims saw their email and financial accounts compromised after suffering an unauthorized SIM-swap, wherein attackers transferred each victim’s mobile phone number to a new device that they controlled. Prosecutors say Noah Michael Urban of Palm Coast, Fla., According to an Aug.

Social Engineering 340

Social Engineering Mobile Passwords Cybercrime 340

Malwarebytes

SEPTEMBER 22, 2023

Some T-Mobile customers logged into their accounts on Wednesday to find another customer’s billing and account information showing on their online dashboards. T-Mobile denied there was an attack, but confirmed there had been a data leak. “There was no cyberattack or breach at T-Mobile. . Change your password.

Mobile 134

Mobile Data breaches Accountability Passwords 134

Security Affairs

DECEMBER 21, 2023

More than 22,000 users of Blink Mobility should take the necessary steps to protect themselves against the risk of identity theft. Los Angeles-based electric car-sharing provider Blink Mobility left a misconfigured MongoDB database open to the public.

Mobile 140

Mobile Identity Theft Passwords Phishing 140

Krebs on Security

JUNE 19, 2020

Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. When the two of them sat down to reset his password, the screen displayed a notice saying there was a new Gmail address tied to his Xbox account.

Authentication 363

Authentication Accountability Passwords Mobile 363

Krebs on Security

DECEMBER 16, 2021

Nicholas Truglia was part of a group alleged to have stolen more than $100 million from cryptocurrency investors using fraudulent “SIM swaps,” scams in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s online identities. section at the conclusion of this story.

Cryptocurrency 354

Cryptocurrency Mobile Accountability Scams 354

Krebs on Security

AUGUST 3, 2020

A California company that helps telemarketing firms avoid getting sued for violating a federal law that seeks to curb robocalls has leaked the phone numbers, email addresses and passwords of all its customers, as well as the mobile phone numbers and other data on people who have hired lawyers to go after telemarketers.

Mobile 337

Mobile Marketing Consumer Protection Wireless 337

Troy Hunt

AUGUST 20, 2021

T-Mobile got seriously breached (a good Krebs write-up on it here) Allegedly, AT&T also got breached (although that thread concludes otherwise) 1Password and I have launched the first part of our "Hello CISO" series (it's free - proper free!)

CISO 67

CISO Password Management IoT Data breaches 67

Duo's Security Blog

NOVEMBER 29, 2023

Epic’s new flagship EPCS healthcare management mobile apps Haiku and Canto integrate with Cisco Duo to provide multi-factor authentication (MFA). Subsequently, the FDA mandates support for many security protections, including MFA, to protect against these stolen credentials and weak passwords.

Mobile 128

Mobile Healthcare Authentication Passwords 128

Malwarebytes

OCTOBER 7, 2024

which includes a fix for a bug that could allow a user’s saved passwords to be read aloud by its VoiceOver feature. Unfortunately, that also included an audible description of a user’s saved passwords, effectively reading aloud someone’s passwords. Apple has issued security updates for iOS 18.0.1

Passwords 136

Passwords Mobile Software Risk 136

Security Boulevard

JANUARY 16, 2023

NortonLifeLock is warning customers their passwords are loose. The post Another Password Manager Breach: NortonLifeLock Apes LastPass appeared first on Security Boulevard. First LastPass, now this?

Password Management 144

Password Management Passwords Social Engineering Engineering 144

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. 15, 2022, LastPass said an investigation into the August breach determined the attacker did not access any customer data or password vaults.

Cryptocurrency 362

Cryptocurrency Passwords Encryption Accountability 362

Krebs on Security

MARCH 26, 2024

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. “It was like this system notification from Apple to approve [a reset of the account password], but I couldn’t do anything else with my phone.

Passwords 362

Passwords Accountability Engineering Phishing 362

Krebs on Security

NOVEMBER 4, 2021

Louis Morton , a security professional based in Fort Worth, Texas, forwarded an SMS phishing or “smishing” message sent to his wife’s mobile device that indicated a package couldn’t be delivered. One of dozens of FedEx-themed phishing sites currently being advertised via SMS spam.

Phishing 345

Phishing Scams Mobile DNS 345