Security News > 2023 > February

Twitter has announced that it will no longer support SMS two-factor authentication unless you pay for a Twitter Blue subscription. In a blog post released this week, Twitter said that non-Twitter Blue users using SMS 2FA authentication have until March 20th, 2023, to switch to another 2FA method, or it will be disabled.

In brief Web hosting and domain name concern GoDaddy has disclosed a fresh attack on its infrastructure, and concluded that it is one of a series of linked incidents dating back to 2020. The business took the unusual step of detailing the attacks in its Form 10-K - the formal annual report listed entities are required to file in the US. The filing details a March 2020 attack that "Compromised the hosting login credentials of approximately 28,000 hosting customers to their hosting accounts as well as the login credentials of a small number of our personnel" and a November 2021 breach of its hosted WordPress service.

Microsoft will soon add a new way to end unresponsive processes in Windows 11 in the form of a new option that will show up when right-clicking an app's taskbar icon. The new functionality is currently in development as a hidden feature of Windows 11 build 25300 in the Windows Insider developer channel.

Get hired in cybersecurity: Expert tips for job seekersIn this Help Net Security interview, Joseph Cooper, Cybersecurity Recruiter at Aspiron Search, offers practical advice for job seekers and talks about how the cybersecurity profession continues to expand. Admins, patch your Cisco enterprise security solutions!Cisco has released security updates for several of its enterprise security and networking products.

In a preprint paper titled, "Forward Pass: On the Security Implications of Email Forwarding Mechanism and Policy," scheduled to appear at the 8th IEEE European Symposium on Security and Privacy in July, authors Enze Liu, Gautam Akiwate, Mattijs Jonker, Ariana Mirian, Grant Ho, Geoffrey Voelker, and Stefan Savage show that email messages can be easily spoofed despite the existence of supposed defenses. The researchers, affiliated with UC San Diego and Stanford University in the US, and University of Twente in the Netherlands, reveal that attackers can still easily take advantage of security issues arising from email forwarding.

Fortinet has released security updates to address 40 vulnerabilities in its software lineup, including FortiWeb, FortiOS, FortiNAS, and FortiProxy, among others. Two of the 40 flaws are rated Critical, 15 are rated High, 22 are rated Medium, and one is rated Low in severity.

Security researchers have discovered a new backdoor called WhiskerSpy used in a campaign from a relatively new advanced threat actor tracked as Earth Kitsune, known for targeting individuals showing an interest in North Korea. The new operation was discovered at the end of last year by researchers at cybersecurity company Trend Micro, who have been tracking Earth Kitsune activity since 2019.

Twitter has announced that it's limiting the use of SMS-based two-factor authentication to its Blue subscribers. "While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used - and abused - by bad actors," the company said.

Web hosting services provider GoDaddy on Friday disclosed a multi-year security breach that enabled unknown threat actors to install malware and siphon source code related to some of its services. GoDaddy said in December 2022, it received an unspecified number of customer complaints about their websites getting sporadically redirected to malicious sites, which it later found was due to the unauthorized third party gaining access to servers hosted in its cPanel environment.

The FBI claims it has dealt with a cybersecurity "Incident" that reportedly involved computer systems being used to investigate child sexual exploitation. "The FBI is aware of the incident and is working to gain additional information," a spokesperson said in a statement to The Register.