Security News

An emerging phishing-as-a-service (PhaaS) platform called Mamba 2FA has been observed targeting Microsoft 365 accounts in AiTM attacks using well-crafted login pages. [...]

Bank customers in the Central Asia region have been targeted by a new strain of Android malware codenamed Ajina.Banker since at least November 2024 with the goal of harvesting financial...

Starting October 1st, WordPress.org accounts that can push updates and changes to plugins and themes will be required to activate two-factor authentication (2FA) on their accounts. [...]

India's central bank on Wednesday proposed a requirement for dynamically generated second authentication factors for most digital payments. "Reserve Bank of India had mandated additional factor of authentication for all transactions undertaken using cards, prepaid instruments and mobile banking channels," explained the central bank.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

An infostealer malware campaign has collected millions of logins from users of various gaming websites, including players that use cheats, pay-to-cheat services. "The DB for the stealer represents gaming related accounts much more than anything else," Zebleer said, adding that "It's the largest infostealer malware campaign targeting gamers/cheaters in history."

The terms 2FA and MFA are sometimes used interchangeably. This is because 2FA is really a subset of MFA. 2FA involves only one additional authentication factor.

A publicly exposed API of social media platform Spoutible may have allowed threat actors to scrape information that can be used to hijack user accounts. The problem with the Spoutible API. Security consultant Troy Hunt has been tipped off about the API by an individual who shared a file with 207,000 Spoutible user records - supposedly scraped via the API - and an URL that would allow Hunt to do the same with his own account.

Numerous Payoneer users in Argentina report waking up to find that their 2FA-protected accounts were hacked and funds stolen after receiving SMS OTP codes while they were sleeping. Starting last weekend, many Payoneer users in Argentina, whose accounts were protected by two-factor authentication, reported suddenly losing access to their accounts or simply logging in to empty wallets, losing "Years of work" worth in money ranging from $5,000 to $60,000.

Attackers targeting vulnerable self-managed GitLab instances could use a specially crafted HTTP request to send a password reset email to an attacker-controlled, unverified email address. Users with 2FA enabled aren't vulnerable to account takeover, unless the attacker also had control of the 2FA authenticator, but a password reset could still be achieved.