Security News

If you've started rolling out AlmaLinux to your data centers, you should enable 2FA for SSH authentication. One way to beef up the security of any Linux server is to enable two-factor authentication for SSH logins.
![S3 Ep34: Apple bugs, scammers busted, and how crooks bypass 2FA [Podcast]](/static/build/img/news/s3-ep34-apple-bugs-scammers-busted-and-how-crooks-bypass-2fa-podcast-small.jpg)
Police arrest eight suspects in an online scamming ring. We explain how WhatsApp messages from hacked accounts are helping cybercrooks bypass 2FA. Oh! No! of the week.

Twitter has added support for multiple security keys to accounts with two-factor authentication enabled for logging into the social network's web interface and mobile apps. "Secure your account with multiple security keys," Twitter said.

Once you have AlmaLinux up and running, one of the first things you should do is set up two-factor authentication for SSH. After all, you don't want to rely solely on SSH for authentication to your servers-not in today's world. How to install the google-authenticator command on AlmaLinux.

The cloning works by using a hot air gun and a scalpel to remove the plastic key casing and expose the NXP A700X chip, which acts as a secure element that stores the cryptographic secrets. The exploit allows an attacker to obtain the long-term elliptic curve digital signal algorithm private key designated for a given account.

Ubiquiti, a major vendor of cloud-enabled Internet of Things devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. The company says an incident at a third-party cloud provider may have exposed customer account information and credentials used to remotely manage Ubiquiti gear.

The vulnerability allows the bad actor to extract the encryption key or the ECDSA private key linked to a victim's account from a FIDO Universal 2nd Factor device like Google Titan Key or YubiKey, thus completely undermining the 2FA protections. An actor will have first to steal the target's login and password of an account secured by the physical key, then stealthily gain access to Titan Security Key in question, not to mention acquire expensive equipment costing north of $12,000, and have enough expertise to build custom software to extract the key linked to the account.

Challenges organizations face in combating third-party cyber riskA CyberGRX report reveals trends and challenges organizations of all sizes face in combating third-party cyber risk today. cPanel 2FA bypass vulnerability can be exploited through brute forceA two-factor authentication bypass vulnerability affecting the popular cPanel & WHM software suite may allow attackers to access secured accounts, Digital Defense researchers have found.

A security flaw in the cPanel web hosting control panel allows attackers to circumvent two-factor authentication checks via brute-force attacks for domains managed using vulnerable cPanel & WebHost Manager versions. Attackers could abuse CVE-2020-27641 to bypass 2FA for cPanel accounts on potentially millions of websites because cPanel's Security Policy did not block them from repeatedly submitting two-factor authentication codes.

cPanel last week released patches to address three vulnerabilities in cPanel & WebHost Manager, including one leading to two-factor authentication bypass. With over 20 years of web hosting experience, cPanel claims servers using cPanel & WHM have launched more than 70 million domains.