Security News

cPanel 2FA bypass vulnerability can be exploited through brute force
2020-11-25 10:55

A two-factor authentication bypass vulnerability affecting the popular cPanel & WHM software suite may allow attackers to access secured accounts, Digital Defense researchers have found. Still, admins of sites that are managed through cPanel should check whether their provider did perform the update.

‘Copyright Violation’ Notices Lead to Facebook 2FA Bypass
2020-10-28 20:13

Scammers have hatched a new way to attempt to bypass two-factor authentication protections on Facebook. The first step in the "Appeal?" The victim is asked to submit a username, password and 2FA code from their mobile device, according to Sophos researcher Paul Ducklin, allowing fraudsters bypass 2FA. 2FA is an added layer of protection on top of a username and password that usually involves sending a unique code to a mobile device, which must be entered to access a platform.

Facebook “copyright violation” tries to get past 2FA – don’t fall for it!
2020-10-27 19:58

Notification of Alleged Copyright Violation Recently there have been reports citing copyright violations of your Page posts. The link on the Facebook page above looks as though it stays on facebook.com, but the URL you see in blue above isn't the URL you visit if you click it.

Alien Android Banking Trojan Sidesteps 2FA
2020-09-24 15:46

A newly uncovered banking trojan called Alien is invading Android devices worldwide, using an advanced ability to bypass two-factor authentication security measures to steal victim credentials. Researchers believe Alien is a "Fork" of the infamous Cerberus banking malware, which has undergone a steady demise in use over the past year.

Android Malware Bypasses 2FA And Targets Telegram, Gmail Passwords
2020-09-21 15:59

Researchers have uncovered a threat group launching surveillance campaigns that target victims' personal device data, browser credentials and Telegram messaging application files. One notable tool in the group's arsenal is an Android malware that collects all two-factor authentication security codes sent to devices, sniffs out Telegram credentials and launches Google account phishing attacks.

Zoom Rolls Out 2FA Support for All Accounts
2020-09-11 13:29

Video conferencing platform Zoom this week announced that all user accounts can now benefit from improved protection, courtesy of support for Two-Factor Authentication. With 2FA enabled on their accounts, users should be protected from security breaches, including those that originate from the Zoom platform itself, the company claims.

How to add 2FA to your Zoom account
2020-09-11 09:19

Video conferencing platform Zoom is finally offering all users the option to enable two-factor authentication to secure their accounts against credential stuffing attacks and attacks leveraging phished login credentials. How to enable Zoom 2FA on a Pro, Business, Education, or Enterprise account.

IDmission announces a 2FA upgrade path for access points
2020-08-04 00:00

IDmission announced its Identity Management System to reduce unauthorized access to large multi-tenant facility access points. With IDMS, large organizations can significantly control physical and logical access points throughout the enterprise.

US tax service says, “2FA is a must!”
2020-07-29 16:01

Let me tell you how it will be There's one for you, nineteen for me 'Cause I'm the taxman, yeah, I'm the taxman Should five per cent appear too small Be thankful I don't take it all 'Cause I'm the taxman, yeah, I'm the taxman If you drive a car, I'll tax the street If you try to sit, I'll tax your seat If you get too cold, I'll tax the heat If you take a walk, I'll tax your feet 'Cause I'm the taxman, yeah, I'm the taxman. You end up with a fraudulent tax return filed against your name; the government ends up with a huge dent in its tax revenues; and the mess can take ages to sort out.

Twitter hackers busted 2FA to access accounts and then reset user passwords
2020-07-20 06:25

Twitter has revealed more about the July 15 attack that saw several prominent accounts hijacked to promote a Bitcoin scam. The Saturday, July 18 update admits "The attackers successfully manipulated a small number of employees and used their credentials to access Twitter's internal systems, including getting through our two-factor protections."