Security News

GitHub announced today that all users who contribute code on its platform will be required to enable two-factor authentication on their accounts by the end of 2023. Active contributors who will have to enable 2FA include but are not limited to GitHub users who commit code, use Actions, open or merge pull requests, or publish packages.

Escobar mobile malware targets 190 banking and financial apps, steals 2FA codes. Mobile malware is becoming increasingly powerful against banking and financial applications, especially on Android operating systems.

The US Cybersecurity and Infrastructure Security Agency has just put out a bulletin numbered AA22-074A, with the dramatic title Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and "PrintNightmare" Vulnerability. Re-enrolled the account into the 2FA system, as though the original user were reactivating it.

We monitor a range of email addresses related to Naked Security, so we receieve a regular supply of real-world spams and scams. Right now our scam feed is awash with a variety of frauds targeting Instagram, Instagram, and Instagram.

After accelerating its efforts to auto-enroll as many accounts as possible in two-factor authentication, Google announced that an additional 150 million users now have 2FA enabled. Google first announced that it strives to push all its users to start using 2FA in May 2021, as part of a broader move to secure as many accounts as possible from attacks that use compromised credentials or guess passwords to hijack accounts.

A new and powerful malware named 'Mars Stealer' has appeared in the wild, and appears to be a redesign of the Oski malware that shut down development abruptly in the summer of 2020. Mars Stealer is an information-stealing malware that steals data from all popular web browsers, two-factor authentication plugins, and multiple cryptocurrency extensions and wallets.

The app, which is fully functional as a 2FA authenticator, comes loaded with the Vultur stealer malware that targets and swoops down on financial data. Once downloaded, the app installs Vultur banking trojan, which steals financial and banking data on the compromised device - but can do much more.

Details of how the crooks pulled off the attack aren't given in the report, which says simply that "Transactions were being approved without the 2FA authentication control being inputted by the user." What the report doesn't explain, or even mention, is whether 2FA codes were entered by someone - albeit not by customers themselves - in order to authorise the fraudulent withdrawals, or whether the 2FA part of the authentication process was somehow bypassed entirely.

In spite of customers having reported losses over the weekend, Crypto.com's Thursday statement said that the heist happened on Monday at about 12:46 a.m. UTC. That's when the exchange's risk monitoring systems picked up on unauthorized transactions coming out of 483 accounts and being approved without users' 2FA authentication. The exchange fully restored the affected accounts, revoked all 2FA tokens and added additional security hardening measures, requiring all customers to re-login and set up their 2FA token.

Clearly, the stakes are high - gaining access to a Box account could give cyberattackers access to a vast array of sensitive documents and data for both individuals and organizations. When a user goes to log on with his or her credentials, Box generates the cookies and the user is asked to navigate to an SMS verification page, where the person is instructed to enter a one-time passcode sent to an enrolled mobile phone.