Security News
A new phishing campaign that targets CoinSpot cryptocurrency exchange users employs a new theme revolving around withdrawal confirmations with the end goal of stealing two-factor authentication codes. More specifically, the threat actors send emails from a Yahoo address, replicating real emails from CoinSpot that ask the recipients to confirm or cancel a withdrawal transaction.
VK is finally introducing two-factor authentication on all its services and plans to make it mandatory in February 2022 for administrators of large communities. Starting in February, all communities that count over 10,000 subscribers must be managed by a 2FA secured admin account to prevent large-scale phishing incidents.
VMware has warned users a flaw in its VMware Verify two-factor authentication product could allow a malicious actor with a first-factor authentication credential to obtain a second factor from its VMware Verify product. CVE-2021-22057 is the rascal behind this issue and is rated 6.6/10. VMware Verify is part of the wider VMware Workspace ONE Access product, now available in version 21.08.0.1 to fix this bug and a 5.5-rated Server Side Request Forgery that can allow a malicious actor with network access to make HTTP requests to arbitrary origins and read the full response.
GitHub has fixed a serious vulnerability that would have allowed attackers to publish new, malicious versions of any existing package on the npm registry. "In this architecture, the authorization service was properly validating user authorization to packages based on data passed in request URL paths. However, the service that performs underlying updates to the registry data determined which package to publish based on the contents of the uploaded package file," GitHub's chief security officer Mike Hanley explained.
It's easy to forget that the "Obviousness" of many scam emails comes from the fact that the crooks never intended those scams for us in the first place. We received a phish this morning that specifically targeted one of the main South African banks.
Google announced today that they plan on auto-enrolling 150 million accounts into two-factor authentication by the end of 2021. To protect Google accounts from unauthorized access, it is possible to enroll in an optional security feature called two-factor authentication, or as Google likes to call it, 2-step verification.
It's telling me I am nearing the end of the app's free trial period and now is the time to commit to a subscription payment or lose the "Pro" features I have been "Enjoying." Although the password app is free, the German volunteer developer who wrote and maintains it always asks his users for modest donations at this time of year to coincide with Oktoberfest.
It's telling me I am nearing the end of the app's free trial period and now is the time to commit to a subscription payment or lose the "Pro" features I have been "Enjoying." Although the password app is free, the German volunteer developer who wrote and maintains it always asks his users for modest donations at this time of year to coincide with Oktoberfest.
Coinbase, the world's second-largest cryptocurrency exchange with approximately 68 million users from over 100 countries, has scared a significant amount of its users with erroneous 2FA warnings. As the crypto exchange revealed over the weekend in a Twitter thread, it accidentally alerted roughly 125,000 customers that their 2FA settings had have been changed on August 28, between 1:45 pm PST and 3:07 pm PST. In a Friday incident report, Coinbase explained that the notifications were sent in error and that customers are not required to take any action to restore their 2FA settings.
GitHub urges its user base to toggle on two-factor authentication after deprecating password-based authentication for Git operations. "If you have not done so already, please take this moment to enable 2FA for your GitHub account," the company's Chief Security Officer Mike Hanley said.