Security News

Twitter Limits SMS-Based 2-Factor Authentication to Blue Subscribers Only
2023-02-18 11:10

Twitter has announced that it's limiting the use of SMS-based two-factor authentication to its Blue subscribers. "While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used - and abused - by bad actors," the company said.

New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security
2022-09-06 06:47

A new phishing-as-a-service toolkit dubbed EvilProxy is being advertised on the criminal underground as a means for threat actors to bypass two-factor authentication protections employed against online services. "EvilProxy actors are using reverse proxy and cookie injection methods to bypass 2FA authentication - proxifying victim's session," Resecurity researchers said in a Monday write-up.

Google to turn on 2-factor authentication by default for 150 million users
2021-10-06 02:05

Google has announced plans to automatically enroll about 150 million users into its two-factor authentication scheme by the end of the year as part of its ongoing efforts to prevent unauthorized access to accounts and improve security.The internet giant said it also intends to require 2 million YouTube creators to switch on the setting, which it calls two-step verification, to protect their channels from potential takeover attacks.

2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software
2020-11-24 23:14

cPanel, a provider of popular administrative tools to manage web hosting, has patched a security vulnerability that could have allowed remote attackers with access to valid credentials to bypass two-factor authentication protection on an account. cPanel and WHM offers a Linux-based control panel for users to handle website and server management, including tasks such as adding sub-domains and performing system and control panel maintenance.

Ring Makes 2-Factor Authentication Mandatory Following Recent Hacks
2020-02-19 14:23

Following several recent reports of hackers gaining access to people's internet-connected Ring doorbell and security cameras, Amazon yesterday announced to make two-factor authentication security feature mandatory for all Ring users. Until now, enabling the two-factor authentication in Ring devices was optional, which definitely would have prevented most Ring hacks, but of course, many never bothered to enable it.

Ring Makes 2-Factor Authentication Mandatory Following Recent Hacks
2020-02-19 06:24

Following several recent reports of hackers gaining access to people's internet-connected Ring doorbell and security cameras, Amazon yesterday announced to make two-factor authentication security feature mandatory for all Ring users. Until now, enabling the two-factor authentication in Ring devices was optional, which definitely would have prevented most Ring hacks, but of course, many never bothered to enable it.

OpenSSH now supports FIDO U2F security keys for 2-factor authentication
2020-02-17 17:18

FIDO protocol based hardware security devices are stronger and fool-proof mechanisms for authentication because it enables public-key cryptography to protect against advanced malware, phishing, and man-in-the-middle attacks. "In OpenSSH, FIDO devices are supported by new public key types' ecdsa-sk' and 'ed25519-sk', along with corresponding certificate types," the OpenSSH 8.2 release note says.

OpenSSH now supports FIDO U2F security keys for 2-factor authentication
2020-02-17 09:18

FIDO protocol based hardware security devices are stronger and fool-proof mechanisms for authentication because it enables public-key cryptography to protect against advanced malware, phishing, and man-in-the-middle attacks. "In OpenSSH, FIDO devices are supported by new public key types' ecdsa-sk' and 'ed25519-sk', along with corresponding certificate types," the OpenSSH 8.2 release note says.

Why 2-factor authentication isn't foolproof
2019-08-15 14:31

Breaches happen--even with 2-factor authentication. Learn how to protect your organization from security breaches.

6 Ways Attackers Are Still Bypassing SMS 2-Factor Authentication
2019-04-24 12:31

1992 was both an ending and a beginning. It was the year I lost my beloved grandfather, and I’ll never forget his final words to me: “Stop shaking the ladder, you idiot!” Shortly after his...