Security News

2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software
2020-11-24 23:14

cPanel, a provider of popular administrative tools to manage web hosting, has patched a security vulnerability that could have allowed remote attackers with access to valid credentials to bypass two-factor authentication protection on an account. cPanel and WHM offers a Linux-based control panel for users to handle website and server management, including tasks such as adding sub-domains and performing system and control panel maintenance.

Ring Makes 2-Factor Authentication Mandatory Following Recent Hacks
2020-02-19 14:23

Following several recent reports of hackers gaining access to people's internet-connected Ring doorbell and security cameras, Amazon yesterday announced to make two-factor authentication security feature mandatory for all Ring users. Until now, enabling the two-factor authentication in Ring devices was optional, which definitely would have prevented most Ring hacks, but of course, many never bothered to enable it.

Ring Makes 2-Factor Authentication Mandatory Following Recent Hacks
2020-02-19 06:24

Following several recent reports of hackers gaining access to people's internet-connected Ring doorbell and security cameras, Amazon yesterday announced to make two-factor authentication security feature mandatory for all Ring users. Until now, enabling the two-factor authentication in Ring devices was optional, which definitely would have prevented most Ring hacks, but of course, many never bothered to enable it.

OpenSSH now supports FIDO U2F security keys for 2-factor authentication
2020-02-17 17:18

FIDO protocol based hardware security devices are stronger and fool-proof mechanisms for authentication because it enables public-key cryptography to protect against advanced malware, phishing, and man-in-the-middle attacks. "In OpenSSH, FIDO devices are supported by new public key types' ecdsa-sk' and 'ed25519-sk', along with corresponding certificate types," the OpenSSH 8.2 release note says.

OpenSSH now supports FIDO U2F security keys for 2-factor authentication
2020-02-17 09:18

FIDO protocol based hardware security devices are stronger and fool-proof mechanisms for authentication because it enables public-key cryptography to protect against advanced malware, phishing, and man-in-the-middle attacks. "In OpenSSH, FIDO devices are supported by new public key types' ecdsa-sk' and 'ed25519-sk', along with corresponding certificate types," the OpenSSH 8.2 release note says.

Why 2-factor authentication isn't foolproof
2019-08-15 14:31

Breaches happen--even with 2-factor authentication. Learn how to protect your organization from security breaches.

6 Ways Attackers Are Still Bypassing SMS 2-Factor Authentication
2019-04-24 12:31

1992 was both an ending and a beginning. It was the year I lost my beloved grandfather, and I’ll never forget his final words to me: “Stop shaking the ladder, you idiot!” Shortly after his...

How to make people sit up and use 2-factor auth: Show 'em a vid reusing a toothbrush to clean the toilet, then compare it to password reuse
2019-03-06 00:53

Education, education, education is key to security RSA Despite multi-factor authentication being on hand to protect online accounts and other logins from hijackings by miscreants for more than a...

How to make people sit up and use 2-factor auth: Show 'em a vid reusing a toothbrush to clean the toilet, then tell compare it to password reuse
2019-03-06 00:53

Education, education, education is key to security RSA Despite multi-factor authentication being on hand to protect online accounts and other logins from hijackings by miscreants for more than a...

Perverse Vulnerability from Interaction between 2-Factor Authentication and iOS AutoFill
2018-06-20 11:51

Apple is rolling out an iOS security usability feature called Security code AutoFill. The basic idea is that the OS scans incoming SMS messages for security codes and suggests them in AutoFill, so...