Security News

Snowflake lets admins make MFA mandatory across all user accounts
2024-07-10 16:45

A month after incident response giant Mandiant suggested the litany of data thefts linked to Snowflake account intrusions had the common component of lacking multi-factor authentication controls, the cloud storage and data analytics company is offering a mandatory MFA option to admins. The general availability of Snowflake Trust Center was also announced concurrently - a framework for customers to monitor compliance with the MFA policies Snowflake hopes will be applied more broadly.

Hackers abused API to verify millions of Authy MFA phone numbers
2024-07-03 16:43

Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks. In late June, a threat actor named ShinyHunters leaked a CSV text file containing what they claim are 33 million phone numbers registered with the Authy service.

How MFA Failures are Fueling a 500% Surge in Ransomware Losses
2024-07-02 11:00

The cybersecurity threat landscape has witnessed a dramatic and alarming rise in the average ransomware payment, an increase exceeding 500%. Sophos, a global leader in cybersecurity, revealed in...

Scathing report on Medibank cyberattack highlights unenforced MFA
2024-06-18 17:25

A scathing report by Australia's Information Commissioner details how misconfigurations and missed alerts allowed a hacker to breach Medibank and steal data from over 9 million people. In October 2022, Australian health insurance provider Medibank disclosed that it had suffered a cyberattack that disrupted the company's operations.

Medibank breach: Security failures revealed (lack of MFA among them)
2024-06-18 14:22

The 2022 Medibank data breach / extortion attack perpetrated by the REvil ransomware group started by the attackers leveraging login credentials stolen from a private computer of an employee of a Medibank's IT contractor. According to a statement by the Australian Information Commissioner filed with the Federal Court of Australia, the credentials were stolen by way of infostealer malware, after that employee "Saved his Medibank username and password for a number of Medibank accounts to his personal internet browser profile on the work computer he used to provide IT services to Medibank", and then signed into his internet browser profile on his personal computer.

AWS is pushing ahead with MFA for privileged accounts. What that means for you ...
2024-06-17 11:18

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

AWS adds passkeys support, warns root users must enable MFA
2024-06-12 19:38

As announced last October, the internet company reminds us that 'root' AWS accounts must enable MFA by the end of July 2024. Passkeys on AWS. FIDO2 passkeys are physical or software-based authentication solutions that leverage public key cryptography to sign a challenge sent by the server used for verifying the authentication attempt.

Snowflake customers not using MFA are not unique – over 165 of them have been compromised
2024-06-11 03:27

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Snowflake tells customers to enable MFA as investigations continue
2024-06-10 12:30

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Only 45% of organizations use MFA to protect against fraud
2024-05-07 03:00

Most businesses struggle with identity verification and have concerns over ability to protect against AI, according to Ping Identity. The report, based on responses from 700 IT decision-makers across the US, UK, France, Germany, Australia, and Singapore, reveals a pressing need for organizations to enhance their identity protection strategies, with 97% having challenges with identity verification and 48% lacking confidence they have the technology in place to defend against AI-related attacks.