HackDig : Dig high-quality web security articles

How to enable Facebook’s hardware key authentication for iOS and Android

Since 2017 desktop users have had the opportunity to use physical security keys to log in to their Facebook accounts. Now iOS and Android users have the same option too. Physical security keys are a more secure option for two-factor authentication (2FA) than SMS (which is vulnerable to SIM swap attacks and phishing), and apps that generate codes or push noti
Publish At:2021-03-22 21:24 | Read:235 | Comments:0 | Tags:How-tos 2fa facebook mfa security keys IOS android

Gang arrested for SIM-swapping celebrities, stealing $100 million

The UK’s National Crime Agency (NCA)—working alongside the US Secret Service, Homeland Security, the FBI, Europol, and the District Attorney’s Office of Santa Clara California—spearheaded the arrest of eight British citizens in the UK and Scotland, aged between 18 to 26, for a string of SIM swapping attacks that occurred in 2020. These attacks ta
Publish At:2021-02-15 11:12 | Read:287 | Comments:0 | Tags:Social engineering 2fa Matthew Miller Paul Creffield SIM jac

Ubiquiti breach, and other IoT security problems

Networking equipment manufacturer Ubiquiti sent out an email to warn users about a possible data breach. The email stated there had been unauthorized access to its IT systems that are hosted with a third-party cloud provider. Ubiquiti Networks sells networking devices and IoT devices. It did not specify which products were affected but pointed at UI.com,
Publish At:2021-01-12 16:00 | Read:604 | Comments:0 | Tags:IoT 2fa chastity belt IoT security passwords traffic lights

Get a head start on defending against tax scams

It may not be tax season in your part of the world right now but you’ll no doubt be pleased to know a prolific tax scammer is on their way to jail for 20 years. If you’re annoyed by tax scam missives, or had the misfortune to hand money over, this is probably satisfying news. Between 2013 and 2016, Hitesh Patel ran a particularly sophisticated operation.
Publish At:2020-12-08 17:30 | Read:485 | Comments:0 | Tags:Social engineering 2fa HMRC money laundering phish phishing

Spotify resets some user logins after hacker database found floating online

A team of researchers working for vpnMentor has found a treasure trove in the form of an unsecured Elasticsearch database containing over 380 million records. The trove contained login credentials and other data belonging to Spotify users. So what’s Spotify doing leaving its user data hanging around on an unsecured database? Answer: It’s not.
Publish At:2020-11-25 13:36 | Read:500 | Comments:0 | Tags:Reports 2fa credential stuffing database Elasticsearch mfa P

2FA bypass in cPanel potentially exposes tens of millions of websites to hack

2FA bypass discovered in web hosting software cPanel More than 70 million sites are managed via cPanel software, according to the company. Researchers discovered a major issue in cPanel that could be exploited by attackers to bypass two-factor authentication for cPanel accounts. Security researchers from Digital Defense have discovered a major secur
Publish At:2020-11-24 20:07 | Read:559 | Comments:0 | Tags:Breaking News Hacking 2FA hacking news information security

Scammers are spoofing bank phone numbers to rob victims

It can be a very convincing trick… “You can check the number in your display online sir. You’ll see I’m really calling from your bank.” That is, of course, if you are unaware that phone numbers can be spoofed. Then again, they wouldn’t be successful scammers if they weren’t convincing. If you suggest calling them back, they’ll tell you it’s
Publish At:2020-10-28 10:53 | Read:513 | Comments:0 | Tags:Social engineering 2fa caller id cold callers fake banksites

Brute force attacks increase due to more open RDP ports

While leaving your back door open while you are working from home may be something you do without giving it a second thought, having unnecessary ports open on your computer is a security risk that is sometimes underestimated. That’s because an open port can be subject to brute force attacks. What are brute force attacks? A brute force attack is w
Publish At:2020-10-20 11:47 | Read:791 | Comments:0 | Tags:Exploits and vulnerabilities Web threats 2fa attacks brute f

Rampant Kitten ‘s arsenal includes Android malware that bypasses 2FA

Security researchers discovered Android malware capable of bypassing 2FA that was developed by an Iran-linked group dubbed Rampant Kitten Security researchers from Check Point discovered an Android malware, developed by an Iran-linked group dubbed Rampant Kitten, that is able to bypass 2FA. Rampant Kitten has been active at least since 2014 and was inv
Publish At:2020-09-18 16:30 | Read:757 | Comments:0 | Tags:Breaking News Hacking Malware Mobile 2FA Android information

Great news, now you can protect your Zoom account with 2FA

Zoom has implemented two-factor authentication (2FA) to protect all user accounts against security breaches and other cyber attacks. Zoom has announced finally implemented the two-factor authentication (2FA) to protect all user accounts from unauthorized accesses. This is a great news due to the spike in the popularity of the communication software dur
Publish At:2020-09-11 11:00 | Read:777 | Comments:0 | Tags:Breaking News Security 2FA authentication Hacking Identity T

Report: Pandemic caused significant shift in buyer appetite in the dark web

Last year, credentials for PayPal, Facebook, and Airbnb were among the top goods on high demand in the dark web, aka the Internet’s underground market. But due to the COVID-19 outbreak, with most of the worldwide population sheltering, working, and studying indoors, many facets of life have made a full 180-degree turn—including the criminal world.
Publish At:2020-09-10 19:18 | Read:869 | Comments:0 | Tags:Cybercrime 2fa airbnb Cash App covid-19 Dark Web Dark Web Ma

US tax service says, “2FA is a must!”

byPaul DucklinThe Beatles famously sang about The Taxman back in 1966, when Britain had much higher taxes on the rich than it does now: Let me tell you how it will be There's one for you, nineteen for me 'Cause I'm the taxman, yeah, I'm the taxman Should five per cent appear too small Be thankful I don't take it all 'Cause I'm the tax
Publish At:2020-07-29 13:37 | Read:883 | Comments:0 | Tags:2-factor Authentication 2FA IRS refund fraud scams tax scams

Coordinated Twitter attack rakes in 100 grand

“I’m feeling generous because of Covid-19. I’ll double any BTC payment sent to my BTC address for the next hour. Good luck, and stay safe out there!” This and similar Tweets asking readers to send US$1,000 to a Bitcoin address with the promise of a double return payment went out yesterday. Too good to be true? Once again,
Publish At:2020-07-16 14:35 | Read:914 | Comments:0 | Tags:Social engineering 2fa bitcoin Social Engineering tweets twi

What to do when you receive an extortion email

In the last few weeks, there has been an upswing in people receiving threatening, extortion email messages, demanding payment to avoid release of sensitive information. Most of the time, these emails are what we call “sextortion” emails, as they claim that malware on your computer has captured embarrassing photos of you through the webcam, but th
Publish At:2020-05-03 14:39 | Read:1441 | Comments:0 | Tags:Malwarebytes news 2fa Bitcoin sextortion extortion online ex

Europol busts up two SIM-swapping hacking rings

byLisa VaasAfter months-long, cross-border investigations, Europol announced on Friday that it’s arrested more than two dozen people suspected of draining bank accounts by hijacking victims’ phone numbers via SIM-swap fraud.Following a ramp-up in SIM-jacking over recent months, police across Europe have been gearing up to dismantle criminal netwo
Publish At:2020-03-17 07:39 | Read:1735 | Comments:0 | Tags:2-factor Authentication Law & order Malware Security threats