HackDig : Dig high-quality web security articles

Strong Authentication – Robust Identity and Access Management Is a Strategic Choice

Passwords no longer meet the demands of today’s identity and access requirements. Therefore, strong authentication methods are needed. “Usernames and passwords are insufficient and vulnerable means of authentication on their own; therefore, it is essential to employ strong authentication techniques like multi-factor authentication (MFA) to confirm users&#
Publish At:2022-07-29 09:24 | Read:310 | Comments:0 | Tags:Breaking News Security 2FA hacking news information security

PyPI starts rolling out required 2FA for important projects

The Python Package Index (PyPI) says it has begun rolling out a two-factor authentication (2FA) requirement which enforces maintainers of critical projects to have 2FA enabled to publish, update, or modify them. PyPI plays an important role in the Python developers’ ecosystem. Python repository PyPi is the repository of software for the Python pr
Publish At:2022-07-12 11:52 | Read:209 | Comments:0 | Tags:Reports 2fa log4j PSF PyPI

Watch out for the email that says “You have a new voicemail!”

A phishing campaign is using voicemail notification messages to go after victims’ Office 365 credentials. According to researchers at ZScaler, the campaign uses spoofed emails with an HTML attachment that contains encoded javascript. The email claims that you have a new voicemail and that you can listen to the message by clicking on the attachmen
Publish At:2022-06-22 07:02 | Read:550 | Comments:0 | Tags:Social engineering 2fa office 365 password manager phishing

Internet Safety Month: Avoiding the consequences of unsafe Internet practices

Welcome to Internet Safety Month, a once-a-year event in which you, the public, are told that anywhere between three and 30 different best practices will simplify your approach to staying safe online. Unfortunately, much of the well-intentioned advice surrounding Internet Safety Month ignores one basic fact about how people change their habits: We typical
Publish At:2022-06-03 12:59 | Read:1284 | Comments:0 | Tags:101 2fa internet safety month malware mfa password manager r

Twitter fined $150M after using 2FA phone numbers for marketing

The Federal Trade Commission (FTC) and the Department of Justice (DOJ) have ordered Twitter to pay a $150M penalty for using users’ account security data deceptively. The deception violates an FTC order from 2011, that bars Twitter from “misleading consumers about the extent to which it protects the security, privacy, and confidentiality of no
Publish At:2022-05-27 09:01 | Read:828 | Comments:0 | Tags:Privacy 2fa Department of Justice DOJ EU-US Privacy Shield F

World Password Day: Brushing up on the basics

World Password Day is today, reminding us of the value of solid passwords, and good password practices generally. There are awareness days for all sorts of things, and perhaps we don’t need all of them. You can’t go wrong shoring up a leaky password line of defence though, so without further ado: let’s get right to it. Breaching the issu
Publish At:2022-05-05 08:52 | Read:1239 | Comments:0 | Tags:Privacy 2 factor authentication 2fa breach code hardware key

Four SMB cybersecurity practices during geopolitical upheaval

Russia’s continued, weeklong invasion of Ukraine has altered the landscape of cybersecurity threats facing organizations both near and far from the physical threat of war. Disinformation is spreading and being actively fought. The old hacker group Anonymous promised “cyber war” against Russia. One ransomware group swore to launch retaliatory attacks for a
Publish At:2022-03-03 08:51 | Read:1002 | Comments:0 | Tags:Awareness 2fa cisa covid-19 covid-19 scams multi-factor auth

Ransomware gang hits 49ers’ network before Super Bowl kick off

The San Francisco 49ers has confirmed that it has been hit by a ransomware attack. The announcement came just hours before the biggest football game of the year, Sunday’s Super Bowl between the Cincinnati Bengals and the Los Angeles Rams. In a boilerplate statement to BleepingComputer, the 49ers revealed that the attack has caused temporary disrupti
Publish At:2022-02-14 12:46 | Read:2360 | Comments:0 | Tags:Ransomware 2fa 49ers BlackByte ransomware fbi proxyshell Pro

Microsoft: Slow MFA adoption presents “dangerous mismatch” in security

Multi-factor authentication (MFA) has been around for many years now, but few enterprises have fully embraced it. In fact, according to Microsoft’s inaugural “Cyber Signals” report, only 22 percent of all its Azure Active Directory (AD) enterprise clients have adopted two-factor authentication (2FA), a form of MFA. That leaves 78 percent th
Publish At:2022-02-09 08:50 | Read:910 | Comments:0 | Tags:Security world 2fa Azure Active Directory Cyber Signal Googl

Intercepting 2FA: Over 1200 man-in-the-middle phishing toolkits detected

Two-factor authentication (2FA) has been around for a while now and for the majority of tech users in the US and UK, it has became a security staple. Indeed, wake up calls brought about by data breaches have stirred others out of their comfort zones into finally adopting 2FA and making it part of their online lives. But online criminals—quick as they are
Publish At:2022-01-06 12:45 | Read:1702 | Comments:0 | Tags:Reports 2fa Catching Transparent Phish evilginx Man in the M

Police forces pipe 225 million pwned passwords into ‘Have I Been Pwned?’

On his blog, Troy Hunt has announced a major milestone in the ‘Have I Been Pwned?’ project, thanks to the contributions of two of the world’s foremost law enforcement agencies, the FBI and the NCA (the UK equivalent of the FBI, the National Crime Agency). This enormous injection of used passwords has puffed up the world’s largest publicly available
Publish At:2021-12-21 12:45 | Read:1336 | Comments:0 | Tags:Reports 2fa database fbi have i been pwned NCA password mana

Click “OK” to defeat MFA

Researchers have discovered that Nobelium—the threat actor behind the infamous SolarWinds supply-chain attack, the Sunburst backdoor, TEARDROP malware, GoldMax malware, and other malicious activities—has found a way to use stolen credentials even when they require multi-factor authentication that relies on smartphone push notifications. And the technique
Publish At:2021-12-10 12:45 | Read:2586 | Comments:0 | Tags:Reports 2fa cryptbot FoggyWeb GoldMax mfa nobelium push noti

Have you downloaded that Android malware from the Play Store lately?

Security researchers have discovered banking Trojan apps on the Google Play Store, and say they have been downloaded by more than 300,000 Android users. As you may know, banking Trojans are kitted for stealing banking data like your username and password, and two-factor authentication (2FA) codes that you use to login to your bank account. They also capab
Publish At:2021-12-01 08:49 | Read:1482 | Comments:0 | Tags:Android 2fa Alien Android malware Alien campaign Anatsa Andr

Millions of GoDaddy customer data compromised in breach

Domain name registrar giant and hosting provider GoDaddy yesterday disclosed to the Securities and Exchange Commission (SEC) that it had suffered a security breach. In the notice, it explained it had been compromised via an “unauthorized third-party access to our Managed WordPress hosting environment.” The unknown culprit behind the attack sto
Publish At:2021-11-23 16:40 | Read:2027 | Comments:0 | Tags:Hacking 2fa Defiant Inc GoDaddy GoDaddy breach SEC Securitie

Fake ransomware warnings hit WordPress sites: How to stay safe

A ransomware warning has appeared out of nowhere and started taking over WordPress sites. The warning, with its black background and red writing, says: “SITE ENCRYPTED{ Countdown }FOR RESTORE SEND 0.1 BITCOIN:[address redacted](create file on site /unlock.txt with transaction key inside)” But there’s just one thing… the warning is a
Publish At:2021-11-17 12:44 | Read:1479 | Comments:0 | Tags:Reports 2fa 3BkiGYFh6QtjtNCPNNjGwszoqqCka2SDEc CMS ransomwar

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud