Passwords no longer meet the demands of today’s identity and access requirements. Therefore, strong authentication methods are needed. “Usernames and passwords are insufficient and vulnerable means of authentication on their own; therefore, it is essential to employ strong authentication techniques like multi-factor authentication (MFA) to confirm users&#

The Python Package Index (PyPI) says it has begun rolling out a two-factor authentication (2FA) requirement which enforces maintainers of critical projects to have 2FA enabled to publish, update, or modify them. PyPI plays an important role in the Python developers’ ecosystem. Python repository PyPi is the repository of software for the Python pr

A phishing campaign is using voicemail notification messages to go after victims’ Office 365 credentials. According to researchers at ZScaler, the campaign uses spoofed emails with an HTML attachment that contains encoded javascript. The email claims that you have a new voicemail and that you can listen to the message by clicking on the attachmen

Welcome to Internet Safety Month, a once-a-year event in which you, the public, are told that anywhere between three and 30 different best practices will simplify your approach to staying safe online. Unfortunately, much of the well-intentioned advice surrounding Internet Safety Month ignores one basic fact about how people change their habits: We typical

The Federal Trade Commission (FTC) and the Department of Justice (DOJ) have ordered Twitter to pay a $150M penalty for using users’ account security data deceptively. The deception violates an FTC order from 2011, that bars Twitter from “misleading consumers about the extent to which it protects the security, privacy, and confidentiality of no

World Password Day is today, reminding us of the value of solid passwords, and good password practices generally. There are awareness days for all sorts of things, and perhaps we don’t need all of them. You can’t go wrong shoring up a leaky password line of defence though, so without further ado: let’s get right to it. Breaching the issu

Russia’s continued, weeklong invasion of Ukraine has altered the landscape of cybersecurity threats facing organizations both near and far from the physical threat of war. Disinformation is spreading and being actively fought. The old hacker group Anonymous promised “cyber war” against Russia. One ransomware group swore to launch retaliatory attacks for a

The San Francisco 49ers has confirmed that it has been hit by a ransomware attack. The announcement came just hours before the biggest football game of the year, Sunday’s Super Bowl between the Cincinnati Bengals and the Los Angeles Rams. In a boilerplate statement to BleepingComputer, the 49ers revealed that the attack has caused temporary disrupti

Multi-factor authentication (MFA) has been around for many years now, but few enterprises have fully embraced it. In fact, according to Microsoft’s inaugural “Cyber Signals” report, only 22 percent of all its Azure Active Directory (AD) enterprise clients have adopted two-factor authentication (2FA), a form of MFA. That leaves 78 percent th

Two-factor authentication (2FA) has been around for a while now and for the majority of tech users in the US and UK, it has became a security staple. Indeed, wake up calls brought about by data breaches have stirred others out of their comfort zones into finally adopting 2FA and making it part of their online lives. But online criminals—quick as they are

On his blog, Troy Hunt has announced a major milestone in the ‘Have I Been Pwned?’ project, thanks to the contributions of two of the world’s foremost law enforcement agencies, the FBI and the NCA (the UK equivalent of the FBI, the National Crime Agency). This enormous injection of used passwords has puffed up the world’s largest publicly available

Researchers have discovered that Nobelium—the threat actor behind the infamous SolarWinds supply-chain attack, the Sunburst backdoor, TEARDROP malware, GoldMax malware, and other malicious activities—has found a way to use stolen credentials even when they require multi-factor authentication that relies on smartphone push notifications. And the technique

Security researchers have discovered banking Trojan apps on the Google Play Store, and say they have been downloaded by more than 300,000 Android users. As you may know, banking Trojans are kitted for stealing banking data like your username and password, and two-factor authentication (2FA) codes that you use to login to your bank account. They also capab

Domain name registrar giant and hosting provider GoDaddy yesterday disclosed to the Securities and Exchange Commission (SEC) that it had suffered a security breach. In the notice, it explained it had been compromised via an “unauthorized third-party access to our Managed WordPress hosting environment.” The unknown culprit behind the attack sto

A ransomware warning has appeared out of nowhere and started taking over WordPress sites. The warning, with its black background and red writing, says: “SITE ENCRYPTED{ Countdown }FOR RESTORE SEND 0.1 BITCOIN:[address redacted](create file on site /unlock.txt with transaction key inside)” But there’s just one thing… the warning is a