GitHub Touts 2FA Adoption Success, Looks Ahead to Further Adoption

GitHub today revealed that its initiative to get users to enable one or more forms of two-factor authentication (2FA) by the end of 2023 has been hugely successful.
The post GitHub Touts 2FA Adoption Success, Looks Ahead to Further Adoption appeared fi… Continue reading GitHub Touts 2FA Adoption Success, Looks Ahead to Further Adoption

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device. Continue reading Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

How 1-Time Passcodes Became a Corporate Liability

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms. A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. Continue reading How 1-Time Passcodes Became a Corporate Liability

Voice Phishers Targeting Corporate VPNs

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. But one increasingly brazen group of crooks is taking your standard phishing attack to the next level, marketing a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees. Continue reading Voice Phishers Targeting Corporate VPNs

Google updates anti-phishing tools by streamlining iOS capabilities

Google is making it easier to use physical security keys on iOS devices. The company says that Apple product owners will now be able to use Titan Security Keys, which fend off phishing and other threats, on personal and professional Google accounts. Google’s Advanced Protection Program, dedicated to protecting users at risk of targeted malicious software attacks, announced the update in a blog post Wednesday. It’s the latest move from Google to expand protection after the Advanced Protection Program unit said in January that users could utilize iPhone or Android devices as a unique security key to access their accounts. Now, by using near-field communication protocols, users should be able to sign in by tapping a security key on the back of an iPhone. “This capability….simplifies your security key experience on compatible iOS devices and allows you to use more types of security keys for your Google Account and the […]

The post Google updates anti-phishing tools by streamlining iOS capabilities appeared first on CyberScoop.

Continue reading Google updates anti-phishing tools by streamlining iOS capabilities

Android 7.0+ Phones Can Now Double as Google Security Keys

Google this week made it easier for Android users to enable strong 2-factor authentication (2FA) when logging into Google’s various services. The company announced that all phones running Android 7.0 and higher can now be used as Security Keys, an additional authentication layer that helps thwart phishing sites and password theft. Continue reading Android 7.0+ Phones Can Now Double as Google Security Keys