two factor authentication – Page 18

Threatpost News Wrap, June 9, 2017

Posted on June 9, 2017 by Chris Brook

How EternalBlue was ported to Windows 10, a Facebook phishing study, QakBot, and this week’s Apple security announcements are all discussed. Continue reading Threatpost News Wrap, June 9, 2017→

Fraudsters Exploited Lax Security at Equifax’s TALX Payroll Division

Posted on May 18, 2017 by BrianKrebs

Identity thieves who specialize in tax refund fraud had big help this past tax year from Equifax, one of the nation’s largest consumer data brokers and credit bureaus. The trouble stems from TALX, an Equifax subsidiary that provides online payroll, HR and tax services. Equifax says crooks were able to reset the 4-digit PIN given to customer employees as a password and then steal W-2 tax data after successfully answering personal questions about those employees.

In a boilerplate text sent to several affected customers, Equifax said the unauthorized access to customers’ employee tax records happened between April 17, 2016 and March 29, 2017.

Beyond that, the extent of the fraud perpetrated with the help of hacked TALX accounts is unclear, and Equifax refused requests to say how many consumers or payroll service customers may have been impacted by the authentication weaknesses. Continue reading Fraudsters Exploited Lax Security at Equifax’s TALX Payroll Division→

Real-World SS7 Attack — Hackers Are Stealing Money From Bank Accounts

Posted on May 4, 2017 by Swati Khandelwal

Security researchers have been warning for years about critical security holes in the Signaling System 7 (SS7) that could allow hackers to listen in private phone calls and read text messages on a potentially vast scale, despite the most advanced encry… Continue reading Real-World SS7 Attack — Hackers Are Stealing Money From Bank Accounts→

Thieves drain 2fa-protected bank accounts by abusing SS7 routing protocol

Posted on May 3, 2017 by Dan Goodin

The same weakness could be used to eavesdrop on calls and track users’ locations. Continue reading Thieves drain 2fa-protected bank accounts by abusing SS7 routing protocol→

Picture this: Senate staffers’ ID cards have photo of smart chip, no security

Posted on April 26, 2017 by Sean Gallagher

Senate employees just use passwords, and their badges sport a picture of an alternative. Continue reading Picture this: Senate staffers’ ID cards have photo of smart chip, no security→

Amazon third party sellers: A new threat

Posted on April 14, 2017 by William Tsing

On Monday, the Wall Street Journal reported a wave of hijacked Amazon seller accounts that proceeded to fleece buyers for large sums of money. As reported here, attackers would use credentials harvested from other breaches to take over the account, th… Continue reading Amazon third party sellers: A new threat→

Instagram Adds Two-Factor Authentication

Posted on March 24, 2017 by Chris Brook

Instagram became the latest in a long line of services over the years to offer users two-factor authentication.

Continue reading Instagram Adds Two-Factor Authentication→

Phishing 101 at the School of Hard Knocks

Posted on March 24, 2017 by BrianKrebs

A recent, massive spike in sophisticated and successful phishing attacks is prompting many universities to speed up timetables for deploying mandatory two-factor authentication (2FA) — requiring a one-time code in addition to a password — for access to student and faculty services online. This is the story of one university that accelerated plans to require 2FA after witnessing nearly twice as many phishing victims in the first two-and-half months of this year than it saw in all of 2015. Continue reading Phishing 101 at the School of Hard Knocks→

Phishing 101 at the School of Hard Knocks

Posted on March 24, 2017 by BrianKrebs