2FA Archives - Cyber Security Minute

QR Code Phishing Campaign Targets Top US Energy Company

Issued by: Dark Reading

Attackers targeted a major US energy company with a phishing campaign that overall sent more than 1,000 emails armed with malicious QR codes aimed at stealing Microsoft credentials. The campaign, discovered by Cofense in May, used both PNG image attachments and redirect links associated with Microsoft Bing and well-known business applications — including Salesforce and…

Application Security

Google leaking 2FA secrets – researchers advise against new “account sync” feature for now

Issued by: Naked Security

The Google Authenticator 2FA app has featured strongly in cybersecurity news stories lately, with Google adding a feature to let you backup your 2FA data into the cloud and then restore it onto other devices. To explain, a 2FA (two-factor authentication) app is one of those programs that you run on your mobile phone or…

Network Security

Who are the worst password offenders of 2020?

Issued by: Help Net Security

As our lives have migrated almost entirely online due to the pandemic, the Dashlane list highlights the companies and organizations with the most significant password-related mishaps of 2020. Social networking may have kept us connected in the year of COVID-19-induced social distancing, but unfortunately Twitter and Zoom (which took the #1 and #2 spots on…

Network Security, Vulnerabilities

Users still engaging in risky password, authentication practices

Issued by: Help Net Security

IT security practitioners are aware of good habits when it comes to strong authentication and password management, yet often fail to implement them due to poor usability or inconvenience, according to Yubico and Ponemon Institute. The conclusion is that IT security practitioners and individuals are both engaging in risky password and authentication practices, yet expectation…

Malware & Threats

Phishing attacks that bypass 2-factor authentication are now easier to execute

Issued by: CSO

Penetration testers and attackers have a new tool in their arsenal that can be used to automate phishing attacks in a way that defeats two-factor authentication (2FA) and is not easy to detect and block. The tool makes such attacks much easier to deploy, so organizations should adapt their anti-phishing training accordingly. The new toolkit…

Software Security

ImageWare Launches Multi-modal Biometric Authentication for Enterprises

Issued by: Security Week

Today’s security consensus is that password-based authentication and access is insecure, and that some form of two- or multi-factor authentication is necessary. The simplest and easiest second factor is an SMS-based soft token, and that is the route already adopted by many organizations. However, NIST’s recently published concern over some implementations of SMS-based 2FA has…