Browsing tag
So far two Telegram bots called SMSRanger and BloodOTPbot have been found taking part in this malicious campaign. Intel 471 researchers report that Telegram-powered bots are the hot favorites of threat actors as this helps them steal Telegram’s one-time passwords (OTPs) required on the 2FA (two-factor authentication) security process. SEE: Hackers selling sensitive data from […]
Coinbase is working to reimburse the customers for the funds they have lost and help them regain control of their accounts. Coinbase Global Inc. has sent a breach notification letter to its customers affected by the cyberattack on the widely used cryptocurrency exchange. As per the letter, hackers managed to steal accounts of at least […]
These apps were designed to pass as BtcTurk, a Turkish cryptocurrency exchange. Researcher Lukas Stefanko at the Slovakian security firm ESET has discovered Android malware in new apps that can bypass the SMS-based two-factor authentication (2FA) without using SMS permissions. The malicious apps are available on the very reliable platform Google Play Store. Don’t buy […]
Two-factor authentication is one of the most reliable authentication methods. However, if anybody has access to the authentication codes received in messages, your accounts are at risk. This is why Google introduced Titan Security Key, a 2FA device that acts as a physical key. Now, Google has further strengthened the 2FA system by making your Android […]
A recent report by Tech Crunch states that phone numbers linked to Facebook accounts could be used to look up profiles. Last year, the company had pestered users into registering their phone numbers for two-factor authentication. The problem here is that users cannot opt out of this feature and anyone with or without an account […]
While most users consider two-factor authentication a security measure to protect accounts, a researcher has proved otherwise. The researcher has simply deployed the tool online for easy access. As reported, he has developed a penetration testing tool named “Modlishka”. This Modlishka tool can bypass two-factor authentication and automate phishing attacks. 2FA Bypass Using Modlishka Tool […]
This authentication method might not be as secure as we thought Piotr Duszynski, a researcher specialist on network security born in Poland, recently announced the launching of a tool called “Modlishka” (Mantis in Polish), which, according to the expert, is a penetration testing tool that allows users to deploy phishing campaigns automatically, for example. He […]
The attack was carried out by Iran-backed charming kitten hackers and victims include dozens of US government officials. Private emails of US sanctions officials and nuclear scientists have been breached by Iranian state-sponsored hackers. As per the data obtained by Certfa, a cybersecurity firm based in London, the hacking group Charming Kitten is responsible for the […]
There’s bad news for those who rely upon SMS-based 2FA authentication. A Berlin-based security researcher Sébastien Kaul has revealed that Voxox exposed a huge database containing tens of millions of text messages by storing it on an unprotected server. The VOIP and Cloud communication for SMS and voice services provider firm, Voxox, has exposed sensitive […]
Cryptocurrencies rely on the blockchain, a decentralized ledger that records all transactions ever made within it. The blockchain network consists of multiple nodes that maintain it. To gain control over the network and tamper with transaction data a hacker should compromise most of the nodes, which is practically impossible. So, once blockchain is as safe […]
A majority of users and companies are moving to Two-factor authentication (2FA) for enhancing the security of its data and systems. But contrary to popular belief, it cannot provide a fool-proof layer of security to online accounts since Kevin Mitnick at KnowBe4 has demonstrated that it is very easy to deceive this defensive measure. KnowBe4 […]
The security of SMS-based two-factor authentication has been long-debated. Despite flaws in Signalling System No. 7 (SS7), which is an internationally used telecom protocol to route texts and calls, it continues to be used at a large scale in banking and other services. The security researchers Positive Technologies have shown how a bitcoin wallet can […]
Even 2FA can run up against limitations—like this Find My iPhone attack. As a graduate student studying cryptography, security and privacy (CrySP), software engineeringand human-computer interaction, I’ve learned a thing or two about security. Yet a couple of days back, I watched my entire digital life get violated and nearly wiped off the face of the Earth. That sounds […]