Security Keys – Computer Security Articles

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

February 28, 2023 admin A Little Sunshine, Allison Nixon, data breaches, International Computer Science Institute, Minecraft, Nicholas Weaver, roblox, Security Keys, SIM swapping, T-Mobile, tmo up, unit 221b, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 28 Feb 2023 16:14:57 +0000

Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device.

Independent Krebs

How 1-Time Passcodes Became a Corporate Liability

August 30, 2022 admin 0ktapus, christopher knauer, CloudFlare, data breaches, digitalocean, doordash, Group-IB, klaviyo, mailchimp, Matthew Prince, Security Keys, Security Tools, signal, sitel group, T-Mobile, teleperformance, twilio, Twitter, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 30 Aug 2022 14:53:39 +0000

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms. A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices.

Independent Krebs

Android 7.0+ Phones Can Now Double as Google Security Keys

April 11, 2019 admin Advanced Protection, Android 7.0, Christiaan Brand, google, Security Keys, Security Tools, U2F, Universal 2nd Factor, Yubico

Credit to Author: BrianKrebs| Date: Thu, 11 Apr 2019 16:14:53 +0000

Google this week made it easier for Android users to enable strong 2-factor authentication (2FA) when logging into Google’s various services. The company announced that all phones running Android 7.0 and higher can now be used as Security Keys, an additional authentication layer that helps thwart phishing sites and password theft.

Independent Krebs

Reddit Breach Highlights Limits of SMS-Based Authentication

August 1, 2018 admin 2fa, Authy, data breaches, google, Google Authenticator, number port-out scams, Reddit breach, Security Keys, Security Tools, totp, twofactorauth.org, Yubico

Credit to Author: BrianKrebs| Date: Thu, 02 Aug 2018 00:55:17 +0000

Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn’t seem too severe. What’s interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security.

Independent Krebs

Google: Security Keys Neutralized Employee Phishing

July 23, 2018 admin 2fa, chrome, Dashlane, dropbox, Duo Security, Edge, Facebook, FIDO Alliance, Firefox, Firefox Quantum, GitHub, Google Advanced Protection, Keepass, lastpass, microsoft, opera, safari, Security Keys, Security Tools, U2F, Web Authentication API, WebAuthn, World Wide Web Consortium, Yubikey

Credit to Author: BrianKrebs| Date: Mon, 23 Jul 2018 11:34:38 +0000

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity.