 Your new post is loading...
Your new post is loading...
|
Scooped by
Gust MEES
|
|
|
Scooped by
Gust MEES
|
|
|
Scooped by
Gust MEES
|
|
|
Scooped by
Gust MEES
|
Telefonnummern und persönlichen Daten von Hunderten Millionen Facebook-Nutzern sind am Samstag in einem Forum für Hacker veröffentlicht worden. Das berichten mehrere Medien. Obwohl die Daten schon einige Jahre alt sein sollen, stellen sie für diejenigen, deren Angaben publik wurden, ein Risiko dar.
Die Veröffentlichungen sollen persönliche Informationen von über 533 Millionen Facebook-Nutzern aus 106 Ländern umfassen, darunter über 32 Millionen Datensätze zu Nutzern in den USA, 11 Millionen zu Nutzern in Großbritannien und 6 Millionen zu Nutzern in Indien. Die Datensätze enthalten Telefonnummern, Facebook-IDs, vollständige Namen, Standorte, Geburtsdaten und in einigen Fällen auch E-Mail-Adressen.
Die nun aufgetauchten Daten sollen von dem Cybercrime-Unternehmen Hudson Rock entdeckt worden sein. Sie könnten Kriminellen wertvolle Informationen liefern. So ist denkbar, dass Unbefugte die persönlichen Daten von Menschen verwenden, um sich als diese auszugeben. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication https://www.scoop.it/topic/securite-pc-et-internet/?&tag=2FA https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES
|
|
Scooped by
Gust MEES
|
A new Android malware strain has been uncovered, part of the Rampant Kitten threat group’s widespread surveillance campaign that targets Telegram credentials and more.
Researchers have uncovered a threat group launching surveillance campaigns that target victims’ personal device data, browser credentials and Telegram messaging application files. One notable tool in the group’s arsenal is an Android malware that collects all two-factor authentication (2FA) security codes sent to devices, sniffs out Telegram credentials and launches Google account phishing attacks.
Researchers found the threat group, dubbed Rampant Kitten, has targeted Iranian entities with surveillance campaigns for at least six years. It specifically targets Iranian minorities and anti-regime organizations, including the Association of Families of Camp Ashraf and Liberty Residents (AFALR); and the Azerbaijan National Resistance Organization.
The threat group has relied on a wide array of tools for carrying out their attacks, including four Windows info-stealer variants used for pilfering Telegram and KeePass account information; phishing pages that impersonate Telegram to steal passwords; and the aforementioned Android backdoor that extracts 2FA codes from SMS messages and records the phone’s voice surroundings. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication
|
|
Scooped by
Gust MEES
|
Some types of two-factor authentication (2FA) security can no longer be guaranteed to keep the bad guys out, the FBI is reported to have warned US companies in a briefing note circulated last month.
FBI reporting identified several methods cyber actors use to circumvent popular multi-factor authentication techniques in order to obtain the one-time passcode and access protected accounts.
The simplest and therefore most popular bypass is SIM swap fraud, in which the attacker convinces a mobile network (or bribes an employee) to port a target’s mobile number, allowing them to receive 2FA security codes sent via SMS text.
Naked Security now regularly covers this kind of hack, almost always because it was used to empty people’s bank accounts, steal cryptocurrency from wallets or exchange accounts, or to attack services such as PayPal. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication
|
|
Scooped by
Gust MEES
|
According to German business news outfit Handelsblatt, a number banks – whether private, co-operative or public – have either stopped offering the option or are planning to remove it by the end of the year. Among these are Postbank, Berliner Sparkasse, Consorsbank, and others.
The reasons are mostly due to security and regulation compliance
Since a lot of people do their online banking via their mobile/smart phones, hackers need to compromise only this device to get all the information needed to perform a fraudulent transaction. Users can have also their online banking credentials compromised and be targeted with fake text messages purportedly coming from the bank.
It’s also becoming common for attackers to perform SIM swapping to impersonate the target’s phone and validate the fraudulent transaction. And, finally, there have been instances of criminals exploiting long-known security vulnerabilities in the SS7 protocols to bypass German banks’ two-factor authentication and drain their customers’ bank accounts. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication
|
|
Scooped by
Gust MEES
|
Sicherheitsforscher wollen entdeckt haben, wie man jedes Facebook-Konto hacken kann, für das eine Handynummer hinterlegt ist.
|
|
|
Scooped by
Gust MEES
|
|
|
Scooped by
Gust MEES
|
|
|
Scooped by
Gust MEES
|
|
|
Scooped by
Gust MEES
|
|
|
Scooped by
Gust MEES
|
In a statement published today, Twitter disclosed a security incident during which third-parties exploited the company's official API (Application Programming Interface) to match phone numbers with Twitter usernames.
In an email seeking clarifications about the incident, Twitter told ZDNet that they became aware of exploitation attempts against this API feature on December 24, 2019, following a report from tech news site TechCrunch. The report detailed the efforts of a security researcher who abused a Twitter API feature to match 17 million phone numbers to public usernames.
Twitter says that following this report it intervened and immediately suspended a large network of fake accounts that had been used to query its API and match phone numbers to Twitter usernames. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Twitter
|
|
Scooped by
Gust MEES
|
The spyware poses as a legitimate application, spreading via SMS messages to victims’ contact lists.
An Android malware dubbed “FunkyBot” has started making the scene in Japan, operated by the same attackers responsible for the FakeSpy malware. It intercepts SMS messages sent to and from infected devices.
According to FortiGuard Labs, the malware (named after logging strings found in the persistence mechanism of the payload) masquerades as a legitimate Android application. The payload thus consists of two .dex files: One is a copy of the original legitimate application that the malware is impersonating, and the other is malicious code.
As for the kill chain, a packer first determines which version of Android the phone is running on, in order to generate the proper payload. After that, the payload is started by calling the method `runCode` class through Java reflection. This starts a class called KeepAliceMain, which is used as persistence mechanism by the malware. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Android
|
|
Scooped by
Gust MEES
|
A new wave of attacks is targeting Google and Yahoo accounts in order to bypass two-factor authentication as well as compromise users of secure email services, researchers have warned.
On Wednesday, a new report published by non-profit Amnesty International gave us a glimpse into the inner workings of recent phishing campaigns which are using a variety of techniques to infiltrate user accounts across the Middle East and North Africa.
Within the report, the researchers say that several campaigns are underway, likely conducted by the same threat group in order to target Human Rights Defenders (HRDs).
The first campaign involves hundreds of Google and Yahoo accounts being targeted, resulting in the "successful bypass of common forms of two-factor authentication (2FA)." Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication
|
|
Scooped by
Gust MEES
|
Two-factor authentication involving SMS, while used by most banks for quite some time, is not unbeatable.
|
Hackers have found a way to gain unauthorized access to Google accounts, bypassing any multi-factor authentication (MFA) the user may have set up. To do this they steal authentication cookies and then extend their lifespan. It doesn’t even help if the owner of the account changes their password.
Since the discovery of the exploit, numerous white and black hat security researchers have looked into and discussed the issue. As a result, the exploit is now built into various information stealers.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication
https://www.scoop.it/topic/securite-pc-et-internet/?&tag=2FA
https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES
https://www.scoop.it/topic/securite-pc-et-internet/?&tag=MFA