 Your new post is loading...
Your new post is loading...
|
Scooped by
Gust MEES
December 16, 2024 4:32 PM
|
|
|
Scooped by
Gust MEES
August 22, 2024 6:02 PM
|
|
|
Scooped by
Gust MEES
January 12, 2024 4:30 PM
|
|
|
Scooped by
Gust MEES
August 5, 2022 5:26 AM
|
|
|
Scooped by
Gust MEES
February 15, 2022 3:11 PM
|
|
|
Scooped by
Gust MEES
April 3, 2021 6:52 PM
|
Telefonnummern und persönlichen Daten von Hunderten Millionen Facebook-Nutzern sind am Samstag in einem Forum für Hacker veröffentlicht worden. Das berichten mehrere Medien. Obwohl die Daten schon einige Jahre alt sein sollen, stellen sie für diejenigen, deren Angaben publik wurden, ein Risiko dar.
Die Veröffentlichungen sollen persönliche Informationen von über 533 Millionen Facebook-Nutzern aus 106 Ländern umfassen, darunter über 32 Millionen Datensätze zu Nutzern in den USA, 11 Millionen zu Nutzern in Großbritannien und 6 Millionen zu Nutzern in Indien. Die Datensätze enthalten Telefonnummern, Facebook-IDs, vollständige Namen, Standorte, Geburtsdaten und in einigen Fällen auch E-Mail-Adressen.
Die nun aufgetauchten Daten sollen von dem Cybercrime-Unternehmen Hudson Rock entdeckt worden sein. Sie könnten Kriminellen wertvolle Informationen liefern. So ist denkbar, dass Unbefugte die persönlichen Daten von Menschen verwenden, um sich als diese auszugeben. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication https://www.scoop.it/topic/securite-pc-et-internet/?&tag=2FA https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES
|
|
Scooped by
Gust MEES
September 21, 2020 12:52 PM
|
A new Android malware strain has been uncovered, part of the Rampant Kitten threat group’s widespread surveillance campaign that targets Telegram credentials and more.
Researchers have uncovered a threat group launching surveillance campaigns that target victims’ personal device data, browser credentials and Telegram messaging application files. One notable tool in the group’s arsenal is an Android malware that collects all two-factor authentication (2FA) security codes sent to devices, sniffs out Telegram credentials and launches Google account phishing attacks.
Researchers found the threat group, dubbed Rampant Kitten, has targeted Iranian entities with surveillance campaigns for at least six years. It specifically targets Iranian minorities and anti-regime organizations, including the Association of Families of Camp Ashraf and Liberty Residents (AFALR); and the Azerbaijan National Resistance Organization.
The threat group has relied on a wide array of tools for carrying out their attacks, including four Windows info-stealer variants used for pilfering Telegram and KeePass account information; phishing pages that impersonate Telegram to steal passwords; and the aforementioned Android backdoor that extracts 2FA codes from SMS messages and records the phone’s voice surroundings. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication
|
|
Scooped by
Gust MEES
October 11, 2019 7:25 AM
|
Some types of two-factor authentication (2FA) security can no longer be guaranteed to keep the bad guys out, the FBI is reported to have warned US companies in a briefing note circulated last month.
FBI reporting identified several methods cyber actors use to circumvent popular multi-factor authentication techniques in order to obtain the one-time passcode and access protected accounts.
The simplest and therefore most popular bypass is SIM swap fraud, in which the attacker convinces a mobile network (or bribes an employee) to port a target’s mobile number, allowing them to receive 2FA security codes sent via SMS text.
Naked Security now regularly covers this kind of hack, almost always because it was used to empty people’s bank accounts, steal cryptocurrency from wallets or exchange accounts, or to attack services such as PayPal. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication
|
|
Scooped by
Gust MEES
July 15, 2019 8:13 AM
|
According to German business news outfit Handelsblatt, a number banks – whether private, co-operative or public – have either stopped offering the option or are planning to remove it by the end of the year. Among these are Postbank, Berliner Sparkasse, Consorsbank, and others.
The reasons are mostly due to security and regulation compliance
Since a lot of people do their online banking via their mobile/smart phones, hackers need to compromise only this device to get all the information needed to perform a fraudulent transaction. Users can have also their online banking credentials compromised and be targeted with fake text messages purportedly coming from the bank.
It’s also becoming common for attackers to perform SIM swapping to impersonate the target’s phone and validate the fraudulent transaction. And, finally, there have been instances of criminals exploiting long-known security vulnerabilities in the SS7 protocols to bypass German banks’ two-factor authentication and drain their customers’ bank accounts. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication
|
|
Scooped by
Gust MEES
June 16, 2016 9:12 AM
|
Sicherheitsforscher wollen entdeckt haben, wie man jedes Facebook-Konto hacken kann, für das eine Handynummer hinterlegt ist.
|
|
|
Scooped by
Gust MEES
December 13, 2024 10:46 AM
|
|
|
Scooped by
Gust MEES
July 3, 2024 5:01 PM
|
|
|
Scooped by
Gust MEES
April 28, 2023 11:26 AM
|
|
|
Scooped by
Gust MEES
February 25, 2022 3:25 PM
|
|
|
Scooped by
Gust MEES
April 4, 2021 6:44 AM
|
|
|
Scooped by
Gust MEES
March 22, 2021 8:33 AM
|
|
|
Scooped by
Gust MEES
February 5, 2020 11:58 AM
|
In a statement published today, Twitter disclosed a security incident during which third-parties exploited the company's official API (Application Programming Interface) to match phone numbers with Twitter usernames.
In an email seeking clarifications about the incident, Twitter told ZDNet that they became aware of exploitation attempts against this API feature on December 24, 2019, following a report from tech news site TechCrunch. The report detailed the efforts of a security researcher who abused a Twitter API feature to match 17 million phone numbers to public usernames.
Twitter says that following this report it intervened and immediately suspended a large network of fake accounts that had been used to query its API and match phone numbers to Twitter usernames. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Twitter
|
|
Scooped by
Gust MEES
September 8, 2019 5:01 PM
|
The spyware poses as a legitimate application, spreading via SMS messages to victims’ contact lists.
An Android malware dubbed “FunkyBot” has started making the scene in Japan, operated by the same attackers responsible for the FakeSpy malware. It intercepts SMS messages sent to and from infected devices.
According to FortiGuard Labs, the malware (named after logging strings found in the persistence mechanism of the payload) masquerades as a legitimate Android application. The payload thus consists of two .dex files: One is a copy of the original legitimate application that the malware is impersonating, and the other is malicious code.
As for the kill chain, a packer first determines which version of Android the phone is running on, in order to generate the proper payload. After that, the payload is started by calling the method `runCode` class through Java reflection. This starts a class called KeepAliceMain, which is used as persistence mechanism by the malware. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Android
|
|
Scooped by
Gust MEES
December 27, 2018 9:38 AM
|
A new wave of attacks is targeting Google and Yahoo accounts in order to bypass two-factor authentication as well as compromise users of secure email services, researchers have warned.
On Wednesday, a new report published by non-profit Amnesty International gave us a glimpse into the inner workings of recent phishing campaigns which are using a variety of techniques to infiltrate user accounts across the Middle East and North Africa.
Within the report, the researchers say that several campaigns are underway, likely conducted by the same threat group in order to target Human Rights Defenders (HRDs).
The first campaign involves hundreds of Google and Yahoo accounts being targeted, resulting in the "successful bypass of common forms of two-factor authentication (2FA)." Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication
|
|
Scooped by
Gust MEES
March 15, 2016 5:04 PM
|
Two-factor authentication involving SMS, while used by most banks for quite some time, is not unbeatable.
|
A critical vulnerability in Microsoft’s multi-factor authentication (MFA) — dubbed "AuthQuake" — could let attackers bypass MFA and gain unauthorized access to a user’s account.
Discovered by Oasis Security, the researchers reported in a Dec. 11 blog post that the bypass could let attackers access Outlook emails, OneDrive files, Teams chats, and the Azure Cloud.
Because Microsoft has more than 400 million paid Office 365 seats, the consequences of this vulnerability has potentially high impact across numerous industries, especially since there was about a four-month gap between the time it was reported and a patch was released.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication
https://www.scoop.it/topic/securite-pc-et-internet/?&tag=2FA
https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES
https://www.scoop.it/topic/securite-pc-et-internet/?&tag=MFA