Search This Blog

Showing posts with label Two Factor Authentication. Show all posts

Why Must You Secure Your Bank Accounts With 2FA Verification?

Technological advancement and the internet have made a revolutionary transformation in helping users conveniently handle their personal finances. One can do anything sitting on a couch, as long as he has a phone or laptop handy. However, along with the positive aspects, bank accounts are the most vulnerable to cybercrimes, marking a major drawback of this change. 

Two-factor authentication (2FA) is one of the most robust solutions to this problem. While the finest smart home security systems are excellent for ensuring household security, 2FA (Two-Factor Authentication) is what you need for online security. 

Although many people are aware of 2FA, a considerable number of them are still oblivious to its utility. The few minutes required to set up this cyber shield are totally worth it. 

What is Two-Factor Authentication? 

2FA is a security tool that acts as an additional layer of verification, along with the username and password. You can consider it a more reliable login. Even though 2FA is more secure than a standard login, once it is set up, it does not take much longer. 

One can categorize 2FA verification into three main types - something you are, something you have, or something you know. 

A 2FA login might as well use a user’s fingerprint or retinal scan in order to verify him. An instance of the “something you have” 2FA would be a user receiving a code on his phone. To fulfill the "something you know" requirement of 2FA, you might be asked a few short security questions that you have already confirmed previously. All forms of 2FA increase the security of your login. 

Why must we use 2FA? 

The most legitimate and prominent reason to use 2FA on all your financial accounts is to protect your finances. Cybercrimes in modern days revolve around acquiring access to accounts via username and password information. A hacker gaining unauthorized access to your bank account is worse than someone stealing your credit or debit card since there are more techniques already in place for the stolen card. 

For the same reasons, most banks have now started offering 2FA or making it mandatory for users for any online banking procedures. Since not all banks possess 2FA, it is better if a user checks if their banks offer 2FA for logging in to their bank accounts. 

Keep Your Financial Accounts Secure 

The added security that 2FA creates is worth the short setup time and extra login step, for cybercrime is particularly likely to attack bank accounts. This security measure is a potent deterrent against intruders and must not be overlooked.  

 Plex Breach: Alerts Users Must Reset Their Passwords

Plex, a streaming media service, has revealed a data theft and advised users to change their passwords.
According to the company's statement to its clients, all account passwords were encrypted and hashed utilizing the firm's approved guidelines. Nevertheless, there is proof that credentials were accessed. 

One of the most popular media streaming programs, Plex enables users to stream their own audio, video, and images stored on their own personal media servers in addition to movies and live television. It's worth noting that more than 30 million people are registered users of Plex. 

As per a spokesperson of Plex, the exploit affects both streaming and personal media clients. Although Plex is requesting that all customers change their own passwords, the representative would not disclose the number of accounts are affected by the hack. 

About the breach

Various Plex video streaming users reported having trouble logging into their accounts on Wednesday. Troy Hunt, a security researcher, also stated his concern and uploaded screenshots of the issues he saw when attempting to access his account.

Later, Plex reported being hacked and revealed that the hackers gained access to its private database and stole at least 15 to 30 million of its users' usernames, emails, and passwords.

The intruders were unable to access users' private media libraries, which might have contained sensitive media files like private images, pirated content, and other credentials. Payment information, according to Plex, is not kept on the company's servers. 

The company emphasized that because the passwords were cryptographically scrambled, hackers would need to use extra tools to decrypt the hashes and convert them to plaintext. The passwords, as per Plex, were hashed with bcrypt, one of the safe and robust password-protection methods that are also difficult to decode. It urged consumers to enable 2FA and utilize complex passwords on all of their websites, apps, and services. 

The incident's further specifics are still vague, and Plex hasn't officially disclosed the hack on its website or social media. The inquiries were also not immediately answered by Plex spokespersons. 

It's important to use a password manager and use two-factor authentication whenever you can to make it far more difficult for hackers to access your online accounts after the Plex incident. 

Slack Fixed Security Flaw for Passwords

When establishing or revoking shared invitation links for workplaces, a bug revealed salted password hashes, therefore Slack claimed it reset passwords for around 0.5 percent of its users.

A cryptographic method known as hashing converts any type of data into a fixed-size output. Salting is intended to strengthen the hashing operation's security and make it more resilient to brute-force attacks.

The flaw was found and patched in Slack's Shared Invite Link functionality, which allows Slack workspace owners to generate a link that will allow anybody to join, according to official Slack documentation. The function is provided as an alternative to sending out individual email invitations to join the workplace.

All users who created or canceled shared invitation links between 17 April 2017 and 17 July 2022 are said to have been affected by the problem, which was discovered by an anonymous independent security researcher.

Bret Taylor, co-CEO of Salesforce, stated on the business's most recent earnings call in May for the period ending April 30 that the number of customers investing more than $100,000 on Slack annually had increased by more than 40% on an annualized basis for four straight quarters. In July 2021, Salesforce completed the $27.7 billion acquisition of Slack.

The business claimed that no Slack client kept or displayed the hashed password and that active encrypted network traffic monitoring was necessary for its discovery. The business is also using the event to encourage people to enable two-factor authentication as a defense against account takeover attempts and develop original passwords for online services.

Kaspersky ICS CERT has Discovered Several Spyware Attacks Aimed at Industrial Enterprises


Researchers discovered that attackers are targeting industrial businesses with spyware operations that look for corporate credentials to utilise for financial gain as well as to cannibalise infiltrated networks to proliferate further attacks. According to researchers at Kaspersky ICS CERT who discovered the campaigns, the campaigns use off-the-shelf spyware but are unique in that they limit the scope and longevity of each sample to the bare minimum. 

In contrast to generic spyware, the bulk of "anomalous" samples were configured to employ SMTP-based (rather than FTP or HTTP(s)) C2s as a one-way communication channel, implying that they were designed primarily for stealing. Researchers believe that stolen data is used mostly by threat operators to spread the assault within the attacked organization's local network (through phishing emails) and to attack other companies in order to collect new credentials. The attackers exploit corporate email compromised in previous attacks as C2 servers for new assaults.

Researchers have discovered a huge set of campaigns that spread from one industrial firm to another via hard-to-detect phishing emails disguised as the victim companies' correspondence and abusing their corporate email systems to attack through the contact lists of infected mailboxes. 

Surprisingly, corporate antispam solutions assist attackers in remaining undetected while exfiltrating stolen credentials from infected machines by rendering them 'invisible' among all the junk emails in spam folders. As a result of malicious operations of this type, researchers have identified over 2,000 business email accounts belonging to industrial companies that have been abused as next-attack C2 servers. Many more have been stolen and sold on the internet, or have been abused in other ways. 

According to the researchers, the actors behind similar campaigns are "low-skilled people and small groups" operating individually. Their goal is to either commit financial crimes using stolen credentials or to profit from selling access to corporate network systems and services. Indeed, they discovered over 25 separate markets where threat actors sell data collected during attacks against industrial businesses. 

“At these markets, various sellers offer thousands of RDP, SMTP, SSH, cPanel, and email accounts, as well as malware, fraud schemes, and samples of emails and webpages for social engineering,” Kaspersky’s Kirill Kruglov explained. More severe threat actors, such as Advanced Persistent Threat (APT) and ransomware gangs, can also use the credentials to launch assaults, according to him. 

To avoid being compromised by the campaigns, Kaspersky recommends establishing two-factor authentication for corporate email access and other internet-facing services such as RDP and VPN-SSL gateways.

1.2 Million users Affected by GoDaddy Data Breach


GoDaddy, the web hosting provider, has announced a data breach as well as warned that data on 1.2 million clients might be compromised. 

GoDaddy Inc. is a publicly listed American Internet domain registration and web hosting firm based in Tempe, Arizona, and incorporated in Delaware. GoDaddy has over 20 million clients and over 7,000 employees globally as of June 2020. 

Demetrius Comes, GoDaddy's chief information security officer, said in a statement with the Securities and Exchange Commission that the business discovered unauthorized access to its networks in which it hosts and administers its customers' WordPress servers. 

WordPress is a web-based content management system that millions of people use to create blogs and web pages. Users can host their WordPress installations on GoDaddy's servers. 

According to GoDaddy, an unauthorized user gained access to GoDaddy's systems around September 6th. GoDaddy stated that the breach was detected last week, on November 17. It is unclear whether the hacked password was secured using two-factor authentication. 

According to the complaint, the hack impacts 1.2 million current and inactive WordPress users, whose email accounts and customer numbers were disclosed. According to GoDaddy, this disclosure may put users at increased risk of phishing attacks. As per the web host, the initial WordPress admin password generated while WordPress had been installed, which could be used to manage a customer's WordPress server, had also been exposed. 

Active users' FTP credentials (for file transfers) as well as the login information for their WordPress accounts, that store all of the user's content, were compromised in the incident, according to the business. In certain situations, the user's SSL (HTTPS) private key was revealed, which might allow an attacker to mimic the customer's website or services if misused. 

According to GoDaddy, it has updated client WordPress passwords and private keys and is now in the process of providing new SSL certificates. Meanwhile, Dan Race, a GoDaddy spokeswoman, refused to respond, citing the company's ongoing investigation.

Apple Engineers unveils a proposal to standardize the two factor authentication process and Google backs it up!

Apple known for it's off the charts security features was recently troubled with hacks, malware and phishing attacks staining its reputation and customer trust. And to counter that, Apple has again risen to strengthen its security and user experience - the tech company is planning on standardizing two-factor authentication (2FA) to prevent security issues and phishing scams. reported that Apple engineers have put forward a proposal to enable a standardized format for a two-factor authentication login method where users receive a one time password (OTP) via SMS during login. The suggestion was given by engineers of Apple Webkit, from the Safari browser - the default mackintosh browser. The suggestion was also backed by engineers working on Chromium, Google.

The feature would use SMSs containing the login URL. Usually, with two-factor authentication users have to see their mobile or write down the code and then try to login which makes the whole process long and frustrating but Apple always tries to give the customer the best experience and to tackle this they have come up with a standardize and automated method.

What's different with this feature than the other two factor authentications is that it will standardize the process and format for the browser and mobile applications. The incoming messages will be easily identified by the browser or mobile applications, the browser will recognize and identify the web domain in the SMS and automatically extract the One Time Password (OTP) and complete the login. This will prevent the user from being scammed as the process will be automated and the browser or the mobile app will recognize the authentic source.

 According to the report, "The proposal has two goals. The first is to introduce a way that OTP SMS messages can be associated with a URL. This is done by adding the login URL inside the SMS itself. 
The second goal is to standardize the format of 2FA/OTP SMS messages, so browsers and other mobile apps can easily detect the incoming SMS, recognize web domain inside the message, and then automatically extract the OTP code and complete the login operation without further user interaction." 
After enabling the feature, browsers and apps will be automated and complete the login through 2FA (two-factor authentication ) by obtaining the OTP. In case of a mismatch, the automatic process will fail and the user will be able to see the website URL and complete the login process.