July 4, 2024 at 03:37AM Twilio confirmed a data breach where hackers leaked 33 million phone numbers and account IDs associated with Authy. However, Twilio found no evidence of access to its systems and advised users to update security measures. The breach could lead to phishing and smishing attacks, urging heightened awareness among Authy users. … Read more
July 3, 2024 at 11:51PM Twilio, a cloud communications provider, disclosed a mobile security breach in the Authy 2FA app. Threat actors exploited an unauthenticated endpoint to access user data, prompting the company to secure the endpoint. Although no direct system breach was proven, Twilio urged users to upgrade their apps due to possible phishing … Read more
July 2, 2024 at 10:07AM Schools and libraries globally face a rise in cybersecurity threats, with 29% of U.S. K-12 schools having been attacked, according to the Center for Internet Security. Johnathan Kim, from Woodland Hills School District, discusses the challenges and vulnerabilities schools encounter, emphasizing the need for robust cybersecurity measures and staff education … Read more
June 6, 2024 at 01:57PM Hackers are targeting GitHub repositories, wiping content, and directing victims to Telegram. This follows an ongoing campaign spotted by security researcher Germán Fernández. The threat actor, Gitloker, claims to back up and secure data but demands victims reach out on Telegram. GitHub advises users to strengthen security measures and monitor … Read more
June 3, 2024 at 10:35PM Hudson Rock has removed its report about cybercriminals breaching Snowflake’s systems and stealing data from customers like Ticketmaster and Santander Bank, following legal pressure from Snowflake. Snowflake denies any breach, stating that stolen individual customer account credentials may have been used. The breach’s extent and impact are subject to ongoing … Read more
May 14, 2024 at 07:15AM Deploying advanced authentication measures is crucial for organizations in addressing human users as the weakest cybersecurity link. Mistakes to avoid include failing to conduct a risk assessment, neglecting integration with current systems, relying on one authentication factor, disregarding user experience, overlooking authentication activities, and neglecting user training. These mistakes hinder … Read more
May 13, 2024 at 10:19AM Firstmac Limited, a major player in Australia’s financial industry, discloses a data breach following a cyber-extortion group’s leak of over 500GB of information allegedly stolen from the company. Despite compromised personal data, they assure customers of secure accounts and have enhanced security measures, including two-factor authentication. Customers receive free identity … Read more
May 3, 2024 at 03:09AM Google announced that passkeys are used by over 400 million accounts, authenticating users over 1 billion times in two years. Passkeys, faster and phishing-resistant, are replacing legacy two-factor authentication and expanding Cross-Account Protection. They will support high-risk users and can be used as the only means of authentication. Other companies … Read more
April 28, 2024 at 10:30AM Okta has reported a significant increase in credential stuffing attacks, facilitated by residential proxy services and stolen credentials. Cisco also cautioned of a surge in brute-force attacks targeting various devices. These attacks appear to originate from TOR exit nodes and anonymizing services. Okta recommends enforcing strong passwords, enabling two-factor authentication, … Read more
April 23, 2024 at 01:00PM The National Police Agency in South Korea issued an urgent warning about North Korean hacking groups targeting defense industry entities in South Korea. Groups Lazarus, Andariel, and Kimsuky breached companies by exploiting vulnerabilities, stealing critical technology information. Special inspection found multiple companies compromised since late 2022, leading to recommendations for … Read more