Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Credit to Author: BrianKrebs| Date: Tue, 28 Feb 2023 16:14:57 +0000

Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device.

Read more

How 1-Time Passcodes Became a Corporate Liability

Credit to Author: BrianKrebs| Date: Tue, 30 Aug 2022 14:53:39 +0000

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms. A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices.

Read more

Android 7.0+ Phones Can Now Double as Google Security Keys

Credit to Author: BrianKrebs| Date: Thu, 11 Apr 2019 16:14:53 +0000

Google this week made it easier for Android users to enable strong 2-factor authentication (2FA) when logging into Google’s various services. The company announced that all phones running Android 7.0 and higher can now be used as Security Keys, an additional authentication layer that helps thwart phishing sites and password theft.

Read more

Reddit Breach Highlights Limits of SMS-Based Authentication

Credit to Author: BrianKrebs| Date: Thu, 02 Aug 2018 00:55:17 +0000

Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn’t seem too severe. What’s interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security.

Read more

Google: Security Keys Neutralized Employee Phishing

Credit to Author: BrianKrebs| Date: Mon, 23 Jul 2018 11:34:38 +0000

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity.

Read more