GitHub outlines plans to secure npm following multiple supply-chain attacks, including deprecating legacy classic tokens and migrating users to FIDO-based 2FA
Addressing a surge in package registry attacks, GitHub is strengthening npm's security with stricter authentication, granular tokens …
Researchers detail a side channel attack, which requires ~$11K worth of equipment and can be used to clone all YubiKeys running firmware prior to version 5.7
Sophisticated attack breaks security assurances of the most popular FIDO key. — The YubiKey 5, the most widely used hardware token …
Filing: Caesars confirms the casino operator was hacked via a social engineering attack on an outsourced IT support vendor; sources: Caesars paid a ~$15M ransom
CURRENT REPORT Pursuant to Section 13 or 15(d) of the Securities Exchange Act … Thomas Barrabi / New York Post : Caesars Entertainment paid about $15M to hackers who stole customer Social Security num...
Apple releases iOS 16.3, iPadOS 16.3, and macOS Ventura 13.2 with FIDO key support for Apple ID, Advanced Data Protection out globally, security fixes, and more
Apple has released the latest iOS 16.3 to everyone … Chance Miller / 9to5Mac : iOS 16.3 for iPhone now available to everyone: Here's what's new Joe Wituschek / iMore : iOS 16.3, iPadOS 16.3, watchOS 9...
Uber takes some internal systems offline to investigate a network breach; Yuga Labs' Sam Curry says it appears the hacker pretty much has “full access to Uber”
what you need to know Msmash / Slashdot : Uber Investigating Breach of Its Computer Systems Prajeet Nair / BankInfoSecurity.com : Uber Probes Breach After Hacker Boasts About Intrusion Michael Hill / ...
Twilio discloses “unauthorized access” on August 4 by a “sophisticated” unknown actor using an SMS-based phishing attack on staff to gain info on some accounts
Leaks Private Data via Phishing Jose Montes de Oca / Newslit Daily : 🗞 Axios to Sell to Cox Enterprises for $525MM Pierluigi Paganini / Security Affairs : Twilio discloses data breach that impacted cu...
Ghana-based Fido, which offers financial tools and loans to individuals and businesses via its mobile app, raised a $30M Series A led by Fortissimo Capital
Annie Njanja / TechCrunch :
A look at the FIDO Alliance's vision of a passwordless future, based on a passkey-like “FIDO credential” manager that lets users easily switch between devices
After a decade of work, the FIDO Alliance says it's found the missing piece in the bridge to a password-free future.
A look at the booming market for bots that steal 2FA codes, often using SMS services like Twilio, to break into Coinbase, Amazon, PayPal, and bank accounts
The bots convincingly and effortlessly help hackers break into Coinbase, Amazon, PayPal, and bank accounts. — Joseph Cox Tweets: @josephfcox , @motherboard , @rzol , @josephfcox , @josephfcox , @jos...
2020 political campaigns secured emails with physical security keys from a nonprofit working with Google and Microsoft; source says Biden's campaign used keys
Jordan Novet / CNBC : Tweets: @netik , @codinghorror , and @eladgil Tweets: John Adams / @netik : U2F and FIDO worked to stop email attacks this year. Stop using SMS 2FA. Let's get this in the hands ...