GitHub outlines plans to secure npm following multiple supply-chain attacks, including deprecating legacy classic tokens and migrating users to FIDO-based 2FA
Addressing a surge in package registry attacks, GitHub is strengthening npm's security with stricter authentication, granular tokens …
Researchers detail a side channel attack, which requires ~$11K worth of equipment and can be used to clone all YubiKeys running firmware prior to version 5.7
Sophisticated attack breaks security assurances of the most popular FIDO key. — The YubiKey 5, the most widely used hardware token …
Filing: Caesars confirms the casino operator was hacked via a social engineering attack on an outsourced IT support vendor; sources: Caesars paid a ~$15M ransom
CURRENT REPORT Pursuant to Section 13 or 15(d) of the Securities Exchange Act … Thomas Barrabi / New York Post : Caesars Entertainment paid about $15M to hackers who stole customer Social Security num...
Twilio discloses “unauthorized access” on August 4 by a “sophisticated” unknown actor using an SMS-based phishing attack on staff to gain info on some accounts
Leaks Private Data via Phishing Jose Montes de Oca / Newslit Daily : 🗞 Axios to Sell to Cox Enterprises for $525MM Pierluigi Paganini / Security Affairs : Twilio discloses data breach that impacted cu...
A look at the booming market for bots that steal 2FA codes, often using SMS services like Twilio, to break into Coinbase, Amazon, PayPal, and bank accounts
The bots convincingly and effortlessly help hackers break into Coinbase, Amazon, PayPal, and bank accounts. — Joseph Cox Tweets: @josephfcox , @motherboard , @rzol , @josephfcox , @josephfcox , @jos...
2020 political campaigns secured emails with physical security keys from a nonprofit working with Google and Microsoft; source says Biden's campaign used keys
Jordan Novet / CNBC : Tweets: @netik , @codinghorror , and @eladgil Tweets: John Adams / @netik : U2F and FIDO worked to stop email attacks this year. Stop using SMS 2FA. Let's get this in the hands ...
A behind-the-scenes account on what it was like to provide basic cybersecurity training to 41 Democratic Congressional campaigns from late 2017 to 2018
You know how it happens. You try to secure one Congressional campaign, and then another, and pretty soon you can't stop. Tweets: @pinboard , @allafarce , @codinghorror , @patio11 , @allafarce , @howe...