For my hackathon project I did try to make CFA (Cat Factor Authentication, using your cat's microchip as a second factor) a thing 😆 The project did win a prize, but more for the experimentation then the actual result https://wpengine.com/blog/hackathon-december-2023/
Careful with the 3rd party apps for #Lemmy that are popping. As Lemmy doesn't implement #OAuth, all those apps will directly ask you your login & password.
Also, I'd love to tell you to enable #MFA, but it can only be activated when browsing on mobile, and it's broken. I almost locked myself out of my account because the token was rejected. This may soon turn into a security nightmare.
Ein Bekannter ist zur Zeit in Ausbildung zum #Allgemeinmediziner und sucht einen #Job als #MFA oder #Arzthelfer in oder bei #Hannover. Falls du etwas weißt/eine Stelle anzubieten hast oder du wen kennst, der oder die etwas wissen könnte, schreib mir einfach. :) Danke <3!
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #45/2023 is out! It includes the following and much more:
➝ 🔓 ✈️ #Boeing breach: LockBit leaks 50 GB of data
➝ 🇨🇳 World’s largest commercial bank #ICBC confirms #ransomware attack
➝ 🔓 ☁️ Sumo Logic alerts customers about #securityincident; advises rotate Sumo Logic API access keys
➝ 🔓 🇮🇪 Electric Ireland admits data breach that could see customer financial data compromised
➝ 🔓 🇨🇦 #TransForm says ransomware data breach affects 267,000 patients
➝ 🔓 🇸🇬 #Singapore Marina Bay Sands reward members data breached, over 650k people exposed
➝ 🇮🇱 🇵🇸 🇮🇷 Cyber ops linked to #Israel-#Hamas conflict largely improvised, researchers say
➝ 🧨 🤖 #OpenAI confirms #DDoS attacks behind ongoing #ChatGPT outages
➝ 🛍️ 💸 Fake Ledger Live app in #Microsoft Store steals $768,000 in #crypto
➝ 🔓 🐰 ‘Looney Tunables’ #Glibc Vulnerability Exploited in #Cloud Attacks
➝ 🇺🇸 🇷🇺 US Sanctions Russian National for Helping Ransomware Groups Launder Money
➝ 🇮🇷 🇮🇱 Iranian Hackers Launch Destructive Cyber Attacks on Israeli #Tech and #Education Sectors
➝ 🇫🇷 🇬🇧 #France, #UK Seek Greater Regulation of Commercial #Spyware
➝ 🇪🇺 🤐 #Europe is trading security for digital #sovereignty
➝ 🇷🇺 🇺🇦 Russian Hackers Used #OT Attack to Disrupt Power in #Ukraine Amid Mass Missile Strikes
➝ 🦠 🚪 Highly invasive #backdoor snuck into #opensource packages targets developers
➝ 🦠 🇰🇵 N. Korea's #BlueNoroff Blamed for Hacking #macOS Machines with ObjCShellz #Malware
➝ 🫣 #Signal tests usernames that keep your phone number private
➝ 🔐 Microsoft Authenticator now blocks suspicious #MFA alerts by default
➝ ☁️ 💰 Researchers Uncover Undetectable #CryptoMining Technique on #Azure Automation
➝ 👥 💰 Data Brokers Expose Sensitive US Military Member Info to Foreign Threat Actors: Study
➝ 🩹 Microsoft Says Exchange ‘Zero Days’ Disclosed by #ZDI Already Patched or Not Urgent
➝ 🐛 Veeam warns of critical bugs in #Veeam ONE monitoring platform
📚 This week's recommended reading is: "How the F*ck Did This Happen?: A guide for executives who need to understand Cyber Security in plain, actionable language" by Dr Darryl Carlton
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
Question about implementation of #Passkeys. As I understand it, having a user login with passkey but without UV (User Verification) is not necessarily MFA as it could just be a stolen security key (Something you have).
How is (or should) #MFA with Passkeys implemented in practice? By setting UV as "required"? Or by setting UV as "preferred" and then based on the user response prompt for another factor (eg. #TOTP) in case there was no UV? I am a bit confused about how to fit Passkeys into the current #authentication logic.
One tip for #MFA - if you use something like Google Authenticator, etc., for TOTP, also save your MFA codes to a secure backup, like a @keepassxc database you store locally on another device. This way if your phone gets lost/stolen/broken, you aren't locked out of all of your MFA accounts. There is nothing server side that can tell how many times you scan the QR code. You can register the same TOTP with Google Auth, Authy, and Keepassxc, and it should all work the same.
Fediverse users that are also Xfinity customers drop everything and go change your account security details. Data breach may affect approx 35+ million customers. Attackers may have obtain username, passwords, contact info, social scurity numbers, secret questions and answers ...
I still like their product as it allows sync between devices and it's intuitive to use. Also credit where credit is due: They mention alternatives on their own support page.
The tranche is part of an 18 billion euro ($19.6 billion) support package for 2023, known as the Macro-Financial Assistance (MFA) package for Ukraine, which was disbursed monthly throughout the year.
Key point is this: "companies and end users should always use multi-factor authentication to lockdown accounts when possible and ensure it’s compliant with the #FIDO standard when available. #MFA available through push notifications or one-time passwords provided by text, email, or authenticator apps are better than nothing, but as events over the past few years have demonstrated, they are themselves easily defeated in credential phishing attacks" #webauthn#2fa
Am Donnerstag legten bundesweit rund 2.000 Beschäftigte in Arztpraxen die Arbeit nieder, der Verband medizinischer Fachberufe hatte zum Warnstreik aufgerufen. Die Forderung: bessere Arbeitsbedingungen und mehr Gehalt. 🩺
Praxismanagerin Jana August wollte mit dem Warnstreik auch für mehr Anerkennung ihres Berufs kämpfen. "Wir sind diejenigen, die den Laden am Laufen halten", sagt die Hamburgerin. 🥼
Passwordless is great, but perhaps you need to consider basic MFA to start? If that's you, it's time for a refresher. Spoiler: it's not heavy key fobs any more.
I remember the day I switched to Authy because it would not vendor-lockin me for #TOTP codes. Alas, today is the day where I ditched it because Authy - without warning - stopped supporting the desktop app, even hurrying the deadline by 5 months! That was 70% of the total notification window as far as I could tell.
Requiring a mobile device for #2FA#MFA is not quite the same for me, and it can get lost (or stolen) way too easily for my taste.
Cybersecurity researchers have figured out a way to exploit what seems to be a bug in Apple’s password reset feature in a new scam that can lock you out of your iPhone if you’re not careful.
Heute streiken in vielen #Arztpraxen die medizinischen Fachangestellten (#MFA). Sie fordern höhere Löhne und bessere Arbeitsbedingungen.
Dass die Situation in den Arztpraxen angespannt ist, merken Patient:innen schon längst. Um an Termine zu kommen, braucht man immer öfter starke Nerven.
Ein Ursache der Terminprobleme liegt in den Missständen, auf die MFAs heute aufmerksam machen. Es ist eine von 5 Ursachen, die ich für meinem Text bei @Krautreporter gefunden habe.
The FIDO specification defines a form of Universal 2nd Factor (U2F) when users log in to a system. Rather than relying on one-time codes sent via SMS, or displayed on a phone screen, these are physical hardware tokens which are used to supplement passwords. When used with websites, this technology is also known as WebAuthn.
EU sends last 1.5 billion euros of macro-financial assistance for Ukraine for 2023 (kyivindependent.com)
The tranche is part of an 18 billion euro ($19.6 billion) support package for 2023, known as the Macro-Financial Assistance (MFA) package for Ukraine, which was disbursed monthly throughout the year.
New moderators needed - comment on this post to volunteer to become a moderator of this community. self.malefashionadvice submitted 8 hours ago by ModCodeofConduct[A] (old.reddit.com)
Im sure theyre going to find the perfect mods