Tech

Lapsus$ and SolarWinds hackers both use the same old trick to bypass MFA

Enlarge (credit: Getty Images) Multi-factor authentication (MFA) is a core defense that is among the most effective at preventing account takeovers. In addition to requiring that users provide a username and password, MFA ensures they must also use an additional factor—be it a fingerprint, physical security key, or one-time password—before they can access an account. […]

Tech

Authorities bust SIM-swap ring they say took millions from the rich and famous

Enlarge / SIM card. SIM card replacement. close-up (credit: Getty Images) Ten people have been arrested in connection with a series of SIM-swapping attacks that reaped more than $100 million by taking over the mobile phone accounts of high-profile individuals, authorities said on Wednesday. SIM-swapping is a crime that involves replacing a target’s legitimate SIM […]

Tech

Hackers can clone Google Titan 2FA keys using a side channel in NXP chips

Enlarge (credit: Google) There’s wide consensus among security experts that physical two-factor authentication keys provide the most effective protection against account takeovers. Research published today doesn’t change that, but it does show how malicious attackers with physical possession of a Google Titan key can clone it. There are some steep hurdles to clear for an […]