James House-Lantto (He/Him)13h ago

https://lifehacker.com/tech/spot-malicious-two-factor-authentication-prompts

The difference between 2F & MFA, how 2FA (which many people use as a catch-all for security measures including MFA) can be compromised, and what to look out for to protect yourself.

#2FA #MFA #Security #Privacy

How to Spot Malicious Two-Factor Authentication Prompts

Multi-factor (MFA) authentication can boost account security, but you should be on the lookout for malicious prompts that give bad actors the codes they need to log in easily.

Lifehacker
Nelson Lopes1d ago

Why you need to activate Multi-Factor Authentication (MFA) immediately: https://open.substack.com/pub/nelsonlopesen/p/why-you-need-to-activate-multi-factor?r=47z5b9&utm_campaign=post&utm_medium=web&showWelcomeOnShare=true

#mfa #multifactorauthentication #2fa #passwordless #passkeys #securitykeys

Why you need to activate Multi-Factor Authentication (MFA) immediately

MFA helps protect your online accounts

Nelson Lopes
Auth Updates Bot2d ago

Add Beget (#8474)

#2fa

https://github.com/2factorauth/twofactorauth/commit/0d07025f486a2090dedec97f777b1695ec16e200

Add Beget (#8474) · 2factorauth/twofactorauth@0d07025

Signed-off-by: Pavel <19418601+rakleed@users.noreply.github.com>

GitHub
Auth Updates Bot2d ago

Add Senko Digital (#8476) (#8477)

#2fa

https://github.com/2factorauth/twofactorauth/commit/7f32fb4d54de859326cfc28467a58341782b34ad

Add Senko Digital (#8476) (#8477) · 2factorauth/twofactorauth@7f32fb4

List of sites with two factor auth support which includes SMS, email, phone calls, hardware, and software. - Add Senko Digital (#8476) (#8477) · 2factorauth/twofactorauth@7f32fb4

GitHub
Nagstamon2d ago
Nagstamon now allows login via web login respectively cookie. Please help #testing this new feature. Might become relevant for #2FA, SSO and Entra ID. #monitoring #finally
SpaceLifeForm3d ago

Security is hard.

The TL;DR is: Do not lose possesion of your private key.

Addendum: This is from a year ago to be clear. But, there are many people that have older Yubikeys that Can Not be fixed.

https://ninjalab.io/eucleak/

The attack requires physical access to the secure element (few local electromagnetic side-channel acquisitions, i.e. few minutes, are enough) in order to extract the ECDSA secret key. In the case of the FIDO protocol, this allows to create a clone of the FIDO device.

All YubiKey 5 Series (with firmware version below 5.7) are impacted by the attack and in fact all Infineon security microcontrollers (including TPMs) that run the Infineon cryptographic library (as far as we know, any existing version) are vulnerable to the attack.

https://www.yubico.com/support/security-advisories/ysa-2024-03/

#2FA #SideChannel #ConstantTime

EUCLEAK - NinjaLab

Download the Writeup Illustration Romain Flamand – Flamingo Studio – flamandromain@gmail.com Abstract Secure elements are small microcontrollers whose main purpose is to generate/store secrets and then execute cryptographic operations. They undergo the highest level of security evaluations that exists (Common Criteria) and are often considered inviolable, even in the worst-case attack scenarios. Hence, complex secure […]

NinjaLab
PrivacyDigest3d ago

Software packages with more than 2 billion weekly downloads hit in supply-chain #attack

The attack, which compromised nearly two dozen packages hosted on the #npm repository, came to public notice on Monday in social media posts. Around the same time, … said he had been “pwned” after falling for an email that claimed his account on the platform would be closed unless he logged into a site and updated his two-factor #authentication #credentials.
#pwned #security #2fa

https://arstechnica.com/security/2025/09/software-packages-with-more-than-2-billion-weekly-downloads-hit-in-supply-chain-attack/

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Incident hitting npm users is likely the biggest supply-chain attack ever.

Ars Technica
Roy Charles4d ago
https://www.androidpolice.com/spot-fake-2fa-prompts/
#tech #security #2FA
6 ways to identify fake 2FA prompts and protect your accounts

Spot fake two-factor authentication prompts and avoid falling victim to attackers trying to steal your login credentials and compromise your accounts

Android Police
sekurak News4d ago

„Tak, zhakowali mnie, przepraszam” – czyli „największy” atak na łańcuch dostaw (z phishingiem w tle) – straty wyceniono na $20.05

Przedstawiamy atak na łańcuch dostaw, który miał wstrząsnąć światem, ale na szczęście stał się tylko bolesnym przypominieniem, jak dużo trzeba jeszcze zrobić w kontekście bezpieczeństwa zależności.

#WBiegu #2Fa #Npm #Phishing #Supplychain

https://sekurak.pl/tak-zhakowali-mnie-przepraszam-czyli-najwiekszy-atak-na-lancuch-dostaw-z-phishingiem-w-tle-straty-wyceniono-na-20-05/

"Tak, zhakowali mnie, przepraszam" - czyli "największy" atak na łańcuch dostaw (z phishingiem w tle) - straty wyceniono na $20.05

Przedstawiamy atak na łańcuch dostaw, który miał wstrząsnąć światem, ale na szczęście stał się tylko bolesnym przypominieniem, jak dużo trzeba jeszcze zrobić w kontekście bezpieczeństwa zależności.

Sekurak
CEOTECH.IT5d ago

Plex sotto attacco: violazione dati, cambiate password!
#2FA #Account #CyberSecurity #DataBreach #Hacker #Password #Plex #Privacy #Sicurezza #Streaming #TechNews #ViolazioneDati

https://www.ceotech.it/plex-sotto-attacco-violazione-dati-cambiate-password/