Malware sidesteps Google permissions policy with new 2FA bypass technique

ESET analysis uncovers a novel technique bypassing SMS-based two-factor authentication while circumventing Google’s recent SMS permissions restrictions. When Google restricted the use of SMS and Call Log permissions in Android apps in March 2019, one of the positive effects was that credential-stealing apps lost the option to abuse these permissions for bypassing SMS-based two-factor authentication (2FA) mechanisms. … More Malware sidesteps Google permissions policy with new 2FA bypass technique

Ice Hockey World Championship: The risks of free live streaming

You think you’re watching the games for free, but are you sure that’s the case? Let’s review some of the risks that may come with free live streaming websites. The IIHF Ice Hockey World Championship kicked off in Slovakia last Friday and many fans who can’t attend in person are on the hunt for an … More Ice Hockey World Championship: The risks of free live streaming

New Yorker accused of stealing $1m from Silicon Valley executive via SIM swap

The suspect is believed to have carried out the scam on no fewer than six executives in the Bay Area, albeit ultimately with varying success. A 21-year-old man from New York is facing charges over the alleged theft of $1 million from a Silicon Valley executive after taking control of his phone number in a … More New Yorker accused of stealing $1m from Silicon Valley executive via SIM swap

Instagram expands 2FA and account verification

The move is part of a three-pronged plan that is intended to bolster user trust and safety on the photo-sharing platform. Instagram has announced that its users will soon be able to secure their accounts with third-party authentication apps. Prior to the announcement of this much-anticipated change, the photo-sharing platform supported only SMS-based two-factor authentication (2FA). Text … More Instagram expands 2FA and account verification

Reddit reveals breach as attacker circumvents staff’s 2FA

The company has learned the hard way that there are better ways to deliver two-factor authentication than via text messages. Reddit has announced that a hacker has broken into some of its systems and accessed some user data, including an old database backup copy containing user credentials, email addresses, and messages. Additionally, the breach affected … More Reddit reveals breach as attacker circumvents staff’s 2FA