two-factor authentication Archives

Pierluigi Paganini January 24, 2018

Less than 10% of Gmail users enabled two-factor authentication

According to Google software engineer Grzegorz Milka, less than 10 percent of its users have enabled two-factor authentication (2FA) for their accounts. The availability of billions of credentials in the criminal underground due to the numerous massive data breaches occurred in the last years makes it easy for crooks to take over users’ accounts. We always […]

Pierluigi Paganini September 19, 2017

Researchers demonstrate how to steal Bitcoin by exploiting SS7 issues

Hackers have exploited security weaknesses in SS7 protocol to break into a GMail account, take control of a bitcoin wallet and steal funds. In June 2016, researchers with Positive Technologies demonstrated that it is possible to hack Facebook accounts by knowing phone numbers by exploiting a flaw in the SS7 protocol. The technique allows bypassing […]

Pierluigi Paganini July 10, 2017

OSX DoK Malware linked to Operation Emmental used to target Swiss Banks again

Crooks behind the Operation Emmental hacking campaign have started targeting the Swiss banks using a variant of the DoK Mac OS X malware. In July 2014, malware researchers at Trend Micro published a report on the hacking campaign “Operation Emmental” that was targeting Swiss bank accounts whit a multi-faceted attack that allowed crooks to bypass two factor authentication implemented […]

Pierluigi Paganini November 07, 2016

Bypassing Two-Factor Authentication on Outlook Web Access

Enterprises running Exchange Server using two-factor authentication on Outlook Web Access (OWA) could be hacked due to a design flaw. New troubles for enterprises running Exchange Server, two-factor authentication implementations on Outlook Web Access (OWA) could be easily bypassed due to a design flaw. An attacker can bypass two-factor authentication to access email inboxes, calendars, contacts and […]

Pierluigi Paganini October 18, 2016

The ‘Sin’ Card: How criminals unlocked a stolen iPhone 6S

Even if you have an iPhone 6S protected by a 6 digits password plus the touch ID fingerprint it is possible to unlock it. 1. Introduction You have an iPhone 6S protected by a 6 digits password plus the touch ID fingerprint and you may think that nobody can unlock it without the code, right? […]

Pierluigi Paganini July 19, 2016

Abusing Two-factor authentication to steal money from Instagram, Google and Microsoft

A security expert revealed a number of flaws in the big player’s two-factor authentication methods that could allow crooks to steal money. Social media bug bounty hunter, Arne Swinnen, has revealed a number of flaws in the big player’s 2 factor authentication (2FA) methods that could enable a malicious user to illicit large sums of […]

Pierluigi Paganini June 12, 2016

How to bypass two-factor authentication with a text message

Is Two-factor authentication the solution for any kind of hacks? A text message could be used to take over your Google Account. Following the recent data breaches suffered by IT giants (e.g. MySpace, LinkedIn, Twitter) security experts are inviting users to avoid sharing login credentials on multiple websites and to enable two-factor authentication (2FA) when it […]

Pierluigi Paganini January 08, 2016

Rovnix malware is threatening Japanese bank customers

The Rovnix Banking Trojan is an aggressive malware that has been used in a new campaign targeting the customers of more than a dozen Japanese banks. Malware experts at IBM’s X-Force have spotted a new strain of the Rovnix malware targeting the Japanese bank customers. The new threat comes from Russia and it is very […]

Pierluigi Paganini September 07, 2015

Authentication Flaw affects the PayPal Mobile App

Security experts at Vulnerability Lab have discovered a restriction filter bypass vulnerability affecting the PayPal mobile app. Under specific conditions, PayPal can ask users to confirm their identity to prevent frauds. When users are asked to verify their identity, their account is not accessible and in order to unblock it PayPal request them to make […]

Pierluigi Paganini August 30, 2015

Report: How Iranian hackers attempt to takeover your Gmail

According to a report published by the Citizen Lab Iranian hackers have elaborated a sophisticated phishing scheme to takeover Gmail accounts. According to a report published by the Citizen Lab at the University of Toronto’s Munk School of Global Affairs, Iranian hackers have elaborated a sophisticated phishing scheme to circumvent security measures that defend Gmail […]