2FA

Pierluigi Paganini January 27, 2017
A hacker confirmed that President Trump Twitter account is linked to a private account

A security researcher has discovered that the President Trump’s Twitter account is exposed to the risk of hack due to security misconfigurations. While the experts are warning the press about the fact that the American President Trump is still using his personal insecure Android smartphone, we have discovered that his Twitter is exposed to the risk […]

Pierluigi Paganini May 14, 2016
A hacker compromised several Reddit accounts to prove it needs 2FA

A mysterious hacker is responsible for a mass Reddit defacement of 70 subreddits, he wants to demonstrate the lack of security of the popular platform. Someone is creating the panic on Reddits, a mysterious user behind the name TehBVM (@TehBVM) claims to have already popped more than 100 Reddit subreddits. The user already targeted subreddits related […]

Pierluigi Paganini January 13, 2016
The Android Bankosy malware steals banking OTPs

Security experts at Symantec detect a new strain of the Android Bankosy malware that steals passwords sent through voice calls generated by 2FA systems. One-time passcodes, a crucial defense for online banking applications, are being intercepted by a malware program for Android, according to new research from Symantec. One-time passcodes (OTPs) in two-factor authentication scheme […]

Pierluigi Paganini June 11, 2015
iOS 9 improves security with Six-Digit Passcode and 2FA

Apple’s iOS 9 will force users to strengthen the device passcode and improve the two-factor authentication mechanism. Apple is revealing a series of improvement for its new iOS 9, today we have discussed the content blocker announced by Apple, and the company now announced new measures to improve the security of its devices. The iOS9 will substitute the 4-digit […]

Pierluigi Paganini October 22, 2014
Google improved 2-Step Verification with Security Key

Google has announced the introduction of an improved two-factor authentication mechanism based on a USB token dubbed Security Key. Google firm considers cyber security a pillar of its business, the last initiative announced by the company is the introduction of an improved two-factor authentication system for its services, including Gmail. The new 2FA process is based on the use of a […]

Pierluigi Paganini August 06, 2014
Security flaw allows to bypass PayPal two-factor authentication

A Security researcher has discovered a new flaw in the two-factor authentication process implemented by PayPal to protect its users. Security researcher Joshua Rogers has discovered a simple way of bypassing the two-factor authentication mechanism implemented by PayPal to protect accounts that are linked to eBay accounts. The flaw resides in the login process when a user is prompted […]

Pierluigi Paganini June 26, 2014
PayPal two-factor authentication for mobile apps is flawed

Security experts at Duo Security have discovered a serious flaw in the implementation of two-factor authentication which allow attackers to bypass it. Two-factor authentication processes if flawed could give to companies a false sense of security even if we are discussing of PayPal. In the past we have explained how to by-pass Two-factor authentication in various ways, for example, using […]

Pierluigi Paganini October 29, 2013
Social media and digital identity. Prevention and incident response

The hack of a social media account is a common incident that could have a serious impact of our digital identity. How to prevent it? What to do in case of hack? Social media, cloud computing and mobile are technologies that most of all attract cybercriminals due their high penetration, exploiting this channels attackers could […]

Pierluigi Paganini June 15, 2013
Iranian Gmail accounts targeted by state-sponsored attack

Google revealed that tens of thousands of Gmail accounts belonging to Iranian users have been targeted by state-sponsored attacks. The Google company announced that tens of thousands of Gmail accounts of Iranian users have been targeted hacked. The attacks seem to be organized by a group of state sponsored hackers few days before presidential elections. The […]

Pierluigi Paganini June 13, 2013
The business behind a hacked email account

Which is the commercial value of a hacked email account in the underground? How cybercriminals use a compromised email account? Why do they have to hit me? Which is the commercial value of a hacked email account in the underground? Brian Krebs has recently published a valuable post on commercial value for a hacked email account, […]