shollyethan , 6 days ago to Random stuff

This Week in Self-Hosted (17 May 2024)

Raspberry Pi IPOs, software launches, updates, a spotlight on #Wag - a #WireGuard management solution with client #MFA support, and more in this week's self-hosted recap!

https://selfh.st/newsletter/2024-05-17/

#selfhost #selfhosted #selfhosting #opensource #foss #homelab #vpn

informapirata , 21 days ago to Informatica (Italy e non Italy 😁)

Dropbox sarebbe stato violato. Rubati i dati dei clienti e i token di autenticazione

Dropbox ha affermato che gli #hacker sono penetrati nei #sistemi di #produzione della piattaforma di firma elettronica #Dropbox #Sign. Hanno ottenuto l’accesso a #token di #autenticazione, #dati di autenticazione a più fattori (#MFA), #password con hash e #informazioni sui clienti.

@informatica

Notizia segnalata su @redhotcyber

https://www.sec.gov/Archives/edgar/data/1467623/000146762324000024/may2024exhibit991.htm

arstechnica , 1 month ago to Random stuff

LastPass users targeted in phishing attacks good enough to trick even the savvy

Campaign used email, SMS, and voice calls to trick targets into divulging master passwords.

https://arstechnica.com/security/2024/04/lastpass-users-targeted-in-phishing-attacks-good-enough-to-trick-even-the-savvy/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

mattotcha , 1 month ago to Cybersecurity

Cisco: Hacker breached multifactor authentication message provider on April 1
https://therecord.media/cisco-duo-data-breach-mfa-telephony-provider #cybersecurity #hacker #Cisco #MFA #Duo

trendless , 1 month ago to Random stuff

Sanity check:

2FA via SMS was already risky and unsafe, but hey let's make it even worse by adding the ability to have the code sent to a friend?!

:mastomindblown:

Is it really that hard to setup an authenticator app like Aegis or use the one built into keychain?

#2FA #MFA #Security #Telegram #Authentication

NDR , 3 months ago to Random stuff German

Am Donnerstag legten bundesweit rund 2.000 Beschäftigte in Arztpraxen die Arbeit nieder, der Verband medizinischer Fachberufe hatte zum Warnstreik aufgerufen. Die Forderung: bessere Arbeitsbedingungen und mehr Gehalt. 🩺

Praxismanagerin Jana August wollte mit dem Warnstreik auch für mehr Anerkennung ihres Berufs kämpfen. "Wir sind diejenigen, die den Laden am Laufen halten", sagt die Hamburgerin. 🥼

📝 ▶️ https://www.ndr.de/Praxispersonal-Auf-Warnstreik-folgt-Einigung-im-Tarifstreit,arztpraxen130.html?at_medium=mastodon&at_campaign=NDR.de

#NDR #NDRInfo #Streik #MFA #Arzt #Geld

CE , 3 months ago to Random stuff German

Falls jemand in #Freiburg im Breisgau eineN netteN #MFA kennt, welcheR gerne in einer Hausarzt-Praxis arbeiten würde - gerne per DM melden

Eine tolle Praxis sucht dringend!

Retröt wäre ein Traum!

#fedihelp #Medizinbrennt

christine , 4 months ago to Random stuff

For my hackathon project I did try to make CFA (Cat Factor Authentication, using your cat's microchip as a second factor) a thing 😆 The project did win a prize, but more for the experimentation then the actual result https://wpengine.com/blog/hackathon-december-2023/

#catsofmastodon #mfa #hackathon #wpengine

Scraft161 , 4 months ago to Cybersecurity

Hardware security key options?

I've been thinking about getting a hardware security key and have heard of yubikey before; but I want to see what my options are and if they are worth it in your opinion.
My current setup is a local KeePassXC database (that I sync between my PC and phone and also acts as TOTP authenticator app), I know that KeePass supports hardware keys for unlocking the database.

I am personally still of the belief that passwords are the safest when done right; but 2FA/MFA can greatly increase security on top of that (again, if done right).
The key work work together with already existing passwords, not replace them.

As I use linux as my primary OS I do expect it to support it and anything that doesn't I will have to pass on.

PS: what are the things I need to know about these hardware keys that's not being talked about too much, I am very much delving into new territory and want to make sure I'm properly educated before I delve in.

@linux @technology @technology @privacy #2FA #MFA #yubikey #InfoSec #CyberSecurity

knitcode , 7 months ago to Cybersecurity

As MFA has become more widely adopted, it's also become more widely targeted by threat actors. We've seen a large rise in MFA lookalike attacks over the last 18 months. This new blog discusses these trends, drawing out detail of the recent Retool breach through this kind of attack. #dns #phishing #cybersecurity #malware #mfa #infoblox https://blogs.infoblox.com/cyber-threat-intelligence/how-bad-guys-are-undermining-trust-in-multi-factor-authentication-mfa/

linuxmagazine , 9 months ago to Linux

ICYMI: Jesse Hagewood shows you how to integrate Google Authenticator with SSH logins https://www.linux-magazine.com/Issues/2023/269/Multifactor-Authentication-with-SSH #authentication #SSH #Linux #password #MFA #TOTP

reginagrogan , 9 months ago to Random stuff

Creepy dude: “I’m gonna hack you!”
Me: “Free #pentest ? Sounds good”
Creepy dude: I SAID IM GONNA #hack YOU! Be scared, female!
Me: This dude is gonna test my #systems for free. I was just gonna pay someone a chunk of change.
Me: noooooo dont!
Creepy guy: tries to get in my accounts, repeatedly fails bc i got a yubikey in my clit ring bc crazy person
Me: well… at least hardware authentication works.

This is humor for legal purposes

#infosec #security #software #mfa

kuketzblog , 10 months ago to Random stuff German

Tipp Nr.7: Verwende starke und einzigartige Passwörter für deine Konten. Mit »stark« ist gemeint, dass das Passwort möglichst lang ist (ab 16 Zeichen aufwärts) und zufällig entstanden ist. Die Verwaltung von den Zugängen/Konten solltet ihr über einen Passwort-Manager bewerkstelligen. Für zusätzliche Sicherheit: Zwei- oder Mehr-Faktor-Authentisierung (#2FA, #MFA) bspw. via TOTP, FIDO/U2F.

#secprivacy2023 #passwort #password

avoidthehack , 10 months ago to Non Political Twitter

Influx of new followers! Exciting! :owi:

First: Welcome!

I have some #security tips for you:

• Make sure you use a strong #password for your new Mastodon account (don’t reuse your Bird Site AKA #twitter password. Or any other password.)
• use multi-factor authentication #mfa to add an additional layer of security to your account
• be aware DMs on Mastodon are not encrypted (admin instances can see read them). Don’t transmit sensitive info over DMs!

#mastodonmigration

rudyharrelson , 10 months ago to Random

Any recommendations for #foss alternatives to Google Authenticator?

"Aegis Authenticator" looks solid. Might try it out. #mfa #2fa #security

0xSim , 10 months ago to Random stuff

Careful with the 3rd party apps for #Lemmy that are popping. As Lemmy doesn't implement #OAuth, all those apps will directly ask you your login & password.

Also, I'd love to tell you to enable #MFA, but it can only be activated when browsing on mobile, and it's broken. I almost locked myself out of my account because the token was rejected. This may soon turn into a security nightmare.

A screenshot of the app "Connect for Lemmy", asking for credentials