Kwamaine Jerell Ford allegedly impersonated an adult film star and tricked his high-profile victims into sharing their iCloud credentials and MFA codes under false pretenses. The post Zero lessons learned: Convicted scammer allegedly ran another athlete-focused phishing scam from federal prison appeared first on CyberScoop.
Latest cybersecurity reporting from selected sources.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Refine the feed
Search across headline titles and summaries.
Volume over time
Weekly headline count for the current query.
ThreatsDay Bulletin: MS Teams Hack, MFA Hijacking, $2B Crypto Heist, Apple Siri Probe & More
Cyber threats are evolving faster than ever. Attackers now combine social engineering, AI-driven manipulation, and cloud exploitation to breach targets once considered secure. From communication platforms to connected devices, every system that enhances convenience also expands the attack surface
Proton fixes Authenticator bug leaking TOTP secrets in logs
Proton fixed a bug in its new Authenticator app for iOS that logged users' sensitive TOTP secrets in plaintext, potentially exposing multi-factor authentication codes if the logs were shared. [...]
Proton launches free standalone cross-platform Authenticator app
Proton has launched Proton Authenticator, a free standalone two-factor authentication (2FA) application for Windows, macOS, Linux, Android, and iOS. [...]
Bitwarden launches new MFA Authenticator app for iOS, Android
Bitwarden, the creator of the popular open-source password manager, has just launched a new authenticator app called Bitwarden Authenticator, which is available for iOS and Android devices. [...]
Suspected MFA Bombing Attacks Target Apple iPhone Users
Several Apple device users have experienced recent incidents where they have received incessant password reset prompts and vishing calls from a number spoofing Apple's legitimate customer support line.
Apple fans flooded with phony password reset requests
Beware support calls offering a fix Apple device owners, consider yourselves warned: A targeted multi-factor authentication bombing campaign is going around with the goal of exhausting iUsers into accidentally allowing a password reset.…
Recent ‘MFA Bombing’ Attacks Targeting Apple Users
Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple's password reset feature. In this scenario, a target's Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds "Allow" or "Don't Allow" to each prompt. Assuming the user manages not to fat-finger the wrong button on the umpteenth password reset request, the scammers will then call the victim while spoofing Apple support in the caller ID, saying the user's account is under attack and that Apple support needs to "verify" a one-time code.
Google Authenticator now backs up your 2FA codes to the cloud
The Google Authenticator app has received a critical update for Android and iOS that allows users to back up their two-factor authentication one-time passwords (OTPs) to their Google Accounts and have multi-device support. [...]
Outlook app to get built-in Microsoft 365 MFA on Android, iOS
Microsoft will soon fast-track multi-factor authentication (MFA) adoption for its Microsoft 365 cloud productivity platform by adding MFA capabilities to the Outlook email client. [...]
Beware rogue 2FA apps in App Store and Google Play – don’t get hacked!
Even in Apple's and Google's "walled gardens", there are plenty of 2FA apps that are either dangerously incompetent, or unrepentantly malicious. (Or perhaps both.)
New EvilProxy service lets all hackers use advanced phishing tactics
A reverse-proxy Phishing-as-a-Service (PaaS) platform called EvilProxy has emerged, promising to steal authentication tokens to bypass multi-factor authentication (MFA) on Apple, Google, Facebook, Microsoft, Twitter, GitHub, GoDaddy, and even PyPI. [...]