MFA-optional banks leave safe doors (and accounts) wide open for thieves to pillage
Financial institutions are putting their clients at risk in the name of convenience.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Financial institutions are putting their clients at risk in the name of convenience.
Who needs MFA when you've got EvilTokens? Hundreds of organizations have been compromised daily by a Microsoft device-code phishing campaign that uses AI and automation at nearly every stage of the attack chain to ultimately snoop through corporate email inboxes and steal financial data.…
Wanna know a secret? Whether you're logging into your bank, health insurance, or even your email, most services today do not live by passwords alone. Now commonplace, multifactor authentication (MFA) requires users to enter a second or third proof of identity. However, not all forms of MFA are created equal, and the one-time passwords orgs send to your phone have holes so big you could drive a truck through them.…
SMS OTPs are overused, so bring on the tokens and biometrics India's central bank on Wednesday proposed a requirement for dynamically generated second authentication factors for most digital payments.…
Reserve Bank also wants a national 2FA framework The Reserve Bank of India (RBI) announced on Thursday it would make its digital currency programmable, and ensure it can be exchanged when citizens are offline.…
Business email compromise, illicit cryptomining, phishing ... if it makes a dollar, this lot do it Multiple miscreants are misusing OAuth to automate financially motivated cyber crimes – such as business email compromise (BEC), phishing, large-scale spamming campaigns – and deploying virtual machines to illicitly mine for cryptocurrencies, according to Microsoft.…
National Savings & Investment contracting for massive tech deals as customers complain of 2FA failure The UK National Savings and Investment bank is being bombarded with complaints over failing online security and authentication features which customers say have locked them out of their accounts.…
From annoying MFA alerts to 'several internal systems' infiltrated Uber, four days after suffering a substantial cybersecurity breach, has admitted the attacker accessed "several internal systems" including the corporation's G Suite account, and downloaded internal Slack messages and a tool used by its finance department to manage "some" invoices.…