CSO Online

PayPal launches latest struggle to get rid of SMS for MFA

Security experts have been nearly unanimous in their dislike of unencrypted SMS authentication for over a decade, but business executives — and customers — love its convenience. Cost-cutting may ...

What You Need To Do ASAP When Your Phone Gets Stolen Or Lost

Take a deep breath and follow these steps.
Security Boulevard

What Is a Single Sign-On (SSO) Code?

Locked out? Learn what an SSO code actually is, where to find your company domain, and how to solve common login errors in Zoom, Slack, and Salesforce.
CSO Online

New phishing campaign tricks employees into bypassing Microsoft 365 MFA

Unwitting employees register a hacker’s device to their account; the crook then uses the resulting OAuth tokens to maintain persistent access.
Morning Overview on MSN

Google preps iPhone-style face unlock for Pixel phones and Chromebooks

Google appears to be exploring an advanced face-unlock system internally called Project Toscana that could bring an ...
Federal News Network

DoD memo’s use cases clarify mission impact of new policies on PKI credentials, expanded authentication

They removed focus from the container that holds the credential and put focus on the credential itself. That's very helpful ...
Krebs on Security

‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA

According to an analysis of Starkiller by the security firm Abnormal AI, the service lets customers select a brand to impersonate (e.g., Apple, Facebook, Google, Microsoft et. al.) and generates a ...
Dark Reading

Best-in-Class 'Starkiller' Phishing Kit Bypasses MFA

A user-friendly PhaaS tool beats standard methods for detecting phishing attacks by live-proxying legitimate login sites.

Identity theft in the age of AI

Identity theft used to mean lost wallets and forged documents, now attackers use AI to build flawless digital impersonators ...