Language Selection

English French German Italian Portuguese Spanish

Security: 2FA, Fortnite, Bad Packets and Facebook

Submitted by Roy Schestowitz on Monday 24th of December 2018 05:01:27 PM Filed under
Security
  • Amnesty International reveals how 2FA is being bypassed automatically

    But a new report from Amnesty International has highlighted how hackers in the Middle East and Africa have automated the process to a degree where your 2FA can be cracked in seconds. Essentially, both your password and your 2FA code is phished automatically giving hackers access to your seemingly impenetrable accounts.

  • When Best Practice Isn’t Good Enough: Large Campaigns of Phishing Attacks in Middle East and North Africa Target Privacy-Conscious Users

    We have identified several campaigns of credentials phishing, likely operated by the same attackers, targeting hundreds of individuals spread across the Middle East and North Africa.

    In one campaign, the attackers were particularly going after accounts on popular self-described “secure email” services, such as Tutanota and ProtonMail.

    In another campaign, the attackers have been targeting hundreds of Google and Yahoo accounts, successfully bypassing common forms of two-factor authentication.

  • Fortnite’s paid outfits, dances have made it a target for lucrative account theft

    The report begins with a teenaged Fortnite fan speaking to the BBC via webcam with his identity hidden. He got into the Fortnite-theft game inadvertently, he claims, by starting as a victim. The bad news began when he received email alerts from Epic Games—one saying his account's email address had been changed, and another saying that two-factor authentication (2FA) had been turned on (and attached to a phone number that wasn't his). His original account was totally lost as a result, the teen alleged.

    After taking to Twitter to publicly complain about his inability to reclaim the account and its paid content (including "battle pass" purchases and cosmetic items), the unidentified teen noticed something: other Fortnite accounts for sale. These offered all manner of in-game loot (particularly outfits and emotes) for much less than those items would cost via Epic's official store.

  • Over 19,000 Orange modems are leaking WiFi credentials

    Troy Mursch, co-founder of Bad Packets LLC, says his company's honeypots have detected at least one threat actor scanning heavily for Orange modems. Scans started Friday, December 21, Mursch said.

    The attacker is exploiting a vulnerability affecting Orange LiveBox devices (CVE-2018-20377) that was first described in 2012. The vulnerability allows a remote attacker to obtain the WiFi password and network ID (SSID) for the modem's internal WiFi network just by accessing the modem's get_getnetworkconf.cgi.

  • Researcher Shows How Facebook Worm Attack Can Spam Your Wall

    A security researcher has published the proof-of-concept code which demonstrates how to create a fully functional Facebook worm.

    It’s a clickjack bomb that can spam your wall by exploiting a vulnerability on Facebook. The researcher, who works under the pseudonym of Lasq, says he has seen this flaw getting abused on the platform by a Facebook spammer group.

»

More in Tux Machines

Early Work on Linux 4.21

  • Many Linux x86_64 KVM Changes Ready To Go For Linux 4.21
    Paolo Bonzini submitted the Kernel-based Virtual Machine (KVM) changes on Sunday for the now-open Linux 4.21 kernel merge window. The x86/x86_64 KVM changes represent most of the work this cycle but there are also POWER and ARM changes too.
  • XFS Getting More Spit & Polish With Linux 4.21 Kernel
    XFS file-system maintainer Darrick Wong has submitted the latest work for the Linux 4.21 kernel. The XFS changes for Linux 4.21 are overall light and predominantly focused on fixes and other low-level code improvements. There are no big features added to XFS for Linux 4.21 but mostly fixes/clean-ups in continuing to improve this mature Linux file-system. The XFS work this round includes some copy-on-write fixes, pre-calculating of inode geometry for later use, fixing scrub counting problems, other fixes, and caching real-time summary information in memory.

Ubuntu Mir Developer Creates New Wayland Debug Tool

A new open-source tool for helping to debug Wayland protocol messages is now available thanks to Canonical's Mir team. William Wold, one of the semi-recent hires to the Mir team at Canonical, led work on Wayland-Debug as a new tool for debugging Wayland issues. This Wayland Debug tool offers in-depth reporting of Wayland protocol messages, supports multiple connections, and also supports breakpoints on Wayland messages. Read more

Reaching out

In the Linux community we’re portrayed as tribalistic quite often, there’s good reasons of that. Having been part of KDE day to day for years, I also must say that it’s clearly been blown out of proportion. There’s collaboration all over the place and we should celebrate when it happens. Sitting together and sharing visions is useful, which we did in the last Libre Application Summit in Denver. Read more

Audiocasts: This Week in Linux, Destination Linux and Open Source Security Podcast

  • Episode 48 | This Week in Linux
    On this episode of This Week in Linux, we have a LOT of Distro News from Linux Mint, Peppermint, MX Linux, GParted, Lubuntu and Bedrock Linux. If you haven’t heard of Bedrock, you will certainly want to stick around for that. Then we’ll check out some App News from VirtualBox, Handbrake and some command-line goodies, Grep & Sed. Later in the show, we’ll cover some Core News with Coreboot and everyone’s favorite, systemd. There’s also some Linux Gaming sales we’ll check out as well as a Hacking Books Bundle from Humble Bundle. All that and much more!
  • Destination Linux EP100 – Centennial Celebration
    On this very special episode of Destination Linux, we celebrate the milestone of 100 Episodes! We’re joined by 2 very special guests this episode, Rocco & Rob, the founders of Destination Linux! We’ll also cover the latest news for the week and much more including our Tips, Tricks and Software Spotlight picks!
  • Open Source Security Podcast: 2018 Christmas Special - Is Santa GDPR compliant?
    Josh and Kurt talk about which articles of the GDPR apply to Santa, and if he's following the rules the way he should be (spoiler, he's probably not). Should Santa be on his own naughty list? We also create a new holiday character - George the DPO Elf!

More on Tux Machines: AboutGalleryForumBlogsSearchNewsRSS Feed

Part of Bytes Media ● Sister sites below.

TechBytes Techrights button

Powered by Drupal, an open source content management system

Content available under CC-BY-SA CC

© by original authors

Powered by CentOS 6.5 (GNU/Linux), Varnish, and Drupal 6