Rethink different: First, fatigue frightened users with multiple modal nighttime notifications. Next, call and pretend to be Apple support.

The post Apple OTP FAIL: ‘MFA Bomb’ Warning — Locks Accounts, Wipes iPhones appeared first on Security Boulevard.

Scary SMS shenanigans: Avoid Telegram’s new “Peer-To-Peer Login” program if you value your privacy or your cellular service.

The post Telegram Privacy Nightmare: Don’t Opt In to P2PL appeared first on Security Boulevard.

Too many times: Federal Communications Commission shuts stable door after horse bolted. But chairwoman Jessica Rosenworcel (pictured) was hoping it would save us.

The post FCC’s Got New Rules for SIM-Swap and Port-Out Fraud appeared first on Security Boulevard.

2FA SMS FAIL: Lapsus$ social engineers exploited weak two-factor authentication. Something must be done! (Well, this is something.)

The post Teenage Hackers Must be Stopped: US DHS’s CSRB Report appeared first on Security Boulevard.

2FA OTP ASAP? Google Authenticator app now syncs your secrets: No stress if you break your phone.

The post FINALLY! Google Makes 2FA App Useable — BUT There’s a Catch appeared first on Security Boulevard.

The post Two Factor? appeared first on Security Boulevard.

Via Tara Seals writing at the Threatpost Blog, detailing the highly competent bug hunting skill set of Laxman Muthiyah, examining - if you will - the lackadaisical 2FA data flow promulgated by Facebook, Inc. (Nasdaq: FB) on the company's owned Instagram.

"Independent researcher Laxman Muthiyah took a look at Instagram’s mobile recovery flow, which involves a user receiving a six-digit passcode to their mobile number for two-factor account authentication (2FA). So, with six digits that means there are 1 million possible combinations of digits making up the codes." - Via Tara Seals writing at the Threatpost Blog

The post Instagram 2FA Bypass, A Tale of Superlative Bug Hunting Skills & Indolent Multi-Factor Authentication appeared first on Security Boulevard.