toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.

Administered by:

Server stats:

274
active users

#mfa

4 posts4 participants1 post today
knoppix<p>🔐 Proton released Proton Authenticator — a secure, open-source 2FA app available on desktop and mobile.</p><p>Features include end-to-end encrypted sync 🔒, easy import/export 🔄, biometric &amp; PIN protection 🔐, and offline access 📱💻<br>Free on iOS, Android, macOS, Windows, and Linux.</p><p><span class="h-card" translate="no"><a href="https://mastodon.social/@protonprivacy" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>protonprivacy</span></a></span> </p><p><a href="https://proton.me/blog/authenticator-app" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">proton.me/blog/authenticator-a</span><span class="invisible">pp</span></a></p><p><a href="https://mastodon.social/tags/Proton" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Proton</span></a> <a href="https://mastodon.social/tags/ProtonPrivacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ProtonPrivacy</span></a> <a href="https://mastodon.social/tags/ProtonAuthenticator" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ProtonAuthenticator</span></a> <a href="https://mastodon.social/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2FA</span></a> <a href="https://mastodon.social/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a> <a href="https://mastodon.social/tags/Privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Privacy</span></a> <a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://mastodon.social/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a> <a href="https://mastodon.social/tags/Android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Android</span></a> <a href="https://mastodon.social/tags/MacOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MacOS</span></a> <a href="https://mastodon.social/tags/iOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iOS</span></a> <a href="https://mastodon.social/tags/Encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Encryption</span></a> <a href="https://mastodon.social/tags/TechNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechNews</span></a> <a href="https://mastodon.social/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://mastodon.social/tags/DataProtection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataProtection</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://tech.lgbt/@nekodojo" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>nekodojo</span></a></span> <span class="h-card" translate="no"><a href="https://federate.social/@jik" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>jik</span></a></span> : thank you for sharing your thoughts!</p><p>To add to them: a TOTP app is a stupid password manager. Most people do not understand that it more than doubles your risk of account lockout.</p><p>And that is apart from other risks excellently described Conor Gilsenan (<span class="h-card" translate="no"><a href="https://infosec.exchange/@conorgil" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>conorgil</span></a></span> ) et al. in <a href="https://www.usenix.org/conference/usenixsecurity23/presentation/gilsenan" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">usenix.org/conference/usenixse</span><span class="invisible">curity23/presentation/gilsenan</span></a> (and <a href="https://github.com/blues-lab/totp-app-analysis-public" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/blues-lab/totp-app-</span><span class="invisible">analysis-public</span></a>).</p><p>Twilio Authy being one of the worst (echoed by <a href="https://www.bleepingcomputer.com/news/security/hackers-abused-api-to-verify-millions-of-authy-mfa-phone-numbers/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/hackers-abused-api-to-verify-millions-of-authy-mfa-phone-numbers/</span></a>).</p><p>And, like SMS, TOTP apps do not protect against non-dumb AitM * attacks (Microsoft's endlessly repeated 99.9% reduction in change of getting hacked when using 2FA, extremely irritates me - considering <a href="https://techcommunity.microsoft.com/blog/microsoft-entra-blog/all-your-creds-are-belong-to-us/855124" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">techcommunity.microsoft.com/bl</span><span class="invisible">og/microsoft-entra-blog/all-your-creds-are-belong-to-us/855124</span></a> from 2019 - and, although an advertisement, IMO a good article: <a href="https://www.bleepingcomputer.com/news/security/mfa-matters-but-it-isnt-enough-on-its-own/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/mfa-matters-but-it-isnt-enough-on-its-own/</span></a>).</p><p>* Attacker/Adversary in the Middle.</p><p>IMO, the nr. 1 advantage of passkeys is the "built in" domain name check - which makes phishing attacks a *lot* harder (albeit not impossible: <a href="https://infosec.exchange/@ErikvanStraten/112914050216821746" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/112914050216821746</span></a>).</p><p>The fact that stealing private keys is next to impossible, does not protect against device or browser compromise: after logging in using your ultra-secure MFA, your authentication gets replaced by a 1FA session cookie (or something similar). Most websites do NOT bind such cookies to the client's IP-address, making them prime "copytheft" targets (<a href="https://labs.beazley.security/articles/ghost-in-the-zip-or-new-pxa-stealer-and-its-telegram-powered-ecosystem" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">labs.beazley.security/articles</span><span class="invisible">/ghost-in-the-zip-or-new-pxa-stealer-and-its-telegram-powered-ecosystem</span></a>).</p><p>Also, for an attacker with access to your credentials record on a webserver, indeed there's no point in "copystealing" your passkey's/YubiKey's public key. However, the attacker can REPLACE your pubkey with theirs, or add their own. Those pubkeys are NOT wrapped in a certificate (signed by a *trustworthy* third party) proving who generated the keypair. And there are no revocation facilities in case your device gets stolen.</p><p>Furthermore, passkey downgrade-to-weaker-auth attacks pose a threat BECAUSE you MAY lose them (or access to them).</p><p>For example, on Android, if you want to change (or remove) your "sync passprase", Google tells you to tap "Delete data" (see the screenshot below). Adam Langley's (<span class="h-card" translate="no"><a href="https://infosec.exchange/@agl" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>agl</span></a></span> ) pathetic joke "This might delete some data from your devices" [1] actually means that "you'll lose all of your passkeys" (on all of your synced Android devices; contrary to popular belief, Android passkeys are cloud based).</p><p>[1] <a href="https://seclists.org/fulldisclosure/2024/Feb/15" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">seclists.org/fulldisclosure/20</span><span class="invisible">24/Feb/15</span></a></p><p>A decent password manager that checks for the domain name (i.e. using AutoFill on Android or iOS/iPadOS) is not a bad idea after all.</p><p>Online auth is HARD. Let's not lie that it can be made simple.<br> </p><p><a href="https://infosec.exchange/tags/Weak2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Weak2FA</span></a> <a href="https://infosec.exchange/tags/TOTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TOTP</span></a> <a href="https://infosec.exchange/tags/SMS2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMS2FA</span></a> <a href="https://infosec.exchange/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2FA</span></a> <a href="https://infosec.exchange/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a> <a href="https://infosec.exchange/tags/Passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passkeys</span></a> <a href="https://infosec.exchange/tags/WebAutn" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebAutn</span></a> <a href="https://infosec.exchange/tags/FIDO2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FIDO2</span></a> <a href="https://infosec.exchange/tags/Yubikkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Yubikkey</span></a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/OnlineAuthentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OnlineAuthentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwords</span></a> <a href="https://infosec.exchange/tags/PasswordManager" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PasswordManager</span></a> <a href="https://infosec.exchange/tags/AutoFill" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AutoFill</span></a></p>
nemo™ 🇺🇦<p>🚨 New downgrade attack can bypass FIDO passkey security, exposing “phishing-resistant” accounts to adversary-in-the-middle (AiTM) attacks. Proofpoint warns this method could target organizations relying on fallback MFA options. Stay vigilant &amp; defend with FIDO-only policies! 🔐🛡️ <a href="https://mas.to/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mas.to/tags/FIDO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FIDO</span></a> <a href="https://mas.to/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a> <a href="https://cyberinsider.com/new-downgrade-attack-threatens-security-of-fido-passkeys/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cyberinsider.com/new-downgrade</span><span class="invisible">-attack-threatens-security-of-fido-passkeys/</span></a><br><a href="https://mas.to/tags/newz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>newz</span></a></p>
Bytes Europe<p>EU Ambassador Jānis Mažeiks concludes his mandate in the Republic of Moldova <a href="https://www.byteseu.com/1285603/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">byteseu.com/1285603/</span><span class="invisible"></span></a> <a href="https://pubeurope.com/tags/ambassador" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ambassador</span></a> <a href="https://pubeurope.com/tags/eu" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eu</span></a> <a href="https://pubeurope.com/tags/mandate" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mandate</span></a> <a href="https://pubeurope.com/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a> <a href="https://pubeurope.com/tags/Moldova" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Moldova</span></a></p>
Threat Insight<p>Proofpoint threat researchers have uncovered a way to sidestep FIDO-based authentication, a protection method used to block credential phishing and account takeover (ATO).</p><p>Blog: <a href="https://www.proofpoint.com/us/blog/threat-insight/dont-phish-let-me-down-fido-authentication-downgrade" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">proofpoint.com/us/blog/threat-</span><span class="invisible">insight/dont-phish-let-me-down-fido-authentication-downgrade</span></a></p><p>While the tactic has not yet been observed in the wild, the discovery is a significant emerging threat and exposes targets to adversary-in-the-middle (AiTM) threats.</p><p>Read our blog to understand how this potential threat questions the reliability of FIDO (Fast Identity Online) passkey implementations, an authentication method currently viewed as robust for verifying user identities and recommended for improving online security. </p><p><a href="https://infosec.exchange/tags/FIDO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FIDO</span></a> <a href="https://infosec.exchange/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentication</span></a> <a href="https://infosec.exchange/tags/ATO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ATO</span></a> <a href="https://infosec.exchange/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a></p>
Bytes Europe<p>Ukrainian and Estonian FMs discuss importance of European unity for global stability <a href="https://www.byteseu.com/1277994/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">byteseu.com/1277994/</span><span class="invisible"></span></a> <a href="https://pubeurope.com/tags/Estonia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Estonia</span></a> <a href="https://pubeurope.com/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a></p>
TechNadu<p>Boardroom security talks always have:<br>✅ MFA advocates<br>✅ Phishing trainers<br>❌ The “password spreadsheet” guy</p><p>Security basics matter. MFA + phishing awareness + strong passwords block the majority of breaches.</p><p>What’s the worst advice you’ve heard in a security meeting?<br><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/PasswordSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PasswordSecurity</span></a></p>
Pyrzout :vm:<p>From legacy to SaaS: Why complexity is the enemy of enterprise security <a href="https://www.helpnetsecurity.com/2025/08/11/robert-buljevic-bridge-it-legacy-saas-security/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">helpnetsecurity.com/2025/08/11</span><span class="invisible">/robert-buljevic-bridge-it-legacy-saas-security/</span></a> <a href="https://social.skynetcloud.site/tags/digitaltransformation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>digitaltransformation</span></a> <a href="https://social.skynetcloud.site/tags/identityverification" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>identityverification</span></a> <a href="https://social.skynetcloud.site/tags/securityawareness" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityawareness</span></a> <a href="https://social.skynetcloud.site/tags/accessmanagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>accessmanagement</span></a> <a href="https://social.skynetcloud.site/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentication</span></a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/enterprise" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>enterprise</span></a> <a href="https://social.skynetcloud.site/tags/Don" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Don</span></a>'tmiss <a href="https://social.skynetcloud.site/tags/zerotrust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zerotrust</span></a> <a href="https://social.skynetcloud.site/tags/Features" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Features</span></a> <a href="https://social.skynetcloud.site/tags/Hotstuff" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hotstuff</span></a> <a href="https://social.skynetcloud.site/tags/BridgeIT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BridgeIT</span></a> <a href="https://social.skynetcloud.site/tags/strategy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>strategy</span></a> <a href="https://social.skynetcloud.site/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>News</span></a> <a href="https://social.skynetcloud.site/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISO</span></a> <a href="https://social.skynetcloud.site/tags/SaaS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SaaS</span></a> <a href="https://social.skynetcloud.site/tags/tips" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tips</span></a> <a href="https://social.skynetcloud.site/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a></p>
mutteripannu<p>What authentication apps do people who don’t wanna use Microsoft or Google, use? Recommendations? <a href="https://mstdn.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://mstdn.social/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2FA</span></a> <a href="https://mstdn.social/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a> <a href="https://mstdn.social/tags/AskFedi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AskFedi</span></a> Edit: should’ve specified that for the time being, I am on iOS.</p>
Dissent Doe :cupofcoffee:<p>Claim DENIED: Lack of <a href="https://infosec.exchange/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a> cost the City of Hamilton in Canada $18.3 million:</p><p><a href="https://www.cp24.com/local/hamilton/2025/07/31/hamilton-taxpayers-on-the-hook-for-full-183m-cyberattack-repair-bill-after-insurance-claim-denied/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cp24.com/local/hamilton/2025/0</span><span class="invisible">7/31/hamilton-taxpayers-on-the-hook-for-full-183m-cyberattack-repair-bill-after-insurance-claim-denied/</span></a></p><p><a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ransomware</span></a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/cyberinsurance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberinsurance</span></a></p>
Bytes Europe<p>Investing In Technology in a Challenging Farm Economy <a href="https://www.byteseu.com/1261284/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">byteseu.com/1261284/</span><span class="invisible"></span></a> <a href="https://pubeurope.com/tags/agtech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>agtech</span></a> <a href="https://pubeurope.com/tags/economy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>economy</span></a> <a href="https://pubeurope.com/tags/FarmEconomy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FarmEconomy</span></a> <a href="https://pubeurope.com/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a></p>
Prof. Dr. Dennis-Kenji Kipker<p>Was hilft eine <a href="https://chaos.social/tags/Cyberversicherung" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyberversicherung</span></a>, wenn man ihre Vertragsbedingungen nicht einhält: Das musste die Stadt <a href="https://chaos.social/tags/Hamilton" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hamilton</span></a> in <a href="https://chaos.social/tags/Kanada" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kanada</span></a> erleben, die Opfer von einem <a href="https://chaos.social/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ransomware</span></a> Angriff wurde.</p><p>Dabei sind IT-Wiederherstellungskosten iHv 18 Mio. USD angefallen, die man auf den Cyberversicherer umlegen wollte. Der sah jedoch <a href="https://chaos.social/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a> als Ausschlussklausel vor - was die Stadt nicht umgesetzt hatte.</p><p>Nun müssen die Bürger selbst für die Wiederherstellungskosten aufkommen:</p><p><a href="https://www.cbc.ca/news/canada/hamilton/cybersecurity-breach-1.7597713" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cbc.ca/news/canada/hamilton/cy</span><span class="invisible">bersecurity-breach-1.7597713</span></a> <a href="https://chaos.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
Marcus "MajorLinux" Summers<p>I mean, I get why they are doing these things, but at what point do they turn this into an ecosystem you get locked into?</p><p>Also, remember to two-factor your shit!</p><p>Proton Releases New Two-Factor Authentication App </p><p><a href="https://www.macrumors.com/2025/07/31/proton-releases-new-two-factor-authentication-app/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">macrumors.com/2025/07/31/proto</span><span class="invisible">n-releases-new-two-factor-authentication-app/</span></a></p><p><a href="https://toot.majorshouse.com/tags/Proton" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Proton</span></a> <a href="https://toot.majorshouse.com/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a> <a href="https://toot.majorshouse.com/tags/App" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>App</span></a> <a href="https://toot.majorshouse.com/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://toot.majorshouse.com/tags/Tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tech</span></a></p>
LMG Security<p>Iranian cyberattacks are ramping up—and they’re hitting critical infrastructure, defense, and businesses. From AI-generated phishing and deepfake propaganda to wiper malware targeting ICS and backups, Iranian threat actors are evolving fast.</p><p>In this episode of Cyberside Chats, <span class="h-card" translate="no"><a href="https://infosec.exchange/@sherridavidoff" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>sherridavidoff</span></a></span> and <span class="h-card" translate="no"><a href="https://infosec.exchange/@MDurrin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>MDurrin</span></a></span> break down the latest threats, real-world incidents, and what your organization can do to prepare.</p><p>🎥 Watch the video: <a href="https://youtu.be/vC29SaWdqG4" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtu.be/vC29SaWdqG4</span><span class="invisible"></span></a></p><p>🎧 Listen to the podcast: <a href="https://www.chatcyberside.com/e/the-title-of-cschats_308hyzz/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">chatcyberside.com/e/the-title-</span><span class="invisible">of-cschats_308hyzz/</span></a></p><p><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/WiperMalware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WiperMalware</span></a> <a href="https://infosec.exchange/tags/AIphishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AIphishing</span></a> <a href="https://infosec.exchange/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a> <a href="https://infosec.exchange/tags/PatchTuesday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PatchTuesday</span></a> <a href="https://infosec.exchange/tags/CriticalInfrastructure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CriticalInfrastructure</span></a> <a href="https://infosec.exchange/tags/CybersideChats" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CybersideChats</span></a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISO</span></a> <a href="https://infosec.exchange/tags/cyberattacks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberattacks</span></a> <a href="https://infosec.exchange/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IT</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/ITsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITsecurity</span></a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a></p>
Bytes Europe<p>Matviyenko’s visit to Switzerland – what is Ukraine’s reaction? | Ukrainian News <a href="https://www.byteseu.com/1236602/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">byteseu.com/1236602/</span><span class="invisible"></span></a> <a href="https://pubeurope.com/tags/HeorhiyTykhyi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HeorhiyTykhyi</span></a> <a href="https://pubeurope.com/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a> <a href="https://pubeurope.com/tags/SpecialTribunal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SpecialTribunal</span></a> <a href="https://pubeurope.com/tags/Switzerland" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Switzerland</span></a> <a href="https://pubeurope.com/tags/ValentinaMatvienko" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ValentinaMatvienko</span></a></p>
LMG Security<p>Federal Cybersecurity Cuts Increase the Risks for Your Organization</p><p>A sweeping executive order just wiped out key federal cybersecurity mandates—including SBOMs, encryption standards, and phishing-resistant MFA requirements. If your business buys software, handles sensitive data, or supports critical infrastructure, this rollback directly impacts you.</p><p>Find out:</p><p> ▪ Which protections were cut<br> ▪ Why the risk has shifted to your organization<br> ▪ What security leaders must do now to fill the gap</p><p>Read our blog: <a href="https://www.lmgsecurity.com/federal-cybersecurity-cuts-raise-risks-heres-how-to-respond/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">lmgsecurity.com/federal-cybers</span><span class="invisible">ecurity-cuts-raise-risks-heres-how-to-respond/</span></a></p><p><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/FederalCybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FederalCybersecurity</span></a> <a href="https://infosec.exchange/tags/SBOM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SBOM</span></a> <a href="https://infosec.exchange/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a> <a href="https://infosec.exchange/tags/ThirdPartyRisk" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThirdPartyRisk</span></a> <a href="https://infosec.exchange/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SupplyChainSecurity</span></a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISO</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/RiskManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RiskManagement</span></a> <a href="https://infosec.exchange/tags/ITsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITsecurity</span></a> <a href="https://infosec.exchange/tags/SMB" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMB</span></a></p>
Karl Voit :emacs: :orgmode:<p><a href="https://graz.social/tags/Authentifizierung" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authentifizierung</span></a> mit <a href="https://graz.social/tags/FIDO2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FIDO2</span></a> und <a href="https://graz.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passkeys</span></a> <a href="https://karl-voit.at/FIDO2-vs-Passkeys/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">karl-voit.at/FIDO2-vs-Passkeys/</span><span class="invisible"></span></a></p><p>Was das ist, warum man es nutzen soll und wie man sie im Vergleich zu anderen Methoden einschätzt.</p><p><a href="https://graz.social/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a> <a href="https://graz.social/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2FA</span></a> <a href="https://graz.social/tags/FIDO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FIDO</span></a> <a href="https://graz.social/tags/Passkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passkey</span></a> <a href="https://graz.social/tags/Sicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sicherheit</span></a> <a href="https://graz.social/tags/publicvoit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>publicvoit</span></a></p>
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/Veeam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Veeam</span></a> <a href="https://mastodon.thenewoil.org/tags/RecoveryOrchestrator" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RecoveryOrchestrator</span></a> users locked out after <a href="https://mastodon.thenewoil.org/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a> rollout</p><p><a href="https://www.bleepingcomputer.com/news/technology/veeam-recovery-orchestrator-users-locked-out-after-mfa-rollout/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/tech</span><span class="invisible">nology/veeam-recovery-orchestrator-users-locked-out-after-mfa-rollout/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
nemo™ 🇺🇦<p>🚨 New sophisticated phishing technique “PoisonSeed” tricks users into scanning malicious QR codes, bypassing FIDO key MFA protections via cross-device sign-in! 🛡️🔐 Users must stay vigilant &amp; organizations should strengthen monitoring. Full details: <a href="https://cyberinsider.com/new-poisonseed-attack-bypasses-fido-key-security-using-qr-codes/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cyberinsider.com/new-poisonsee</span><span class="invisible">d-attack-bypasses-fido-key-security-using-qr-codes/</span></a> <a href="https://mas.to/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mas.to/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a> <a href="https://mas.to/tags/FIDO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FIDO</span></a> <a href="https://mas.to/tags/PhishingAlert" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhishingAlert</span></a> <a href="https://mas.to/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://mas.to/tags/newz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>newz</span></a></p>
Jonathan Kamens 86 47<p>All the positive <a href="https://federate.social/tags/userExperience" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>userExperience</span></a> points <a href="https://federate.social/tags/HackerOne" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerOne</span></a> earned for how they were rolling out mandatory <a href="https://federate.social/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2FA</span></a> were just erased by them sending out reminder email to all of their users about configuring 2FA without filtering out the users who had already done it.<br>That's some lazy, user-hostile bullshit, is what that is.<br>When you know which users have already followed your instructions, you don't need to waste their time making them go back and check. <a href="https://federate.social/tags/smdh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>smdh</span></a><br><a href="https://federate.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://federate.social/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a> <a href="https://federate.social/tags/UX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UX</span></a></p>