Hab es jetzt noch mal versucht, weil ich dachte, es wäre vielleicht nur irgendein verrückter Fehler gewesen. App neu installiert.
Und wieder keine SMS, sondern "verification code" in Telegram-App.
Das darf doch echt nicht wahr sein!
#2fa
Deutsche Bahn App
Ähm... will mich einloggen, nachdem ich abgemeldet wurde, und kriege dann für die 2FA aber keine SMS, wie vereinbart, sondern von einem ominösen bot auf Telegram einen "verification code".
Wtf?
DB angerufen, Mitarbeiter wissen von nix. Ja, es gäbe Authentifizierungs-Apps, aber von Telegram wüssten sie nix.
Ich: Ich hab nur SMS zugestimmt.
MA: Ach, da werden Sie irgendwo zugestimmt haben, ohne dass Sie es wissen.
Wow.
Tycoon2FA Launches Attacks Targeting Office 365 Accounts
Pulse ID: 6924d16022a8b82da657b3f1
Pulse Link: https://otx.alienvault.com/pulse/6924d16022a8b82da657b3f1
Pulse Author: cryptocti
Created: 2025-11-24 21:42:56
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#2FA #CyberSecurity #InfoSec #OTX #Office #OpenThreatExchange #bot #cryptocti
MFA alone isn’t enough if attackers can exploit fatigue prompts or weak fallback options.
In this 1-minute video, Sherri Davidoff and Matt Durrin break down the most common gaps and what defenders must reassess. A strong security program starts with understanding how your MFA behaves under pressure. https://www.youtube.com/watch?v=x290l-EAo8Q
#Cybersecurity #MFA #MultifactorAuthentication #2FA #Authentication #AccessControl #Credentials #SecurityBestPractices
had a nice (but crowded) time at the anarchist book fair workshops today, specifically the one about not owning a phone! lots of great convos, philosophies, and modes of existence without cell phone!
lots of interest about, and shoutouts for @cwtch, @delta, and @briar -- e2ee (group) messengers that dont require a phone number (as a replacement for @signalapp)
lots of interest in #U2F, #FIDO2 hardware #2FA devices (as a replacement for SMS or push). i also recommend @keepassxc for keeping TOTP tokens!
really appreciated hearing all the side conversations about @tails, @Mastodon, and other decentralized tech
they are already planning the next one in 2026! anarchistbookfairamsterdam.org @AFA
#anarchistbookfairamsterdam #amsterdam #anarchism #bookfair #anarchistbookfair #activism #netherlands #antifascism
A theory has occurred to me as I woke up (probably irrational but I'll voice it anyway, just to get it out of my head)
I have an Uphold account from when the coil Web Monetization thing was running. They recently moved from allowing standards based 2FA (TOTP) to mandating installing their mobile app to sign in even on the web.
My first thought was that this was an information grab, but now wondering if it is also to stop people cashing out during a price crash
"Scammers Read the Times... Do You? | Weekly News Roundup" 👀👏
https://friendica.world/display/84b6ef2b-1369-20e4-4e78-876788160996
"Scammers Read the Times... Do You? | Weekly News Roundup" 👀👏
!!! NOTE !!! Switched To Linux is, “written by a broad spectrum computer consultant to help people learn more about the Linux platform.” This account is a supporter of Switched To Linux and provides convenience posts of thumbnails art, videos and streams.
<<Posts may contain hashtags as content may pertain to many distributions and/or related material/topics. Posts may be reposted, boosted, shared, etc. by bots and/or other accounts and are done so at the discretion of the bots/accounts that perform those actions. This account is not responsible for the action(s) of those bots and/or accounts. Therefore, Offended Discretion is advised.>>
ALL HAIL THE VAN PANTHERS!!!
#SwitchedToLinux #Linux #Windows #Mac #Technology #Tech #AltTech #Privacy #Private #Security #Secure #FOSS #FreeAndOpenSource #FreeAndOpenSourceSoftware #FreeOpenSourceSoftware #YouTube #Odysee #Rumble #BitChute #Locals #Patreon #DLive #Twitch #AltTech #FactCheckTrue #Fediverse #scammers #jobs #2fa
!!! Tell us what you think by filling out a "SATISFACTION SURVEY or ABUSE/SPAM REPORT" form from Teh AnKorage !!!
https://cryptpad.disroot.org/form/#/2/form/view/elsOVQUrXAmGuer4kd75JhA3mNELuCj8cTjEUynrZZo/
\*Videos may take a considerable amount of time to post. If it is not present, it will be, soon(tm).
#YouTube -
https://www.youtube.com/@SwitchedtoLinux/videos
#Odysee -
https://odysee.com/@switchedtolinux:0?view=content
#Rumble -
https://rumble.com/c/SwitchedToLinux/videos
#Bitchute -
https://www.bitchute.com/channel/uf9hzD216LX0
!!! NOTE !!! Switched To Linux is, “written by a broad spectrum computer consultant to help people learn more about the Linux platform.” This account is a supporter of Switched To Linux and provides convenience posts of thumbnails art, videos and streams.
<<Posts may contain hashtags as content may pertain to many distributions and/or related material/topics. Posts may be reposted, boosted, shared, etc. by bots and/or other accounts and are done so at the discretion of the bots/accounts that perform those actions. This account is not responsible for the action(s) of those bots and/or accounts. Therefore, Offended Discretion is advised.>>
ALL HAIL THE VAN PANTHERS!!!
#SwitchedToLinux #Linux #Windows #Mac #Technology #Tech #AltTech #Privacy #Private #Security #Secure #FOSS #FreeAndOpenSource #FreeAndOpenSourceSoftware #FreeOpenSourceSoftware #YouTube #Odysee #Rumble #BitChute #Locals #Patreon #DLive #Twitch #AltTech #FactCheckTrue #Fediverse #scammers #jobs #2fa
!!! Tell us what you think by filling out a "SATISFACTION SURVEY or ABUSE/SPAM REPORT" form from Teh AnKorage !!!
https://cryptpad.disroot.org/form/#/2/form/view/elsOVQUrXAmGuer4kd75JhA3mNELuCj8cTjEUynrZZo/
\*Videos may take a considerable amount of time to post. If it is not present, it will be, soon(tm).
#YouTube -
https://www.youtube.com/@SwitchedtoLinux/videos
#Odysee -
https://odysee.com/@switchedtolinux:0?view=content
#Rumble -
https://rumble.com/c/SwitchedToLinux/videos
#Bitchute -
https://www.bitchute.com/channel/uf9hzD216LX0
🧩 3️⃣ Kit de phishing 2FA “Sneaky 2FA” evoluciona con técnica Browser-in-the-Browser.
Los investigadores de Push Security detectaron que el kit de phishing como servicio (PhaaS) Sneaky 2FA ahora incorpora una técnica llamada Browser‑in‑the‑Browser (BitB), que simula ventanas de navegador dentro del navegador para engañar a los usuarios e interceptar credenciales, incluso con autenticación de dos factores (2FA).
🚨 Los hackers acaban de mejorar su juego de phishing. Un falso inicio de sesión de Microsoft ahora parece 100% real — incluso mostrando una URL real y verificación de CAPTCHA.
Es parte de un nuevo kit de phishing “Sneaky 2FA” que permite a cualquiera robar cuentas sin habilidades reales.
Incluso los pros están cayendo en la trampa.
🔒 ¿Más protección o más sofisticación de los atacantes?
#Privacidad #Ciberseguridad #Phishing #2FA
https://thehackernews.com/2025/11/sneaky-2fa-phishing-kit-adds-bitb-pop.html
換了新手機,以前設的 #SteamGuard 和第三方 #2FA 驗證器同時顯示驗證碼 (TOTP) 也只剩第三方那還活著。
為了要能同時滿足透過 Steam APP 接收登入通知、掃碼登入及直接從 #KeePass 取得 TOTP,我使用了 dyc3 開發的 steamguard-cli,它成為主驗證器後就能在電腦上取得 2FA secret。
首先執行 steamguard setup,登入後選擇 R 方式轉驗證器,然後輸入原來的復原碼,最重要的步驟來了:「steamguard-cli 要求輸入簡訊驗證碼時不動,要先在 Steam APP 新增驗證器,然後一樣會得到輸入簡訊驗證碼,這時把最後收到的簡訊碼輸入兩邊」,然後電腦執行 steamguard 應該可以看和手機上的驗證碼是一致的,最後去打開 maFiles 資料夾裡的 .maFile,找到 secret= 後到 & 前就是要生成 OTP 的 secret key 了,把它複製到驗證器要求的格式裡,到就大功告成啦🎉🎉🎉
最後 maFile 建議刪除,因為預設是明碼,安全性太低……
Posted Part 2 of my CybersecKyle How-To Series, Everyday Defense: 2FA Rescue & Recovery.
If your phone vanished today, could you still sign in? Build a small kit so a lost phone doesn’t lock you out. Backup codes, spare key, passkeys, and a 60-second drill.
Stop advising 2FA/MFA using SMS/TOTP!
They're NOT phishing-proof, for example:
Black Friday: Os 10 esquemas mais perigosos e como proteger a sua carteira
🔗 https://tugatech.com.pt/t74406-black-friday-os-10-esquemas-mais-perigosos-e-como-proteger-a-sua-carteira
#2fa #facebook #fraude #instagram #malware #marketplace #navegador #online #phishing #segurança #sem #software
Intrducing Proton Authenticator: secure 2FA, your way
https://proton.me/blog/authenticator-app
source: @protonprivacy
X’s security-key switchover to the x.com domain is causing lockouts as some users get stuck in re-enrollment loops 🔐
Passkeys tied to twitter.com can’t transfer, forcing manual setup — and raising concerns about reliability during major domain shifts ⚠️
Public frustration continues 🤔
#TechNews #Security #Privacy #X #ElonMusk #Authentication #Passkeys #2FA #Cybersecurity #Accounts #DataProtection #Technology #Apps
Found a recovery code that I printed out but didn't write what it was for on the sheet of paper. Now, that look at it, I have no idea what that will recover. Unsure if I should bother to hold on to the piece of paper indefinitely or just shred it now. #2FA
Think 2FA is just another login hassle? Think again. 👀
With DeftShip’s Two-Factor Authentication, your account gets the ultimate protection against hackers, leaks, and unauthorized access so your business stays safe and stress-free.
One extra step. Maximum protection. 🔐
Try it now: www.deftship.com
iOS: https://bitl.to/5K3n
Android: https://bit.ly/47Xx9EH
#DeftShip #2FA #OnlineSecurity #ShippingMadeSimple #BusinessProtection #EcommerceSafety #DeftShipTips
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst