A subrogration lawsuit that is interesting to follow.

"Last month, Ace American Insurance Company filed a subrogation action against its insured’s cybersecurity and technology vendors, alleging missteps by the technology companies. See Ace American Insurance Company v. Congruity 360, Trustwave Holdings, Case No. 2:25-cv-15657 (D.N.J. Sep. 15, 2025). Ace seeks to recover the $500,000 in damages it paid to its insured, CoWorx, under the cybersecurity policy issued by Ace. Ace alleges that its insured’s cyber incident occurred as a result of Congruity 360 and Trustwave’s negligence. Ace also asserts breach of contract against both defendants."

Read more at https://www.hunton.com/hunton-insurance-recovery-blog/policyholder-plot-twist-cyber-insurer-sues-policyholders-cyber-pros

Direct link to lawsuit complaint: https://www.hunton.com/hunton-insurance-recovery-blog/assets/htmldocuments/ACE%20AMERICAN%20INSURANCE%20COMPANY%20v.%20CONGRUITY%20360%20LLC_complaint.pdf

#vendors #subrogation #lawsuit #MFA #negligence #databreach

It appears that BofA does some sort of browser fingerprinting to identify repeat visits from the same user and bypass MFA, while Fidelity does not -- so I need to do the stupid SMS dance with Fidelity for every login (because private window) but not BofA. Make of that what you will. #infosec #mfa #2fa

Hey @bitwarden you are being misleading and it's making us sad.

Your website currently has a misleading link (and its affecting us being able to recommend ur tools).

Your dedicated Authentor app on the "Bitwarden Authenticator' page, has a Download it today button at the top of the page > That SHOULD take folks to the Authenticator download links (like at the bottom of the page), but instead it takes people to download the FULL Bitwarden Password Manager software.

Currently we're having to recommend folks use an alternative service as this is coming across as sneaky and dirty tactics. Really hoping it was unintentional. Regardless, pls fix so that this link takes ppl to download the tool they are expecting.

We were hoping to recommend ur service at our upcoming Digital Lounges, but we only endorse the most ethical open providers and stuff like this is the stuff the community notices.

#BItwarden #AuthenticatorApp #MFA #2FA #Authentication #Misleading #MisleadingCopy #Marketing #BigTech #FOSS

Were you one of the Discord users that received an email regarding the 9/20 incident?

I wrote a guide on what to do if you were affected and how you can protect yourself.

Full guide 👉 https://www.kylereddoch.me/blog/what-to-do-if-you-were-affected-by-the-discord-september-20th-security-incident/

#Discord #DataBreach #Cybersecurity #Infosec #AppSec #MFA

#PasswortSicherheit - #Passkey oder #MFA oder beides? - Sicherheit in Digitalen Raum ist wichtig und jede*r, der Wert auf die eigenen Informationen, Daten, Dokumente (oder Geld) legt, sollte sich eine gute Lösung für den Schutz des Zugangs zurechtlegen.

Hier habe ich versucht die beiden Möglichkeiten kurz "vereinfacht" zu erklären:

https://harald-schirmer.de/2025/10/07/passwort-insights-passkey-multifaktorauthentifizierung

Widespread reliance on weak authentication puts organizations at risk

@aibot With so many employees lacking cybersecurity training and weak password use widespread, how can organizations realistically push for stronger adoption of MFA and passkeys?

[View original comment]

Modernes #MFA: Gib eine Mailadresse an und den Code, den wir an genau diese Adresse gesendet haben....
Wo ist jetzt eigendlich das "Multi" geblieben..? Ein Passwort braucht es nicht mehr und meine Mailadresse ist weithin bekannt...

#Azure #MFA #Phase2

In phase 2, multifactor authentication will be required for all users that leverage Azure CLI, Azure PowerShell, Azure mobile app, laC tools, Azure Identity SDK, and MSAL. Phase 2 enforcement is scheduled to begin after October 1, 2025.

🛡️ Multi-Factor Is a Must 🛡️

Passwords alone aren’t enough. Add an extra layer of security with multi-factor authentication (MFA).
✅ Something you know (password)
✅ Something you have (authenticator app / token)
✅ Something you are (biometrics)

Double the protection. Double the peace of mind. 🔒

#CyberAwareness #MFA #StaySecureOnline #emtdisti #emtCyberMindful

Grupo de ransomware Medusa tentou recrutar jornalista da BBC para ataque interno
🔗 https://tugatech.com.pt/t72337-grupo-de-ransomware-medusa-tentou-recrutar-jornalista-da-bbc-para-ataque-interno

#ataque #base #ciberataque #Hacker #hackers #malware #mfa #ransomware #segurança #sem #signal 

l+f: Nie mehr arbeiten dank #Cybercrime | heise online https://www.heise.de/news/l-f-Nie-mehr-arbeiten-dank-Cybercrime-10679732.html #MFABombing #MFA #MFAFatigue #MultiFaktorAuthentifizierung #MultiFactorAuthentification #MultiFactorAuthentication #Ransomware #Malware

📷 #photography #MFA #Boston

Explore Trailblazing Street Photography in ‘Faces in the Crowd’ at MFA Boston

https://www.thisiscolossal.com/2025/10/faces-in-the-crowd-street-photography-mfa-boston-exhibition/

Scattered Spider isn’t going away — but the indictments offer valuable lessons for security leaders. Help desk manipulation, MFA fatigue, and insider recruitment remain their go-to tactics.

Our latest blog breaks down what the court documents reveal and what defenders can do now: lock down verification at the help desk, pressure-test MFA, and prepare leadership for ransom decisions.

Read the full analysis: https://www.lmgsecurity.com/inside-scattered-spider-indictments-what-security-leaders-need-to-know/

#Cybersecurity #Ransomware #MFA

Given that there are more attacks than yesterday, I presume that my personal research is successful. 😋

Last week I started wondering whether #HOTP #MFA (and by extension TOTP) are #zeroknowledge #zeroknowledgeproof. I couldn't find an immediate answer, but even more, there were very few results combining these two topics. So I did my own research and evaluation.

https://dannyvanheumen.nl/post/analysis-are-hotp-zero-knowledge-proofs/

https://mastodon.social/@cobratbq/115302085011196483

True Stories of Cyber Awareness: MFA
Would you slap a systems engineer if they said they thought MFA was enabled?

https://wadebach.blackcatwhitehatsecurity.com/blog.cfm#MFAMF

#Blog #True #Stories #Cyber #Awareness #MFA #Technology

साइबर सुरक्षा के लिए दो-कारक प्रमाणीकरण (2FA) का उपयोग कैसे करें?
पूरी जानकारी के लिए क्लिक कीजिये यहाँ: https://tinyurl.com/3rpcyp57

#TwoFactorAuthentication #Cybersecurity #OnlineSecurity #DigitalSecurity #ProtectYourAccounts #SecurityTips #TechSafety #AuthenticatorApp #SecureYourData #CyberSafe #OnlinePrivacy #DataProtection #AccountSecurity #HackingPrevention #InternetSafety #MFA #IdentifyTheftPrevention #SecureLogin #PasswordSecurity #TwoFA

I have posted the initial version for the analysis on 'are #HOTP #zeroknowledge proofs'.
Although the blog post is not very mathematical in nature, I seem to have covered all relevant aspects. Previous social media posts covered the gist, but there is more detail present in the blog post.

https://dannyvanheumen.nl/post/analysis-are-hotp-zero-knowledge-proofs/

#zeroknowledgeproof #security #computerscience #MFA

🔐 2025 NIST password guidelines are here

Usability over complexity ⚖️

• Longer passwords (up to 64 chars), not stricter ones ✍️
• No forced resets—only when compromised 🔄
• Ditch complexity rules & security questions 🧩
• Use password blocklists & modern tools like MFA + password managers 🛡️

@protonprivacy

🔗 https://proton.me/blog/nist-password-guidelines

#TechNews #Cybersecurity #Password #Passwords #Infosec #Compliance #HIPAA #GDPR #Security #DataProtection #Privacy #MFA #Encryption #IT #ZeroTrust #Authentication

When you force users to use two-factor authentication, make them create TOTP keys for login, allow them also to create passkey but do not offer it as a valid login method, and then one day years later you just stop accepting TOTP and force them use the old passkey they set up years ago. How many of your users are going to still remember which device they set up, or even have access to that device?

#microsoft #tfa #mfa #security

Yubico’s 2025 Global State of Authentication survey shows 62% of Gen Z engaged with a phishing attempt in the past year, far above other age groups. With 70% of respondents believing AI makes phishing more effective, the findings show the urgent need for phishing-resistant MFA, security keys, and better cyber training across all generations.

https://forum.hashpwn.net/post/4247

#cybersecurity #genz #mfa #2fa #phishing #attack #hashpwn