Trump has begun another trade war. Here's a timeline of how we got here
Canada's leader laments lost friendship with US in town that sheltered stranded Americans after 9/11
Chinese EV giant BYD's fourth-quarter profit leaps 73%
You're an American in another land? Prepare to talk about the why and how of Trump 2.0
Chalk talk: Star power, top teams and No. 5 seeds headline the women's March Madness Sweet 16
Purdue returns to Sweet 16 with 76-62 win over McNeese in March Madness
Federal cybersecurity officials issued a stark warning for smartphone users against using text messages for two-factor authentication, citing vulnerabilities in telecommunications networks that could expose users to security breaches.
The Cybersecurity and Infrastructure Security Agency (CISA) released new guidance urging smartphone users to abandon SMS-based authentication codes following the discovery of widespread telecom network breaches. The agency emphasized that text messages lack encryption, making them susceptible to interception by malicious actors who gain access to telecommunications networks.
"SMS messages are not encrypted — a threat actor with access to a telecommunication provider's network who intercepts these messages can read them," CISA stated in its memo. The agency noted that text-based verification methods are not "phishing-resistant" and pose particular risks for high-profile targets.
The warning comes in the wake of major network intrusions affecting AT&T, Verizon, and other carriers, which officials believe were orchestrated by Chinese hackers. According to security experts, the breach campaign, known as Salt Typhoon, may be "ongoing and likely larger in scale than previously understood. "
Jeff Greene, executive assistant director for cybersecurity at CISA, acknowledged the persistent nature of the threat. "We cannot say with certainty that the adversary has been evicted," Greene told Politico. "We're on top of tracking them down ... but we cannot with confidence say that we know everything, nor would our partners."
CISA recommends users switch to more secure authentication methods, including dedicated authentication apps, FIDO authentication, or passkeys. While authentication apps remain vulnerable to certain breaches, they offer stronger protection than SMS-based verification. For services that only provide text-based two-factor authentication, the agency advises users to seek alternative platforms when possible.
Additional security measures recommended by CISA include implementing password managers, creating strong passwords, setting device PINs, and maintaining current software updates on personal devices. The FBI has also advised users to adopt encrypted messaging platforms like Signal or WhatsApp for general communication.
