Tycoon 2FA Goes Boom as Europol, Vendors Bust Phishing Platform
The phishing-as-a-service platform was popular among cyber threat actors because of its ability to bypass multifactor authentication defenses.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
The phishing-as-a-service platform was popular among cyber threat actors because of its ability to bypass multifactor authentication defenses.
You probably can't break FIDO authentication. Still, researchers have shown that there are ways to get around it.
Researchers discovered a novel phishing attack that serves the victim a QR code as part of supposed multifactor authentication (MFA), in order to get around FIDO-based protections.
Hackers are exploiting trusted authentication flows — like Microsoft Teams and IoT logins — to trick users into handing over access tokens, bypassing MFA and slipping undetected into corporate networks.
In a cyber twist, attackers behind two of the campaigns are using the apps to redirect users to phishing and malware distribution sites.
A third-party telephony service provider for Cisco Duo falls prey to social engineering, and the company advises customer vigilance against subsequent phishing attacks.
Axiad's State of Authentication Survey also found nearly half of respondents think phishing is the most likely cyberattack, yet only 27% plan to use phishing-resistant MFA next year.
The latest update to Windows 11 introduces support for passkeys, which provide phishing-resistant passwordless authentication.
Extending multifactor authentication to include device identity assurance offers more authentication confidence than what multiple user-identity factors can by themselves.
Microsoft added certificate-based authentication (CBA) to the Azure Active Directory to help organizations enable phishing-resistant MFA that complies with US federal requirements. The change paves the way for enterprises to migrate their Active Directory implementations to the cloud.
The campaign uses adversary-in-the-middle techniques to bypass multifactor authentication, evade detection.
The massive phishing campaign does not exploit a vulnerability in MFA. Instead, it spoofs an Office 365 authentication page to steal credentials.