Hot Topics

2FA phishing

DHS secretary Alejandro Mayorkas

Teenage Hackers Must be Stopped: US DHS’s CSRB Report

| | 2 factor auth, 2-factor authentication, 2fa, 2FA bypass, 2FA Flaws, 2FA phishing, 2FA policies, 2FA/MFA, cellphone fraud, CSRB, Cyber Safety Review Board, Department of Homeland Security, DHS, DUAL FACTOR AUTHENTICATION, factor auth, homeland security, Homeland Security Presidential Directive, homelandsecurity, Lapsus$, Multi-Factor Authentication, Multi-Factor Authentication (MFA), Multifactor Authentication, SB Blogwatch, SIM swap, sim swap fraud, SIM swap scams, SIM swapping, two factor authentication, U.S. Department of Homeland Security, United States Department of Homeland Security, US Homeland Security
2FA SMS FAIL: Lapsus$ social engineers exploited weak two-factor authentication. Something must be done! (Well, this is something.) ...
Security Boulevard
AiTM quantum attacks Raspberry Robin APT29 ransomware NATO Barracuda Networks ATO Attacks

Threat Actors Turn to AiTM to Bypass MFA

| | 2FA phishing, AiTM, bec, business email compromise, MFA
Threat actors have started moving away from authenticating via legacy protocols to bypass multifactor authentication (MFA) in Microsoft 365, according to an Expel report on cybersecurity trends. Instead, malicious actors are adopting ...
Security Boulevard
Reddit Hacked — 2FA is no Phishing Phix

Reddit Hacked — 2FA is no Phishing Phix

| | 2fa, 2FA phishing, 2FA/MFA, FIDO2, MFA, Phishing, reddit, Reddit breach, SB Blogwatch, spear fishing, TOTP, WebAuthn
Reddit got hacked with a “sophisticated” spear phishing attack. The individual victim was an employee who clicked the wrong email link ...
Security Boulevard
AiTM quantum attacks Raspberry Robin APT29 ransomware NATO Barracuda Networks ATO Attacks

Raspberry Worm Exposes Larger, More Complex Malware Ecosystem

| | 2FA phishing, Malware, Ransomware, Raspberry Robin Worm, USB malware
Just a few months after its discovery by Red Canary researchers in May 2022, Raspberry Robin has quickly evolved from a worm that, while widely distributed, didn’t show any post-infection actions to ...
Security Boulevard
Phishing Attacks that Defeat 2FA Every Time

Phishing Attacks that Defeat 2FA Every Time

| | 2FA phishing, Endpoint security, Phishing
Protected with 2FA? Think Again. Two-factor authentication (2FA) is certainly a best practice for corporate security, but cybercriminals are also quite good at defeating it, often without a user’s knowledge. However 2FA ...
SlashNext