Troy Hunt

AUGUST 30, 2023

They'd observed a phishing campaign that had collected 68k credentials from unsuspecting victims and asked if HIBP may be used to help alert these individuals to their exposure. Last week I was contacted by CERT Poland. Data accumulated by the malicious activity spanned from October 2022 until just last week.

Phishing 338

Phishing Password Management Passwords Banking 338

Bleeping Computer

APRIL 1, 2024

Google has started automatically blocking emails sent by bulk senders who don't meet stricter spam thresholds and authenticate their messages as required by new guidelines to strengthen defenses against spam and phishing attacks. [.]

Phishing 138

Phishing Authentication 138

The State of Security

JULY 14, 2022

Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences. Read more in my article on the Tripwire State of Security blog.

Authentication 141

Authentication Phishing Passwords 141

Bleeping Computer

MARCH 25, 2024

Cybercriminals have been increasingly using a new phishing-as-a-service (PhaaS) platform named 'Tycoon 2FA' to target Microsoft 365 and Gmail accounts and bypass two-factor authentication (2FA) protection. [.]

Phishing 143

Phishing Accountability Authentication 143

Security Boulevard

JULY 6, 2023

The post Generative AI is Making Phishing Attacks More Sophisticated… But You Can Remove the Bait with Passwordless Authentication appeared first on Axiad. The post Generative AI is Making Phishing Attacks More Sophisticated… But You Can Remove the Bait with Passwordless Authentication appeared first on Security Boulevard.

Authentication 98

Authentication Artificial Intelligence Phishing 98

The Last Watchdog

JULY 24, 2023

Today, bad actors are ruthlessly skilled at cracking passwords – whether through phishing attacks, social engineering, brute force, or buying them on the dark web. In fact, according to Verizon’s most recent data breach report, approximately 80 percent of all breaches are caused by phishing and stolen credentials.

Authentication 202

Authentication Passwords Phishing Social Engineering 202

Schneier on Security

OCTOBER 21, 2021

Roger Grimes on why multifactor authentication isn’t a panacea : The first time I heard of this issue was from a Midwest CEO. His organization had been hit by ransomware to the tune of $10M. Operationally, they were still recovering nearly a year later. And, embarrassingly, it was his most trusted VP who let the attackers in.

Authentication 326

Authentication Ransomware Social Engineering Engineering 326

Security Affairs

APRIL 18, 2024

An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost. An international law enforcement operation, codenamed Nebulae and coordinated by Europol, led to the disruption of LabHost, which is one of the world’s largest phishing-as-a-service platforms.

Phishing 107

Phishing Cybercrime Passwords Banking 107

Malwarebytes

AUGUST 4, 2023

Attackers believed to have ties to Russia's Foreign Intelligence Service (SVR) are using Microsoft Teams chats as credential theft phishing lures. In the phishing attacks the group leverages previously compromised Microsoft 365 instances, mostly owned by small businesses, to create new domains that look like technical support accounts.

Authentication 91

Authentication Phishing Small Business Accountability 91

Krebs on Security

AUGUST 17, 2023

You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The INTERPOL statement says the platform sold hacking tools to compromise more than 70,000 users in 43 countries.

Phishing 185

Phishing Passwords Internet Internet 185

Duo's Security Blog

OCTOBER 18, 2023

Once delivered, a phish typically wants to invoke emotion and prey on our natural desires to act and help fix a problem, such as “you have to do X, or else X will happen”. Phishing requires you to act with a specific set of instructions Don’t engage and trust nothing. Look beyond the email sender and website URLs used.

Phishing 131

Phishing Security Awareness Software Media 131

Dark Reading

NOVEMBER 7, 2022

Microsoft added certificate-based authentication (CBA) to the Azure Active Directory to help organizations enable phishing-resistant MFA that complies with US federal requirements. The change paves the way for enterprises to migrate their Active Directory implementations to the cloud.

Authentication 69

Authentication Phishing 69

Security Boulevard

MARCH 6, 2024

In a recent blog post, we discussed what phishing-resistant multi-factor authentication (MFA) is and why. The post How to Adopt Phishing-Resistant MFA appeared first on Axiad. The post How to Adopt Phishing-Resistant MFA appeared first on Security Boulevard.

Phishing 62

Phishing Authentication 62

Bleeping Computer

DECEMBER 20, 2023

A new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account. [.]

Backups 129

Backups Phishing Authentication Accountability 129

Dark Reading

JULY 13, 2022

The massive phishing campaign does not exploit a vulnerability in MFA. Instead, it spoofs an Office 365 authentication page to steal credentials.

Authentication 90

Authentication Phishing 90

Adam Levin

OCTOBER 8, 2019

The FBI is warning businesses about a new series of cyberattacks that can circumvent multi-factor authentication (MFA). In a Private Industry Notification (PIN), the FBI warned businesses that “cyber actors” had been observed, “circumventing multi-factor authentication through common social engineering and technical attacks.”

Authentication 210

Authentication Cyber Attacks Social Engineering Engineering 210

Security Boulevard

JANUARY 24, 2023

Phishing for 2FA codes is the latest in specialized bots that make it easier and quicker for fraudsters to fool their targets into providing their authentication codes or OTPs. The post Bots Are Now Robocalling to Phish For Your Two-Factor Authentication (2FA) Codes appeared first on Radware Blog.

Authentication 57

Authentication Phishing 57

Security Boulevard

MARCH 19, 2024

Multi-factor authentication (or MFA) based phishing campaigns pose a significant threat, as they exploit the. The post How MFA-Based Phishing Campaigns are Targeting Schools appeared first on Security Boulevard.

Phishing 67

Phishing Authentication 67

Security Boulevard

MARCH 15, 2024

In the ever-evolving landscape of cybersecurity, a fresh menace has emerged, targeting crypto enthusiasts through a sophisticated phishing kit. Learning how to avoid crypto phishing is crucial […] The post Crypto Phishing Kit Impersonating Login Pages: Stay Informed appeared first on TuxCare.

Phishing 104

Phishing Cryptocurrency Mobile Engineering 104

Security Affairs

MARCH 14, 2023

Microsoft warns of large-scale phishing attacks orchestrated with an open-source adversary-in-the-middle (AiTM) phishing kit available in the cybercrime ecosystem Adversary-in-the-middle (AiTM) phishing kits are becoming an essential technology in the cybercrime ecosystem that is used by multiple threat actors to launch phishing attacks.

Phishing 90

Phishing Cybercrime Authentication Mobile 90

Malwarebytes

FEBRUARY 20, 2023

From March 19, users of Twitter won’t be able to use SMS-based two-factor authentication (2FA) unless they have a subscription to the paid Twitter Blue service. You can still use the authentication app and security key methods. To avoid losing access to Twitter, remove text message two-factor authentication by Mar 19, 2023.

Authentication 94

Authentication Phishing Mobile Accountability 94

Bleeping Computer

OCTOBER 3, 2023

Google will introduce new sender guidelines in February to bolster email security against phishing and malware delivery by mandating bulk senders to authenticate their emails and adhere to stricter spam thresholds [.]

Phishing 119

Phishing Malware Authentication 119

Krebs on Security

FEBRUARY 8, 2021

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin , a software package used to administer what’s being called “one of the world’s largest phishing services.” The U-Admin phishing panel interface. Image: fr3d.hk/blog. ” U-Admin, a.k.a.

Phishing 256

Phishing Scams Banking Mobile 256

Malwarebytes

APRIL 18, 2024

A major international law enforcement effort involving agencies from 19 countries has disrupted the notorious LabHost phishing-as-a-service platform. This data will be used to support ongoing international operational activities focused on targeting the malicious users of this phishing platform.

Phishing 67

Phishing Passwords Authentication Cybercrime 67

SecureWorld News

FEBRUARY 15, 2024

A sophisticated form of mobile malware dubbed "GoldPickaxe" has been uncovered, which collects facial recognition data to produce deepfake videos, enabling hackers to bypass biometric authentication protections on banking apps. Experts warn that biometric authentication alone is not foolproof.

Social Engineering 74

Social Engineering Mobile Authentication Engineering 74

Security Affairs

JULY 12, 2022

A large-scale phishing campaign used adversary-in-the-middle (AiTM) phishing sites to hit more than 10,000 organizations. In AiTM phishing, threat actors set up a proxy server between a target user and the website the user wishes to visit, which is the phishing site under the control of the attackers.

Phishing 134

Phishing Authentication Social Engineering Passwords 134

Security Boulevard

APRIL 18, 2023

Phishing attacks continue to be one of the most significant threats facing organizations today. As businesses increasingly rely on digital communication channels, cybercriminals exploit vulnerabilities in email, SMS, and voice communications to launch sophisticated phishing attacks.

Phishing 120

Phishing Social Engineering Education Retail 120

Tech Republic Security

MARCH 23, 2023

Microsoft has already seen millions of phishing emails sent every day by attackers using this phishing kit. The post Massive adversary-in-the-middle phishing campaign bypasses MFA and mimics Microsoft Office appeared first on TechRepublic. Learn how to protect your business from this AitM campaign.

Phishing 209

Phishing Authentication Cybersecurity 209

Tech Republic Security

FEBRUARY 8, 2022

Proofpoint researchers have found that “phish kits” available for purchase online are beginning to adapt to MFA by adding transparent reverse proxies to their list of tools. The post Hackers have begun adapting to wider use of multi-factor authentication appeared first on TechRepublic.

Authentication 155

Authentication Phishing 155

Identity IQ

FEBRUARY 8, 2024

How to Spot an Email Phishing Attempt at Work IdentityIQ In the modern workplace, technology is just as common as the typical morning cup of coffee. Among these ever-present threats is phishing, which is a deceptively simple yet effective method cybercriminals use to compromise both business and personal accounts. What Is Phishing?

Phishing 96

Phishing Scams Education Firewall 96

Security Boulevard

MARCH 17, 2021

Today, Akamai announced Akamai MFA, a phish-proof multi-factor authentication (MFA) service for the workforce that delivers all of the security benefits of FIDO2 with the frictionless end-user experience of a mobile push on a smartphone. Why has Akamai introduced this new service?

Authentication 57

Authentication Phishing Mobile 57

The Last Watchdog

DECEMBER 6, 2021

This traditional authentication method is challenging to get rid of, mostly because it’s so common. And for businesses, transitioning to new authentication solutions can be expensive and time-consuming. It supports standards that make implementing newer, stronger authentication methods possible for businesses.

Authentication 219

Authentication Passwords Mobile Phishing 219

Security Boulevard

AUGUST 21, 2021

The post DEF CON 29 Main Stage – Jenko Hwong’s ‘New Phishing Attacks Exploiting OAuth Authentication Flows’ appeared first on Security Boulevard. Our thanks to DEFCON for publishing their outstanding DEFCON Conference Main Stage Videos on the groups' YouTube channel.

Authentication 98

Authentication Phishing Education InfoSec 98

Security Boulevard

JULY 14, 2022

Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences.

Authentication 52

Authentication Phishing Passwords 52

SecureList

APRIL 5, 2023

They have become adept at using Telegram both for automating their activities and for providing various services — from selling phishing kits to helping with setting up custom phishing campaigns — to all willing to pay. ” Links to the channels are spread via YouTube, GitHub and phishing kits they make.

Phishing 115

Phishing Marketing Scams Accountability 115

CSO Magazine

JANUARY 4, 2023

Every business needs a secure way to collect, manage, and authenticate passwords. Storing passwords in the browser and sending one-time access codes by SMS or authenticator apps can be bypassed by phishing. Unfortunately, no method is foolproof.

Authentication 129

Authentication Password Management Backups Passwords 129

Bleeping Computer

SEPTEMBER 6, 2022

A reverse-proxy Phishing-as-a-Service (PaaS) platform called EvilProxy has emerged, promising to steal authentication tokens to bypass multi-factor authentication (MFA) on Apple, Google, Facebook, Microsoft, Twitter, GitHub, GoDaddy, and even PyPI. [.].

Phishing 141

Phishing Authentication 141