2FA phishing
Apple OTP FAIL: ‘MFA Bomb’ Warning — Locks Accounts, Wipes iPhones
Richi Jennings | | 2fa, 2FA bypass, 2FA Flaws, 2FA phishing, 2FA solution, 2FA/MFA, Apple, apple bug, Apple Data Security, apple hack, apple hacker, Apple iCloud, Apple ID, Apple ID failure, Apple iOS, Apple iPad, Apple iPhone, bypass 2FA, MFA, MFA Bombing, mfa fatigue, MFA hacks, mfa protection, mfasecurity, Multi-Factor Authentication (MFA), OTP, OTP circumvention bot, OTP interception bot, phishing-resistant MFA, push otp, SB Blogwatch, TOTP, two-factor-authentication.2fa
Rethink different: First, fatigue frightened users with multiple modal nighttime notifications. Next, call and pretend to be Apple support ...
Security Boulevard
Russian FSB Targets US and UK Politicians in Sneaky Spear-Phish Plan
Richi Jennings | | 2FA phishing, advanced phishing threats, Aleksandrovich Peretuatko, Alexey Doguzhiev, Andrey Stanislavovich Korinets, Callisto Group, center 18, Evilginx, Federal Security Service, five eyes, FSB, linkedin, Phishing, Russia, russia hacker, russia-based, russian, Russian Cyber Interests, Russian Cyber War, Russian FSB, SB Blogwatch, Seaborgium, spear fishing, spear phishing attacks, spear-phishing, SpearPhishing, Star Blizzard, TA446
TA446’s new TTPs: “Star Blizzard” FSB team called out by Five Eyes governments (again) ...
Security Boulevard
FCC’s Got New Rules for SIM-Swap and Port-Out Fraud
Richi Jennings | | 2 factor, 2 factor auth, 2-factor authentication, 2FA apps, 2FA bypass, 2FA Flaws, 2FA phishing, 2FA policies, 2FA/MFA, Cloud MFA, DUAL FACTOR AUTHENTICATION, fcc, FCC Failures, FCC Follies, hacking two factor, Jessica Rosenworcel, MFA, MFA hacks, mfasecurity, Multi-Factor Authentication (MFA), number port-out fraud, number port-out scams, Number Portability Administration Center, port-out scams, SB Blogwatch, SIM swap, sim swap fraud, SIM swap scams, SIM swapping, SMS, SMS messages, SMS phishing, sms scam, SMS scams, smshing, two-factor-authentication.2fa
Too many times: Federal Communications Commission shuts stable door after horse bolted. But chairwoman Jessica Rosenworcel (pictured) was hoping it would save us ...
Security Boulevard
Teenage Hackers Must be Stopped: US DHS’s CSRB Report
Richi Jennings | | 2 factor auth, 2-factor authentication, 2fa, 2FA bypass, 2FA Flaws, 2FA phishing, 2FA policies, 2FA/MFA, cellphone fraud, CSRB, Cyber Safety Review Board, Department of Homeland Security, DHS, DUAL FACTOR AUTHENTICATION, factor auth, homeland security, Homeland Security Presidential Directive, homelandsecurity, Lapsus$, Multi-Factor Authentication, Multi-Factor Authentication (MFA), Multifactor Authentication, SB Blogwatch, SIM swap, sim swap fraud, SIM swap scams, SIM swapping, two factor authentication, U.S. Department of Homeland Security, United States Department of Homeland Security, US Homeland Security
2FA SMS FAIL: Lapsus$ social engineers exploited weak two-factor authentication. Something must be done! (Well, this is something.) ...
Security Boulevard
Threat Actors Turn to AiTM to Bypass MFA
Threat actors have started moving away from authenticating via legacy protocols to bypass multifactor authentication (MFA) in Microsoft 365, according to an Expel report on cybersecurity trends. Instead, malicious actors are adopting ...
Security Boulevard
Reddit Hacked — 2FA is no Phishing Phix
Richi Jennings | | 2fa, 2FA phishing, 2FA/MFA, FIDO2, MFA, Phishing, reddit, Reddit breach, SB Blogwatch, spear fishing, TOTP, WebAuthn
Reddit got hacked with a “sophisticated” spear phishing attack. The individual victim was an employee who clicked the wrong email link ...
Security Boulevard
Raspberry Worm Exposes Larger, More Complex Malware Ecosystem
Just a few months after its discovery by Red Canary researchers in May 2022, Raspberry Robin has quickly evolved from a worm that, while widely distributed, didn’t show any post-infection actions to ...
Security Boulevard
Phishing Attacks that Defeat 2FA Every Time
Protected with 2FA? Think Again. Two-factor authentication (2FA) is certainly a best practice for corporate security, but cybercriminals are also quite good at defeating it, often without a user’s knowledge. However 2FA ...