2FA phishing
Apple OTP FAIL: ‘MFA Bomb’ Warning — Locks Accounts, Wipes iPhones
Rethink different: First, fatigue frightened users with multiple modal nighttime notifications. Next, call and pretend to be Apple support ...
Russian FSB Targets US and UK Politicians in Sneaky Spear-Phish Plan
TA446’s new TTPs: “Star Blizzard” FSB team called out by Five Eyes governments (again) ...
FCC’s Got New Rules for SIM-Swap and Port-Out Fraud
Too many times: Federal Communications Commission shuts stable door after horse bolted. But chairwoman Jessica Rosenworcel (pictured) was hoping it would save us ...
Teenage Hackers Must be Stopped: US DHS’s CSRB Report
2FA SMS FAIL: Lapsus$ social engineers exploited weak two-factor authentication. Something must be done! (Well, this is something.) ...
Threat Actors Turn to AiTM to Bypass MFA
Threat actors have started moving away from authenticating via legacy protocols to bypass multifactor authentication (MFA) in Microsoft 365, according to an Expel report on cybersecurity trends. Instead, malicious actors are adopting ...
Reddit Hacked — 2FA is no Phishing Phix
Reddit got hacked with a “sophisticated” spear phishing attack. The individual victim was an employee who clicked the wrong email link ...
Raspberry Worm Exposes Larger, More Complex Malware Ecosystem
Just a few months after its discovery by Red Canary researchers in May 2022, Raspberry Robin has quickly evolved from a worm that, while widely distributed, didn’t show any post-infection actions to ...
Phishing Attacks that Defeat 2FA Every Time
Protected with 2FA? Think Again. Two-factor authentication (2FA) is certainly a best practice for corporate security, but cybercriminals are also quite good at defeating it, often without a user’s knowledge. However 2FA ...
