What About Password Manager Risks?

In KnowBe4’s new Password Policy ebook, What Your Password Policy Should Be, we recommend that all users use a password manager to create and use perfectly random passwords. A perfectly ...
Continue Reading

Microsoft is Leading the Way to a Password-Less Future

As we observe World Password Day to create awareness around the need for password security, Microsoft is looking for frictionless ways to eliminate passwords entirely.
Continue Reading

“Being Annoying” as a Social Engineering Approach

Attackers are spamming multifactor authentication (MFA) prompts in an attempt to irritate users into approving the login, Ars Technica reports. Both criminal and nation-state actors are ...
Continue Reading

Making Better Push-Based MFA

I used to be a huge fan of Push-Based Multifactor Authentication (MFA), but real-world use has shown that most of today’s most popular implementations are not sufficiently protective ...
Continue Reading

Scammers Use a Mix of Stolen Credentials, Inbox Rules, and a Rogue Outlook Client Install to Phish Internal and External Victims

Organizations that are not using Microsoft’s multi-factor authentication are finding themselves victims of credential attacks that involve threat actors installing Outlook on a controlled ...
Continue Reading

The 4 Things You Should Be Doing Right Now To Best Improve Your Cybersecurity

The key to really good cybersecurity is to concentrate on just 4 things. Master them first before you begin to try and do the other hundreds of things that everyone else is going to tell ...
Continue Reading

U.S. Government Says To Use Phishing-Resistant MFA

The U.S. government has been pushing people to avoid SMS- and voice call-based multi-factor authentication (MFA) for years, but their most recent warning is to avoid any MFA that is ...
Continue Reading

Hackers rob thousands of Coinbase customers using phishing attacks and an MFA flaw

Bleepingcomputer was first to report: "Crypto exchange Coinbase disclosed that a threat actor stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company's ...
Continue Reading

Can the Microsoft 365 Platform Be Trusted to Stop Security Breaches?

Lax security policies, a lack of security measures and solutions in place, and an expectation that Microsoft will address any security issues is putting organizations at risk.
Continue Reading

Cyber Insurance Industry Wrongly Hedging Its Bets on MFA

Because of ransomware attacks, I have been covering the cybersecurity insurance industry for a few years, including here. I even have a whole chapter dedicated to cybersecurity insurance ...
Continue Reading

Credential Stuffing in the Travel and Retail Sectors

The travel and retail sectors are the top targets for credential stuffing attacks, according to Auth0’s State of Secure Identity report. Credential stuffing is a type of brute-force ...
Continue Reading

New BEC Phishing Attack Steals Office 365 Credentials and Bypasses MFA

Leveraging Microsoft Exchange’s Basic Authentication support, scammers were able to use harvested online credentials and bypass any MFA in place, giving them access to mailboxes.
Continue Reading

Many Ways To Hack MFA

I have spent a lot of time thinking about how to hack multifactor authentication (MFA) solutions. I have done so my whole career, deploying dozens, if not hundreds, of MFA projects. Also, ...
Continue Reading

6 Advanced Email Phishing Attacks

No matter how good your policies and technical defenses are, some amount of phishing will get to your end users in a given month. They must be trained to recognize social engineering ...
Continue Reading

The Good, the Bad, and the Ugly About MFA

I have been in computer security for over 34 years now. Yeah, even I cannot believe how long it has been. I have been a penetration tester over 20 of those years and worked on dozens of ...
Continue Reading

[On-Demand Webinar] Hacking Multifactor Authentication: An IT Pro’s Lessons Learned After Testing 150 MFA Products

Multi-Factor Authentication (MFA) can be a highly effective way to safeguard your organization’s data, but that doesn’t mean it’s unhackable. And nobody knows that better than ...
Continue Reading

[HEADS UP] New Dutch Data Breach Report Warns of Explosive Increase in Cyber Attacks and Stolen Personal Data

The Dutch Data Protection Authority (AP) recently measured the number of reports of data theft in 2020 and the number of attacks skyrocketed. The report documented that it increased no ...
Continue Reading

How Can You Be More at Risk With MFA?

In my recent comment on the Solarwinds’ cyber attack, I made the claim that using multifactor authentication (MFA) can sometimes make you more at risk than using a simple login name and ...
Continue Reading

Solarwinds MFA Bypass Attack Pushes Limits

Excellent, long-time, tech reporter Dan Goodin reported in Ars Technica that the recent Solarwinds’ supply chain attack involved hackers bypassing a popular multi-factor authentication ...
Continue Reading

5 Tips For Consolidating Remote Work Tech Debt

In 2020, nearly every organisation embraced remote working to some extent or another. For some, the transition was smooth and easy, as they already had a mobile workforce and were largely ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews