Credential Stuffing in the Travel and Retail Sectors

The travel and retail sectors are the top targets for credential stuffing attacks, according to Auth0’s State of Secure Identity report. Credential stuffing is a type of brute-force ...
Continue Reading

New BEC Phishing Attack Steals Office 365 Credentials and Bypasses MFA

Leveraging Microsoft Exchange’s Basic Authentication support, scammers were able to use harvested online credentials and bypass any MFA in place, giving them access to mailboxes.
Continue Reading

Many Ways To Hack MFA

I have spent a lot of time thinking about how to hack multifactor authentication (MFA) solutions. I have done so my whole career, deploying dozens, if not hundreds, of MFA projects. Also, ...
Continue Reading

6 Advanced Email Phishing Attacks

No matter how good your policies and technical defenses are, some amount of phishing will get to your end users in a given month. They must be trained to recognize social engineering ...
Continue Reading

The Good, the Bad, and the Ugly About MFA

I have been in computer security for over 34 years now. Yeah, even I cannot believe how long it has been. I have been a penetration tester over 20 of those years and worked on dozens of ...
Continue Reading

[On-Demand Webinar] Hacking Multifactor Authentication: An IT Pro’s Lessons Learned After Testing 150 MFA Products

Multi-Factor Authentication (MFA) can be a highly effective way to safeguard your organization’s data, but that doesn’t mean it’s unhackable. And nobody knows that better than ...
Continue Reading

[HEADS UP] New Dutch Data Breach Report Warns of Explosive Increase in Cyber Attacks and Stolen Personal Data

The Dutch Data Protection Authority (AP) recently measured the number of reports of data theft in 2020 and the number of attacks skyrocketed. The report documented that it increased no ...
Continue Reading

How Can You Be More at Risk With MFA?

In my recent comment on the Solarwinds’ cyber attack, I made the claim that using multifactor authentication (MFA) can sometimes make you more at risk than using a simple login name and ...
Continue Reading

Solarwinds MFA Bypass Attack Pushes Limits

Excellent, long-time, tech reporter Dan Goodin reported in Ars Technica that the recent Solarwinds’ supply chain attack involved hackers bypassing a popular multi-factor authentication ...
Continue Reading

5 Tips For Consolidating Remote Work Tech Debt

In 2020, nearly every organisation embraced remote working to some extent or another. For some, the transition was smooth and easy, as they already had a mobile workforce and were largely ...
Continue Reading

Think Tanks Targeted by APT Actors

The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint advisory warning that nation-state advanced persistent threat (APT) actors are targeting US ...
Continue Reading

Credential-Stealing VPN Exploits

A hacker has published an exploit for a critical vulnerability in Fortinet VPN devices, along with a list of 49,577 vulnerable devices, BleepingComputer reports. Fortinet released a patch ...
Continue Reading

One-Third of Employees Say Their Company Has No Cybersecurity Measures in Place While Working from Home

At a time when organizations should be implementing additional security measure to ensure the logical perimeter of their network is protected, new research shows companies aren’t prepared.
Continue Reading

The Most Common Password Frustrations

We all know the well-worn adage to make our passwords long and complex. Sometimes trying to do so can be completely frustrating.
Continue Reading

6 Lessons I Learned from Hacking 130 MFA Solutions

I was fortunate enough to write Wiley’s Hacking Multifactor Authentication. It’s nearly 600-pages dedicated to showing attacks against various multi-factor authentication (MFA) solutions ...
Continue Reading

Unfortunate Learning Lessons from Clicking on a Suspicious Phishing Email

Israeli news source YNet released a story about a woman who clicked on a suspicious phishing link, was fired from her job, and was accused of fraud with a criminal indictment.
Continue Reading

Organizational Security Posture Effectiveness Declines by 38% Due to COVID

Remote workforces, insecure devices, a lack of multi-factor authentication, and a lack of user education all add up to a security nightmare for the average organization today.
Continue Reading

WARNING: Americans’ Password Habits are Horrible, Putting Organizations at Risk

New data shows the average American uses short, uncomplicated, and often predictable passwords, practices which only increase the insecurity of corporate user accounts.
Continue Reading

Researchers Discover Most Microsoft 365 Admins Don't Enable Multi-Factor Authentication

Researchers from CoreView recently discovered that 97% of all total Microsoft 365 users do not utilize multi-factor authentication (MFA). A staggering 78% of Microsoft 365 admins do not ...
Continue Reading

[NEW BOOK] Hacking Multi-Factor Authentication

I’m excited to announce the release of my 12th book, Hacking Multifactor Authentication.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews