Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

Number Matching Push-Based MFA Is Only Half the Solution

Nov 4, 2022 10:14:34 AM By Roger Grimes
When push-based multifactor authentication (MFA) first came out, I was a big fan. I promoted it as a strong and safe MFA option in my book, Hacking Multifactor Authentication. That was ...
Continue Reading

Phishing Resistant MFA Does Not Mean Un-Phishable

Nov 2, 2022 3:16:23 PM By Stu Sjouwerman
Human societies have a bad habit of taking a specific, limited-in-scope fact and turning it into an overly broad generalization that gets incorrectly believed and perpetuated as if it ...
Continue Reading

Do Not Use Easily Phishable MFA and That Is Most MFA!

Sep 21, 2022 9:25:43 AM By Roger Grimes
Everyone should use multifactor authentication (MFA), where they can, to protect valuable information. Everyone!
Continue Reading

So, Your MFA is Phishable, What To Do Next

Aug 31, 2022 9:54:49 AM By Roger Grimes
We’ve written a lot about multi-factor authentication (MFA) not being the Holy Grail to prevent phishing attacks, including here:
Continue Reading

New Multi-Factor Authentication Prompt “Bombing” Attacks Give Access to Laptops, VPNs, and More

Jul 19, 2022 8:16:07 AM By Stu Sjouwerman
While multi-factor authentication (MFA) significantly reduces an organization’s threat surface by making the stealing of credentials much harder, a new attack takes advantage of phone ...
Continue Reading

Hovering Over Links Will Protect You More Than MFA

Jul 14, 2022 3:57:18 PM By Roger Grimes
Microsoft Security recently released a report which detailed a widely successful phishing attack technique used against over 10,000 of its customers…a phishing attack that worked even if ...
Continue Reading

[On-Demand Webinar] Hacks That Bypass Multi-Factor Authentication and How to Make Your MFA Solution Phishing Resistant

Jul 13, 2022 1:17:58 PM By Stu Sjouwerman
The average person believes using Multi-Factor Authentication (MFA) makes them significantly less likely to be hacked. That is simply not true! Hackers can bypass 90-95% of MFA solutions ...
Continue Reading

Innovative Way to Bypass MFA Using Microsoft WebView2 Is Familiar Nevertheless

Jun 29, 2022 9:15:45 AM By Roger Grimes
An interesting way to bypass multi-factor authentication (MFA) was recently announced by Bleeping Computer. This particular attack method requires a potential victim to be tricked into ...
Continue Reading

What About Password Manager Risks?

Jun 9, 2022 10:13:18 AM By Roger Grimes
In KnowBe4’s new Password Policy ebook, What Your Password Policy Should Be, we recommend that all users use a password manager to create and use perfectly random passwords. A perfectly ...
Continue Reading

Microsoft is Leading the Way to a Password-Less Future

May 5, 2022 9:08:33 AM By Stu Sjouwerman
As we observe World Password Day to create awareness around the need for password security, Microsoft is looking for frictionless ways to eliminate passwords entirely.
Continue Reading

“Being Annoying” as a Social Engineering Approach

Apr 18, 2022 8:42:15 AM By Stu Sjouwerman
Attackers are spamming multifactor authentication (MFA) prompts in an attempt to irritate users into approving the login, Ars Technica reports. Both criminal and nation-state actors are ...
Continue Reading

Making Better Push-Based MFA

Mar 28, 2022 1:51:20 PM By Roger Grimes
I used to be a huge fan of Push-Based Multifactor Authentication (MFA), but real-world use has shown that most of today’s most popular implementations are not sufficiently protective ...
Continue Reading

Scammers Use a Mix of Stolen Credentials, Inbox Rules, and a Rogue Outlook Client Install to Phish Internal and External Victims

Feb 17, 2022 10:08:48 AM By Stu Sjouwerman
Organizations that are not using Microsoft’s multi-factor authentication are finding themselves victims of credential attacks that involve threat actors installing Outlook on a controlled ...
Continue Reading

The 4 Things You Should Be Doing Right Now To Best Improve Your Cybersecurity

Feb 3, 2022 3:28:15 PM By Roger Grimes
The key to really good cybersecurity is to concentrate on just 4 things. Master them first before you begin to try and do the other hundreds of things that everyone else is going to tell ...
Continue Reading

U.S. Government Says To Use Phishing-Resistant MFA

Oct 20, 2021 10:15:13 AM By Roger Grimes
The U.S. government has been pushing people to avoid SMS- and voice call-based multi-factor authentication (MFA) for years, but their most recent warning is to avoid any MFA that is ...
Continue Reading

Hackers rob thousands of Coinbase customers using phishing attacks and an MFA flaw

Oct 3, 2021 10:02:42 AM By Stu Sjouwerman
Bleepingcomputer was first to report: "Crypto exchange Coinbase disclosed that a threat actor stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company's ...
Continue Reading

Can the Microsoft 365 Platform Be Trusted to Stop Security Breaches?

Aug 18, 2021 2:00:29 PM By Stu Sjouwerman
Lax security policies, a lack of security measures and solutions in place, and an expectation that Microsoft will address any security issues is putting organizations at risk.
Continue Reading

Cyber Insurance Industry Wrongly Hedging Its Bets on MFA

Aug 10, 2021 8:53:19 AM By Stu Sjouwerman
Because of ransomware attacks, I have been covering the cybersecurity insurance industry for a few years, including here. I even have a whole chapter dedicated to cybersecurity insurance ...
Continue Reading

Credential Stuffing in the Travel and Retail Sectors

Jun 21, 2021 10:34:53 AM By Stu Sjouwerman
The travel and retail sectors are the top targets for credential stuffing attacks, according to Auth0’s State of Secure Identity report. Credential stuffing is a type of brute-force ...
Continue Reading

New BEC Phishing Attack Steals Office 365 Credentials and Bypasses MFA

Jun 15, 2021 2:01:41 PM By Stu Sjouwerman
Leveraging Microsoft Exchange’s Basic Authentication support, scammers were able to use harvested online credentials and bypass any MFA in place, giving them access to mailboxes.
Continue Reading
Subscribe

Search Our Blog


Comprehensive Anti-Phishing Guide

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews