Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now
Sep 7, 2023 8:44:27 AM By Stu Sjouwerman

Scary New IT Admin Attack Exposes Your MFA Weakness

Identity and authentication management provider Okta has warned of social engineering attacks that are targeting IT workers in an attempt to gain administrative privileges within ...

Sep 6, 2023 8:53:21 AM By Roger Grimes

How Secure Is Your Authentication Method?

I frequently write about authentication, including PKI, multi-factor authentication (MFA), password managers, FIDO, Open Authentication, and biometrics. I have written dozens of articles ...

Sep 1, 2023 10:21:34 AM By Stu Sjouwerman

New Adversary in the Middle Platform Circumvents MFA Protections “At Scale”

As Phishing as a Service (PhaaS) kits continue to evolve, news like recent attacks using the Greatness toolkit demonstrate how easy it is for novice attackers to access accounts despite ...

Aug 30, 2023 9:12:55 AM By Stu Sjouwerman

Quishing: QR Codes as Phishbait

Researchers at Trustwave are tracking an increase in the use of QR codes to spread phishing links.

Aug 9, 2023 1:55:27 PM By Stu Sjouwerman

Wordfence Becomes the Latest Brand to be Impersonated Putting 800 Million Sites at Risk

With its wide use and trusted state among Wordpress developers and website admins, a new campaign impersonating the website security brand could put hundreds of millions of websites at ...

Aug 8, 2023 10:10:03 AM By Stu Sjouwerman

Most Organizations Using Weak Multifactor Authentication

Most organizations are still using weak forms of multi-factor authentication (MFA), a survey by Nok Nok has found. These forms of MFA can be bypassed if an employee falls for a social ...

Aug 6, 2023 10:22:10 AM By Stu Sjouwerman

Russian Hackers Breached Government Agencies' MFA Using Microsoft Teams: Is Your Business Next?

Microsoft's recent blog post raised eyebrows through the cybersecurity community. State-backed hackers linked to Russia, known as APT29 or Cozy Bear, have executed “highly targeted” ...

May 7, 2023 11:57:55 AM By Stu Sjouwerman

[Eye Opener] HTML Phishing Attacks Surge by 100% in 12 Months

The Cyberwire reported: "Barracuda released a study this morning indicating that HTML attacks have doubled since last year.

Feb 17, 2023 9:31:39 AM By Roger Grimes

Will AI and Deepfakes Weaken Biometric MFA

You should use phishing-resistant multi-factor authentication (MFA) when you can to protect valuable data and systems. But most biometrics and MFA are not as strong as touted and much of ...

Feb 6, 2023 2:00:39 PM By Martin Kraemer

A Close Call – PayPal Scam Warning

On Sunday, I received an urgent message from a friend. PayPal had sent him an email saying that a co-worker had sent him money. This was not unexpected, as he was collecting contributions ...

Jan 17, 2023 8:15:27 AM By Roger Grimes

Is Your Organization’s Password Complexity Requirement Strong Enough? Probably Not

Is your organization’s password complexity strong enough?

Dec 16, 2022 8:15:35 AM By Stu Sjouwerman

Less Than One-Third of Organizations Leverage Multiple Authentication Factors to Secure Their Environment

Demonstrating a complete lack of focus on the need for additional authentication factors, surprising new data highlights a material security gap that enables cybercrime.

Dec 14, 2022 2:02:41 PM By Stu Sjouwerman

Interest in Infostealer Malware Within Cyberattacks Spikes as MFA Fatigue Attacks Increase

New analysis of dark web forums shows an increase in discussions around the use of infostealer malware as part of both the first attack within a campaign or as part of an initial access ...

Dec 13, 2022 8:54:06 AM By Roger Grimes

CISA Phishing Infographic Contains a Lot of Good Information

On December 8th, the Cybersecurity & Infrastructure Security Agency (CISA) released a great phishing infographic about data collected, lessons learned and recommendations learned from ...

Nov 21, 2022 4:00:55 PM By Stu Sjouwerman

MFA Fatigue Attacks

Researchers at Specops Software describe a technique attackers are using to bypass multi-factor authentication (MFA). In an article for BleepingComputer, the researchers explain that ...

Nov 9, 2022 8:50:47 AM By Stu Sjouwerman

Cookie-stealing Feature Added by Phishing-as-a-Service Provider To Bypass MFA

The Robin Banks phishing-as-a-service platform now has a feature to bypass multi-factor authentication by stealing login session cookies, according to researchers at IronNet. The phishing ...

Nov 4, 2022 10:14:34 AM By Roger Grimes

Number Matching Push-Based MFA Is Only Half the Solution

When push-based multifactor authentication (MFA) first came out, I was a big fan. I promoted it as a strong and safe MFA option in my book, Hacking Multifactor Authentication. That was ...

Nov 2, 2022 3:16:23 PM By Stu Sjouwerman

Phishing Resistant MFA Does Not Mean Un-Phishable

Human societies have a bad habit of taking a specific, limited-in-scope fact and turning it into an overly broad generalization that gets incorrectly believed and perpetuated as if it ...

Sep 21, 2022 9:25:43 AM By Roger Grimes

Do Not Use Easily Phishable MFA and That Is Most MFA!

Everyone should use multifactor authentication (MFA), where they can, to protect valuable information. Everyone!

Aug 31, 2022 9:54:49 AM By Roger Grimes

So, Your MFA is Phishable, What To Do Next

We’ve written a lot about multi-factor authentication (MFA) not being the Holy Grail to prevent phishing attacks, including here:

Subscribe

Search Our Blog


New call-to-action

Subscribe To Our Blog

Posts By Topic

View all

Get the latest insights, trends and security news. Subscribe to CyberheistNews.