So, Your MFA is Phishable, What To Do Next
We’ve written a lot about multi-factor authentication (MFA) not being the Holy Grail to prevent phishing attacks, including here:
Cancel
We’ve written a lot about multi-factor authentication (MFA) not being the Holy Grail to prevent phishing attacks, including here:
While multi-factor authentication (MFA) significantly reduces an organization’s threat surface by making the stealing of credentials much harder, a new attack takes advantage of phone ...
Microsoft Security recently released a report which detailed a widely successful phishing attack technique used against over 10,000 of its customers…a phishing attack that worked even if ...
The average person believes using Multi-Factor Authentication (MFA) makes them significantly less likely to be hacked. That is simply not true! Hackers can bypass 90-95% of MFA solutions ...
An interesting way to bypass multi-factor authentication (MFA) was recently announced by Bleeping Computer. This particular attack method requires a potential victim to be tricked into ...
In KnowBe4’s new Password Policy ebook, What Your Password Policy Should Be, we recommend that all users use a password manager to create and use perfectly random passwords. A perfectly ...
As we observe World Password Day to create awareness around the need for password security, Microsoft is looking for frictionless ways to eliminate passwords entirely.
Attackers are spamming multifactor authentication (MFA) prompts in an attempt to irritate users into approving the login, Ars Technica reports. Both criminal and nation-state actors are ...
I used to be a huge fan of Push-Based Multifactor Authentication (MFA), but real-world use has shown that most of today’s most popular implementations are not sufficiently protective ...
Organizations that are not using Microsoft’s multi-factor authentication are finding themselves victims of credential attacks that involve threat actors installing Outlook on a controlled ...
The key to really good cybersecurity is to concentrate on just 4 things. Master them first before you begin to try and do the other hundreds of things that everyone else is going to tell ...
The U.S. government has been pushing people to avoid SMS- and voice call-based multi-factor authentication (MFA) for years, but their most recent warning is to avoid any MFA that is ...
Bleepingcomputer was first to report: "Crypto exchange Coinbase disclosed that a threat actor stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company's ...
Lax security policies, a lack of security measures and solutions in place, and an expectation that Microsoft will address any security issues is putting organizations at risk.
Because of ransomware attacks, I have been covering the cybersecurity insurance industry for a few years, including here. I even have a whole chapter dedicated to cybersecurity insurance ...
The travel and retail sectors are the top targets for credential stuffing attacks, according to Auth0’s State of Secure Identity report. Credential stuffing is a type of brute-force ...
Leveraging Microsoft Exchange’s Basic Authentication support, scammers were able to use harvested online credentials and bypass any MFA in place, giving them access to mailboxes.
I have spent a lot of time thinking about how to hack multifactor authentication (MFA) solutions. I have done so my whole career, deploying dozens, if not hundreds, of MFA projects. Also, ...
No matter how good your policies and technical defenses are, some amount of phishing will get to your end users in a given month. They must be trained to recognize social engineering ...
I have been in computer security for over 34 years now. Yeah, even I cannot believe how long it has been. I have been a penetration tester over 20 of those years and worked on dozens of ...
