New analysis of dark web forums shows an increase in discussions around the use of infostealer malware as part of both the first attack within a campaign or as part of an initial access ...
On December 8th, the Cybersecurity & Infrastructure Security Agency (CISA) released a great phishing infographic about data collected, lessons learned and recommendations learned from ...
Researchers at Specops Software describe a technique attackers are using to bypass multi-factor authentication (MFA). In an article for BleepingComputer, the researchers explain that ...
The Robin Banks phishing-as-a-service platform now has a feature to bypass multi-factor authentication by stealing login session cookies, according to researchers at IronNet. The phishing ...
When push-based multifactor authentication (MFA) first came out, I was a big fan. I promoted it as a strong and safe MFA option in my book, Hacking Multifactor Authentication. That was ...
Human societies have a bad habit of taking a specific, limited-in-scope fact and turning it into an overly broad generalization that gets incorrectly believed and perpetuated as if it ...
Everyone should use multifactor authentication (MFA), where they can, to protect valuable information. Everyone!
We’ve written a lot about multi-factor authentication (MFA) not being the Holy Grail to prevent phishing attacks, including here:
While multi-factor authentication (MFA) significantly reduces an organization’s threat surface by making the stealing of credentials much harder, a new attack takes advantage of phone ...
Microsoft Security recently released a report which detailed a widely successful phishing attack technique used against over 10,000 of its customers…a phishing attack that worked even if ...
