Is Your Organization’s Password Complexity Requirement Strong Enough? Probably Not

Is your organization’s password complexity strong enough?

Less Than One-Third of Organizations Leverage Multiple Authentication Factors to Secure Their Environment

Demonstrating a complete lack of focus on the need for additional authentication factors, surprising new data highlights a material security gap that enables cybercrime.

Interest in Infostealer Malware Within Cyberattacks Spikes as MFA Fatigue Attacks Increase

New analysis of dark web forums shows an increase in discussions around the use of infostealer malware as part of both the first attack within a campaign or as part of an initial access ...

CISA Phishing Infographic Contains a Lot of Good Information

On December 8th, the Cybersecurity & Infrastructure Security Agency (CISA) released a great phishing infographic about data collected, lessons learned and recommendations learned from ...

MFA Fatigue Attacks

Researchers at Specops Software describe a technique attackers are using to bypass multi-factor authentication (MFA). In an article for BleepingComputer, the researchers explain that ...

Cookie-stealing Feature Added by Phishing-as-a-Service Provider To Bypass MFA

The Robin Banks phishing-as-a-service platform now has a feature to bypass multi-factor authentication by stealing login session cookies, according to researchers at IronNet. The phishing ...

Number Matching Push-Based MFA Is Only Half the Solution

When push-based multifactor authentication (MFA) first came out, I was a big fan. I promoted it as a strong and safe MFA option in my book, Hacking Multifactor Authentication. That was ...

Phishing Resistant MFA Does Not Mean Un-Phishable

Human societies have a bad habit of taking a specific, limited-in-scope fact and turning it into an overly broad generalization that gets incorrectly believed and perpetuated as if it ...

Do Not Use Easily Phishable MFA and That Is Most MFA!

Everyone should use multifactor authentication (MFA), where they can, to protect valuable information. Everyone!

So, Your MFA is Phishable, What To Do Next

We’ve written a lot about multi-factor authentication (MFA) not being the Holy Grail to prevent phishing attacks, including here: