U.S. Government Says To Use Phishing-Resistant MFA

The U.S. government has been pushing people to avoid SMS- and voice call-based multi-factor authentication (MFA) for years, but their most recent warning is to avoid any MFA that is ...

Hackers rob thousands of Coinbase customers using phishing attacks and an MFA flaw

Bleepingcomputer was first to report: "Crypto exchange Coinbase disclosed that a threat actor stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company's ...

Can the Microsoft 365 Platform Be Trusted to Stop Security Breaches?

Lax security policies, a lack of security measures and solutions in place, and an expectation that Microsoft will address any security issues is putting organizations at risk.

Cyber Insurance Industry Wrongly Hedging Its Bets on MFA

Because of ransomware attacks, I have been covering the cybersecurity insurance industry for a few years, including here. I even have a whole chapter dedicated to cybersecurity insurance ...

Credential Stuffing in the Travel and Retail Sectors

The travel and retail sectors are the top targets for credential stuffing attacks, according to Auth0’s State of Secure Identity report. Credential stuffing is a type of brute-force ...

New BEC Phishing Attack Steals Office 365 Credentials and Bypasses MFA

Leveraging Microsoft Exchange’s Basic Authentication support, scammers were able to use harvested online credentials and bypass any MFA in place, giving them access to mailboxes.

Many Ways To Hack MFA

I have spent a lot of time thinking about how to hack multifactor authentication (MFA) solutions. I have done so my whole career, deploying dozens, if not hundreds, of MFA projects. Also, ...

6 Advanced Email Phishing Attacks

No matter how good your policies and technical defenses are, some amount of phishing will get to your end users in a given month. They must be trained to recognize social engineering ...

The Good, the Bad, and the Ugly About MFA

I have been in computer security for over 34 years now. Yeah, even I cannot believe how long it has been. I have been a penetration tester over 20 of those years and worked on dozens of ...

[On-Demand Webinar] Hacking Multifactor Authentication: An IT Pro’s Lessons Learned After Testing 150 MFA Products

Multi-Factor Authentication (MFA) can be a highly effective way to safeguard your organization’s data, but that doesn’t mean it’s unhackable. And nobody knows that better than ...