Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
17 résultats taggé MFA  ✕
Cookie-Bite: How Your Digital Crumbs Let Threat Actors Bypass MFA and Maintain Access to Cloud Environments https://www.varonis.com/blog/cookie-bite
23/04/2025 09:39:55
QRCode
archive.org
thumbnail

Silent and undetectable initial access is the cornerstone of a cyberattack. MFA is there to stop unauthorized access, but attackers are constantly evolving.

varonis EN 2025 Technique Cookie-Bite Bypass MFA infostealer
Hackers spoof Microsoft ADFS login pages to steal credentials https://www.bleepingcomputer.com/news/security/hackers-spoof-microsoft-adfs-login-pages-to-steal-credentials/
05/02/2025 19:57:15
QRCode
archive.org
thumbnail

A help desk phishing campaign targets an organization's Microsoft Active Directory Federation Services (ADFS) using spoofed login pages to steal credentials and bypass multi-factor authentication (MFA) protections.
#ADFS #Account #Computer #InfoSec #Lateral #MFA #Microsoft #Notification #Phishing #Push #Security #Takeover

Computer MFA Phishing Microsoft InfoSec Account Lateral ADFS Takeover Notification Security Push
Oasis Security Research Team Discovers Microsoft Azure MFA Bypass https://oasis.security/resources/blog/oasis-security-research-team-discovers-microsoft-azure-mfa-bypass
14/12/2024 10:30:01
QRCode
archive.org
thumbnail

Oasis Security's research team uncovered a critical vulnerability in Microsoft's Multi-Factor Authentication (MFA) implementation, allowing attackers to bypass it and gain unauthorized access to the user’s account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more. Microsoft has more than 400 million paid Office 365 seats, making the consequences of this vulnerability far-reaching.

The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the account holder with any indication of trouble.

oasis.security EN 2024 research MFA Microsoft MFA-bypass
Owners of 1-Time Passcode Theft Service Plead Guilty https://krebsonsecurity.com/2024/09/owners-of-1-time-passcode-theft-service-plead-guilty/
03/09/2024 08:31:47
QRCode
archive.org

Three men in the United Kingdom have pleaded guilty to operating otp[.]agency, a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords. Launched in…

krebsonsecurity EN 2024 UK OTP Multi-Factor-Authentication One-time-Password OTP OTP.Agency MFA
Admins of MFA bypass service plead guilty to fraud https://www.bleepingcomputer.com/news/legal/admins-of-mfa-bypass-service-plead-guilty-to-fraud/
03/09/2024 08:28:47
QRCode
archive.org
thumbnail

Three men have pleaded guilty to running OTP.Agency, an online platform that provided social engineering help to obtain one-time passcodes from customers of various banks and services in the U.K.

bleepingcomputer EN 2024 Cybercrime Legal Multi-Factor-Authentication One-time-Password OTP OTP.Agency MFA
Microsoft will require MFA for all Azure users https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/microsoft-will-require-mfa-for-all-azure-users/ba-p/4140391?ref=news.risky.biz
18/05/2024 22:55:24
QRCode
archive.org
thumbnail

Multi-factor authentication makes you, your company and your cloud investments safer

microsoft EN 2024 announce announcement MFA Azure Multi-factor authentication
Community Alert: Ongoing Malicious Campaign Impacting Azure Cloud Environments https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
13/02/2024 09:20:32
QRCode
archive.org
thumbnail

Over the past weeks, Proofpoint researchers have been monitoring an ongoing cloud account takeover campaign impacting dozens of Microsoft Azure environments and compromising hundreds of user accoun...

proofpoint EN 2024 Microsoft Azure Campaign compromise cloud-security phishing MFA
Steam Adds Security Layer for Devs After Some Had Their Accounts Compromised and Malware Was Injected in Games https://wccftech.com/steam-adds-security-layer-for-devs-after-some-had-their-accounts-compromised-and-malware-was-injected-in-games
12/10/2023 18:23:12
QRCode
archive.org
thumbnail

Valve has added a new security layer for developers who publish their games on Steam after a few had their accounts hacked.

wccftech EN 2023 Valve MFA developers Steam hacked
When MFA isn't actually MFA https://retool.com/blog/mfa-isnt-mfa/
16/09/2023 12:22:57
QRCode
archive.org
thumbnail

Due to a recent Google change, MFA isn't truly MFA.

retool EN 2023 incident retool MFA SMS-based phishing attack GoogleAuthenticator
How Google Authenticator made one company’s network breach much, much worse https://arstechnica.com/security/2023/09/how-google-authenticator-gave-attackers-one-companys-keys-to-the-kingdom
16/09/2023 12:21:15
QRCode
archive.org
thumbnail

Google's app for generating MFA codes syncs to user accounts by default. Who knew?

arstechnica EN 2023 MFA GoogleAuthenticator
Okta customers targeted in social engineering scam https://www.scmagazine.com/news/okta-customers-targeted-in-social-engineering-scam
06/09/2023 14:23:10
QRCode
archive.org
thumbnail

Help desk staff duped into resetting MFA on Okta super admin accounts, allowing threat actors to move laterally across targeted organizations.

scmagazine EN 2023 Okta phishing MFA scam
Bitwarden password vaults targeted in Google ads phishing attack https://www.bleepingcomputer.com/news/security/bitwarden-password-vaults-targeted-in-google-ads-phishing-attack/
08/02/2023 17:03:24
QRCode
archive.org
thumbnail

Bitwarden and other password managers are being targeted in Google ads phishing campaigns to steal users' password vault credentials.

bleepingcomputer EN 2023 1Password Bitwarden GoogleAds googleads MFA Multi-Factor-Authentication Password-Manager Passwords Phishing
EvilProxy Phishing-as-a-Service with MFA Bypass Emerged in Dark Web https://resecurity.com/blog/article/evilproxy-phishing-as-a-service-with-mfa-bypass-emerged-in-dark-web
05/09/2022 14:06:10
QRCode
archive.org

Following the recent Twilio hack leading to the leakage of 2FA (OTP) codes, cybercriminals continue to upgrade their attack arsenal to orchestrate advanced phishing campaigns targeting users worldwide. Resecurity has recently identified a new Phishing-as-a-Service (PhaaS) called EvilProxy advertised in the Dark Web. On some sources the alternative name is Moloch, which has some connection to a phishing-kit developed by several notable underground actors who targeted the financial institutions and e-commerce sector before.

Resecurity EN 2022 EvilProxy Phishing-as-a-Service MFA Bypass 2FA
From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/
17/07/2022 21:33:46
QRCode
archive.org
thumbnail

A large-scale phishing campaign that attempted to target over 10,000 organizations since September 2021 used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user’s sign-in session, and skip the authentication process, even if the user had enabled multifactor authentication (MFA).

microsoft EN 2022 phishing MFA AiTM hijack session
Ongoing phishing campaign can hack you even when you’re protected with MFA https://arstechnica.com/information-technology/2022/07/microsoft-details-phishing-campaign-that-can-hijack-mfa-protected-accounts/
17/07/2022 21:30:40
QRCode
archive.org
thumbnail

Campaign that steals email has targeted at least 10,000 organizations since September.

arstechnica EN 2022 phishing microsoft MFA campaign
Multi-factor Authentication to Generate $27 Billion Globally for Mobile Operators in 2022, Juniper Research Study Finds https://www.businesswire.com/news/home/20220509005459/en/Juniper-Research-Multi-factor-Authentication-to-Generate-27-Billion-Globally-for-Mobile-Operators-in-2022-Juniper-Research-Study-Finds
17/05/2022 09:49:11
QRCode
archive.org
thumbnail

A new study by Juniper Research has found operators will generate $27 billion from the termination of SMS messages related to multi-factor authentication in 2022; an increase from $25 billion in 2021. The research predicts this 5% growth will be driven by increased pressure on digital service providers to offer secure authentication that reduces risk of data breaches and protects user identity. Multi-factor authentication combines multiple credentials to verify a user or transaction. This includes sending an SMS that contains a one‑time password or code to a user’s unique phone number.

businesswire Juniper EN 2022 Multi-factor MFA SMS Research Study Authentication Mobile
Lapsus$ and SolarWinds hackers both use the same old trick to bypass MFA https://arstechnica.com/information-technology/2022/03/lapsus-and-solar-winds-hackers-both-use-the-same-old-trick-to-bypass-mfa/
29/03/2022 09:10:49
QRCode
archive.org
thumbnail

Not all MFA is created equal, as script kiddies and elite hackers have shown recently.

arstechnica 2022 EN MFA prompt-bombing
4507 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio