Data Breach Today

MARCH 27, 2024

Phishing-as-a-Service Platform Lets Hackers Impersonate More Than 1,100 Domains A phishing-as-a-service platform that allows cybercriminals to impersonate more than 1,100 domains has over the past half year become one of the most widespread adversary-in-the-middle platforms.

Phishing 300

Phishing Authentication 300

Data Breach Today

AUGUST 26, 2022

Subject X' Suspected in Theft of Nearly 10,000 credentials at 130 Organizations An ongoing phishing campaign has compromised Twilio, Mailchimp and about 130 other organizations by using a lookalike Okta login page to trick employees into divulging their password and multi-factor authentication code.

Phishing 246

Phishing Authentication Passwords 246

Data Breach Today

MAY 20, 2020

Researchers: Campaign Designed to Steal Users' Credentials, Launch Other Attacks A recent phishing campaign bypassed multifactor authentication protections within Microsoft Office 365 to steal users' credentials stored in the cloud or launch other attacks, according to the security firm Cofense.

Phishing 345

Phishing Authentication Cloud Security 345

Data Breach Today

AUGUST 25, 2022

Subject X' Suspected in Theft of Nearly 10,000 credentials at 130 Organizations An ongoing phishing campaign has compromised Cisco, Twilio and about 130 other organizations by using a lookalike Okta login page to trick employees into divulging their password and multi-factor authentication code.

Phishing 239

Phishing Authentication Passwords 239

Data Breach Today

JANUARY 27, 2023

FIDO Alliance's Hulka on Why Customers and Providers Like Payment Confirmation Payment regulations in Europe have forced retailers to implement strong authentication that's phishing-resistant and facilitates more customer understanding, says FIDO Alliance's Christina Hulka.

Authentication 130

Authentication Retail Phishing 130

Data Breach Today

AUGUST 3, 2021

Emails Contain Legitimate Links That Lead to Authentic PayPal Site In a new phishing scam that leverages the PayPal brand, attackers are using automated scripts and live chat as a way of compromising devices and bypassing secure email gateways.

Phishing 261

Phishing Authentication Security 261

Krebs on Security

AUGUST 17, 2023

You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The INTERPOL statement says the platform sold hacking tools to compromise more than 70,000 users in 43 countries.

Phishing 187

Phishing Passwords Insurance Sales 187

Security Affairs

APRIL 18, 2024

An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost. An international law enforcement operation, codenamed Nebulae and coordinated by Europol, led to the disruption of LabHost, which is one of the world’s largest phishing-as-a-service platforms.

Phishing 97

Phishing Passwords Authentication IT 97

Dark Reading

NOVEMBER 7, 2022

Microsoft added certificate-based authentication (CBA) to the Azure Active Directory to help organizations enable phishing-resistant MFA that complies with US federal requirements. The change paves the way for enterprises to migrate their Active Directory implementations to the cloud.

Authentication 69

Authentication Phishing Cloud 69

Data Breach Today

JANUARY 11, 2024

All Organizations That Use X Should Review Their Two-Factor Authentication Settings Google Cloud's Mandiant says its account at X, formerly Twitter, was hijacked and used to link to cryptocurrency phishing pages after an attacker guessed the account password, apparently after Twitter last year deactivated the account's SMS-based two-factor authentication, (..)

Authentication 297

Authentication Phishing Passwords Cloud 297

Dark Reading

JULY 13, 2022

The massive phishing campaign does not exploit a vulnerability in MFA. Instead, it spoofs an Office 365 authentication page to steal credentials.

Authentication 90

Authentication Phishing IT 90

The Last Watchdog

DECEMBER 6, 2021

This traditional authentication method is challenging to get rid of, mostly because it’s so common. And for businesses, transitioning to new authentication solutions can be expensive and time-consuming. It supports standards that make implementing newer, stronger authentication methods possible for businesses.

Authentication 251

Authentication Passwords Cloud Phishing 251

Data Breach Today

OCTOBER 14, 2022

Stopping Cyberattacks by Moving Away From Password-Based Authentication The January memorandum from President Biden’s Office of Management and Budget calls for adopting multifactor authentication that includes the verification of device-based security controls, continuous monitoring, and authentication and mandates a switch to phishing-resistant MFA (..)

Phishing 130

Phishing Government Authentication Passwords 130

Schneier on Security

AUGUST 25, 2022

Here’s a phishing campaign that uses a man-in-the-middle attack to defeat multi-factor authentication: Microsoft observed a campaign that inserted an attacker-controlled proxy site between the account users and the work server they attempted to log into.

Phishing 123

Phishing Authentication Passwords IT 123

Krebs on Security

FEBRUARY 8, 2021

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin , a software package used to administer what’s being called “one of the world’s largest phishing services.” The U-Admin phishing panel interface. Image: fr3d.hk/blog. ” U-Admin, a.k.a.

Phishing 262

Phishing Authentication Archiving Cybersecurity 262

KnowBe4

SEPTEMBER 6, 2023

I frequently write about authentication, including PKI, multi-factor authentication (MFA), password managers, FIDO, Open Authentication, and biometrics. I have written dozens of articles on LinkedIn and have presented during many KnowBe4 webinars about different authentication subjects.

Authentication 116

Authentication Passwords Security Phishing 116

Data Breach Today

NOVEMBER 5, 2022

Robin Banks Now Offers a New Cookie-Stealing Feature Cybercrime syndicate Robin Banks is back with a new cookie-stealing feature that cybercriminals can purchase as an add-on to the phishing kit in order to bypass multi-factor authentication in attacks and to attract more sophisticated, persistent actors set on compromising specific targets.

Phishing 144

Phishing Authentication 144

Data Breach Today

NOVEMBER 29, 2023

Beware Phishing and Social Engineering Attacks Targeting Passwords, Vendor Warns Identity and authentication giant Okta said the attacker behind its September data breach stole usernames and contact details for all users of its primary customer support system, and warned customers to beware potential follow-on phishing and social engineering attacks. (..)

Phishing 257

Phishing Data breaches Authentication Passwords 257

KnowBe4

JULY 13, 2022

The average person believes using Multi-Factor Authentication (MFA) makes them significantly less likely to be hacked. Using a regular looking phishing email, they can bypass MFA just as easily as if it were a simple password. That is simply not true! Hackers can bypass 90-95% of MFA solutions much easier than you would think.

Authentication 86

Authentication Phishing Passwords IT 86

Security Affairs

MARCH 14, 2023

Microsoft warns of large-scale phishing attacks orchestrated with an open-source adversary-in-the-middle (AiTM) phishing kit available in the cybercrime ecosystem Adversary-in-the-middle (AiTM) phishing kits are becoming an essential technology in the cybercrime ecosystem that is used by multiple threat actors to launch phishing attacks.

Phishing 78

Phishing Authentication Sales Passwords 78

Security Affairs

JULY 12, 2022

A large-scale phishing campaign used adversary-in-the-middle (AiTM) phishing sites to hit more than 10,000 organizations. In AiTM phishing, threat actors set up a proxy server between a target user and the website the user wishes to visit, which is the phishing site under the control of the attackers.

Phishing 130

Phishing Authentication Passwords Access 130

Thales Cloud Protection & Licensing

JANUARY 20, 2022

How to activate multifactor authentication everywhere. The impact of not having multifactor authentication (MFA) activated for all users is now well known by enterprises. Verizon’s Data Breach Investigation 2021 Report indicates that over 80% of breaches evolve phishing, brute force or the use of lost or stolen credentials.

Authentication 143

Authentication Data breaches Access Retail 143

KnowBe4

SEPTEMBER 23, 2022

GitHub has issued an alert warning of a phishing campaign targeting users by impersonating the popular DevOps tool CircleCI, BleepingComputer reports. The phishing emails inform users that they’ll need to click on a link and log into their GitHub account in order to review CircleCI’s new terms of service.

Phishing 109

Phishing Authentication Passwords 109

eSecurity Planet

AUGUST 23, 2023

Spear phishing is a more targeted and effective phishing technique that attempts to exploit specific individuals or groups within an organization. While phishing uses a broader range of tactics, such as mass emailing to random recipients, spear phishing is often well-researched and tailored to high-value targets.

Phishing 97

Phishing Authentication Security awareness Passwords 97

KnowBe4

SEPTEMBER 12, 2023

The W3LL store is selling advanced phishing kits – a golden ticket for hacking Microsoft 365 accounts -- that can bypass multi-factor authentication (MFA) no less.

Phishing 121

Phishing Sales Authentication 121

KnowBe4

SEPTEMBER 25, 2023

ZeroFox warns that phishing-as-a-service (PhaaS) offerings are increasingly including features to bypass multi-factor authentication.

Phishing 105

Phishing Authentication Security awareness Cybersecurity 105

Data Breach Today

AUGUST 10, 2023

Phishing Kit Primarily Used in Attacks Against Employees of Fortune 500 Companies Threat actors are taking control of cloud-based Microsoft 365 accounts of C-suite executives using a multi-factor authentication phishing tool.

Phishing 238

Phishing Authentication Cloud 238

The Last Watchdog

NOVEMBER 29, 2022

A new development in phishing is the “nag attack.” The nag might be a spoofed multifactor authentication push or system error alert – a notification message that annoying repeats on a seemingly infinite loop. Nag attacks add to the litany of phishing techniques. Spear phishing. Related: Thwarting email attacks.

Phishing 214

Phishing Authentication Ransomware Marketing 214

Security Affairs

OCTOBER 12, 2023

This post analyzed the numerous phishing campaigns targeting users and organizations in Italy. Phishing is a ploy to trick users into revealing personal or financial information through an e-mail, Web site, and even through instant messaging. Phishing can also be used as a precursor attack to drop malware. Just to name a few.

Phishing 115

Phishing Education Passwords Information Security 115

Data Breach Today

AUGUST 11, 2023

Phishing Kit Primarily Used in Attacks Against Employees of Fortune 500 Companies Threat actors are taking control of cloud-based Microsoft 365 accounts of C-suite executives using a multi-factor authentication phishing tool.

Phishing 233

Phishing Authentication Cloud 233

Data Breach Today

SEPTEMBER 26, 2023

Director Jen Easterly: Password Managers, Automatic Software Updates Key to Defense CISA Director Jen Easterly urged citizens to boost their defenses by choosing strong passwords, opting for multi-factor authentication, reporting phishing and enabling automatic software updates.

Passwords 292

Passwords Phishing Authentication 292

eSecurity Planet

AUGUST 19, 2022

One new tactic hackers have been using is to steal cookies from current or recent web sessions to bypass multi-factor authentication (MFA). Even cloud infrastructures rely on cookies to authenticate their users. Browsers allow users to maintain authentication, remember passwords and autofill forms. How Hackers Steal Cookies.

Authentication 142

Authentication Passwords Encryption Cybersecurity 142

Security Affairs

OCTOBER 4, 2023

Threat actors exploited an open redirection vulnerability in the job search platform Indeed to carry out phishing attacks. Researchers from the cybersecurity firm Menlo Security reported that threat actors exploited an open redirection vulnerability in the job search platform Indeed in phishing attacks. ” continues the report.

Phishing 114

Phishing Insurance Manufacturing Authentication 114

Thales Cloud Protection & Licensing

OCTOBER 4, 2022

Cybersecurity Awareness Month: Resilient Multi-factor Authentication (MFA) and Strong Passwords. Recognize and report phishing. Resilient multi-factor authentication and strong passwords are critical. Tue, 10/04/2022 - 05:20. So in 2004, the President of the United States designated October as Cybersecurity Awareness Month.

Authentication 127

Authentication Passwords Cybersecurity Personal data 127

Krebs on Security

JUNE 28, 2019

says it will soon force all Cloud Solution Providers (CSPs) that help companies manage their Office365 accounts to use multi-factor authentication. The move comes amid a noticeable uptick in phishing and malware attacks targeting CSP employees and contractors. As it happened, the PCM employee was not using multi-factor authentication.

Authentication 220

Authentication Cloud Data breaches Access 220

Krebs on Security

JANUARY 7, 2020

Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password. The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service.

Passwords 234

Passwords Phishing Authentication Access 234

Security Affairs

SEPTEMBER 15, 2021

Microsoft announced that users can access their consumer accounts without providing passwords and using more secure authentication methods. SecurityAffairs – hacking, passwordless authentication). The post Microsoft announces passwordless authentication for consumer accounts appeared first on Security Affairs.

Authentication 98

Authentication Passwords Phishing Compliance 98