< ciso
brief />
Tag Banner

All news with #mfa tag

122 articles · page 2 of 7

CloudZ RAT Abuses Microsoft Phone Link to Steal OTPs

🔐 A new CloudZ remote access tool (RAT) variant deploys a previously unseen plugin named Pheno that hijacks Microsoft Phone Link on Windows 10 and 11 to extract SMS messages and one‑time passwords from the application’s local SQLite database. Cisco Talos says the intrusion has been active since at least January and can intercept OTPs mirrored to the desktop without compromising the mobile device. The infection chain begins with a fake ScreenConnect update that drops a Rust loader and a .NET loader which installs CloudZ, establishes persistence via a scheduled task, and performs anti-analysis checks.
read more →

Human-centric Failures: Why BEC Survives Despite MFA

🔒 Multi-factor authentication reduces credential risk but does not stop many business email compromise (BEC) attacks, because adversaries target human decision points and process gaps rather than accounts. High-profile cases — Toyota Boshoku (2019, ≈$30M) and Arup (2024, ≈$25M) — show attackers using cloned messages and deepfakes without stealing credentials. Organizations should redesign approval workflows, require out-of-band verification for high-risk requests, run realistic BEC simulations, embed micro-learning, introduce purposeful friction and assign clear ownership of payment verification to close operational blind spots.
read more →

Phishing and MFA Exploitation: Targeting Trust in Workflows

🔐 In 2025 attackers increased focus on weaknesses in multi-factor authentication (MFA) and the trust inherent in everyday workflows, with phishing used for initial access in 40% of incidents. Cascaded phishing leveraged compromised, legitimate accounts to craft highly convincing lures, while abuse of Microsoft 365 Direct Send enabled internal-looking spoofed messages. MFA spray attacks and device compromise—driven by voice phishing against administrators—targeted IAM tools and high-turnover device ecosystems, with higher education notably impacted. Defenders should harden device management, enforce strong lockout and conditional access policies, and adopt email protections such as Reject Direct Send and tightened SPF/DMARC.
read more →

Beware Fake Data Breach Notifications: Spot and Avoid Scams

🔔 As data breach notices become common, fraudsters increasingly send fake alerts or piggyback on real incidents to trick recipients into clicking malicious links or divulging credentials. These scams often demand immediate action, use spoofed sender addresses, and lack personal account details. Verify any notice by logging into the real account or contacting the organization through trusted channels, and reduce exposure with a password manager and MFA.
read more →

Five Ways Zero Trust Strengthens Identity Security

🔐 This sponsored article from Specops Software explains five practical ways Zero Trust reduces identity-related risk by centering access controls on verified identities and device posture. It emphasizes least privilege, continuous context-aware authentication tied to device health, and strict segmentation to limit lateral movement. The piece spotlights Specops Device Trust as an example of binding identity to compliant devices and recommends prioritizing phishing-resistant MFA and device checks when starting a Zero Trust rollout.
read more →

Protecting Privacy and Security in Smart Sex-Toy Apps

🔒 This article explains privacy and security risks associated with smart sex‑toy apps and companion services, focusing on realistic threats such as data collection, account compromise, and server-side access rather than rare remote device takeovers. It outlines practical mitigations — create anonymous accounts, avoid social logins, limit app permissions, use a strong unique password with two‑factor authentication, and keep software updated. The guidance emphasizes minimizing shared personal data and avoiding identifiable media to reduce risks like stalking, blackmail, and targeted profiling.
read more →

When Attackers Already Have the Keys — MFA is Not Enough

🔒 The Figure breach exposed 967,200 email records without a single exploit, creating a large inventory adversaries can immediately weaponize for credential stuffing, AI-driven phishing, and help-desk social engineering. The article argues these exposures are operational inputs, not static data, and that common MFA methods — push notifications, SMS, and TOTP — are vulnerable to real-time relay (AiTM) attacks and MFA fatigue. Fixing the problem is architectural, not purely educational: effective defence requires cryptographic origin binding, hardware-bound private keys, and live biometric verification simultaneously.
read more →

Hardening Security Consoles: Kaspersky's Linux 16.1

🔒 Kaspersky highlights that security management consoles themselves expand an organization’s attack surface and therefore must be hardened. Kaspersky Security Center Linux 16.1 adopts a secure-by-default model by enabling two-factor authentication for all console access and removing the global option to disable it. Administrators are required to ensure 2FA is configured for users who access the Web Console or use OpenAPI automation before upgrading. Kaspersky also publishes a structured hardening checklist to audit roles and privileges, restrict network access, strengthen encryption, protect APIs, and ensure comprehensive logging and auditing.
read more →

Five Ways to Strengthen Identity Security and Resilience

🔒 This article outlines five practical steps to harden identity security across human, machine, and workload identities and to build attack resilience through least privilege and continuous validation. It recommends prioritizing MFA for high‑privilege accounts, deploying PAM to control administrative access, inventorying all identity types, and establishing real‑time behavior validation. The guidance emphasizes quick wins—enforce MFA for privileged users immediately and expand to all users within 30 days—to reduce credential‑based breaches and limit lateral movement.
read more →

Low-Cost Steps to Strengthen Your Security Posture Now

🔒 This piece presents eight practical, low-cost measures CISOs and security teams can deploy to materially improve enterprise protection. Recommendations emphasize better enforcement of MFA, fuller use of existing tool capabilities, regular tabletop exercises, and adoption of passkeys for high-risk users. The focus is on disciplined execution, configuration, and human risk management rather than large new purchases.
read more →

Hackers Exploit Identity Systems at Industrial Scale

🔐 The SentinelOne Annual Threat Report for 2026 warns that attackers are executing identity-based compromises at industrial scale, abusing legitimate enterprise accounts and identity systems. These intrusions often bypass or subvert MFA — including through readily available MFA-bypass kits and coercive push attacks — leaving traditional defenses blind. The report also highlights fake-persona recruitment campaigns, including deepfake-enabled interviews, and warns of administrative account takeovers that can disable MFA organization-wide.
read more →

Quick Guide to Recovering a Hacked Online Account Safely

🔒 This concise guide explains fast, practical steps to recover a compromised online account and limit attacker control. It recommends a prioritized, timed response—contain the incident, secure access, and check for persistent compromises—emphasizing actions like change passwords, remove unauthorized forwarding, enable two-factor authentication, and revoke sessions from a known-clean device. The piece also covers device cleanup, notifying contacts and banks, and long-term protections such as password managers, authenticator apps, hardware keys and regular software updates.
read more →

Identity Attacks Rise: Adversaries Seek Invitations

🧛 Cisco Talos highlights a growing trend in 2025: attackers increasingly seek to be authorised as legitimate users rather than relying solely on loud exploits. Telemetry shows nearly a third of MFA spray attacks targeted IAM applications and fraudulent device registrations surged 178%, indicating adversaries focus on the mechanisms that grant access. Talos urges organisations to harden authentication, prioritise patching, manage EOS/EOL devices, and adopt phishing-resistant controls as part of a broader defensive posture.
read more →

Adversary-in-the-Middle Phishing Is Defeating MFA Now

🔐 Modern phishing now uses adversary-in-the-middle proxies that capture entire authentication flows, including MFA prompts and session cookies. Employees can complete legitimate logins and still be compromised because attackers replay session tokens from a different machine. Organizations must move beyond traditional MFA and outdated awareness training and instead deploy phishing-resistant authentication, bind sessions to managed devices, and monitor post-authentication behavior.
read more →

Cyber Fallout After the Strikes: Signal, Noise, Next Steps

⚠️ FortiGuard Labs reports a surge of regional cyber activity in the 24–48 hours following U.S.-Israeli strikes on Iranian targets, including defacements, broadcast intrusions, Telegram claims, and internet disruptions, but no confirmed large-scale destructive campaign tied directly to the strikes. Many observed events appear to be psychological operations, hacktivist signaling, or opportunistic exploitation of geopolitical noise rather than coordinated state-level retaliation. The report warns that access is often pre-positioned and that activations can be delayed, so organizations should harden basic controls and preparedness now. Recommended actions include enabling MFA, automating patching, isolated backups, segmentation, active monitoring, and exercising incident response playbooks.
read more →

Cloudflare adds mandatory authentication and independent MFA

🔒 Cloudflare announced mandatory authentication for the Cloudflare One Client and a new independent multi-factor authentication (MFA) capability to strengthen remote access. When enabled via MDM, the client blocks all Internet traffic until the user authenticates, allowing only the authentication flow and prompting users to sign in. The separate MFA acts as a network-edge, step-up second root of trust, supporting biometrics, WebAuthn/FIDO2 keys, PIV for SSH, and TOTP. Mandatory authentication starts on Windows, and the independent MFA is available in closed beta.
read more →

Starkiller phishing suite proxies real sites to bypass MFA

🔒 Cybersecurity researchers disclosed Starkiller, a commercial phishing suite marketed by a group calling itself Jinkusu that proxies legitimate login pages to bypass multi-factor authentication. The platform launches a headless Chrome instance inside a Docker container and acts as an AitM reverse proxy, relaying keystrokes, form submissions and session tokens. Abnormal warns the toolkit centralizes deployment, URL masking and session monitoring to give low-skill criminals effective MFA-bypass capabilities at scale.
read more →

CrowdStrike FalconID Adds Phishing-Resistant MFA Support

🔐 FalconID is now generally available, delivering phishing‑resistant, FIDO2-based authentication built into the Falcon sensor and delivered via the Falcon for Mobile app. It replaces passwords, push notifications and one‑time codes with biometric, device‑bound verification and cryptographic domain binding. Authentication decisions are driven by real‑time identity, endpoint and SaaS telemetry to minimize friction while blocking credential abuse. For legacy apps, FalconID offers secure indirect authentication, and when paired with SGNL it enables continuous, risk‑based authorization across environments.
read more →

Preventing Business Email Compromise: Practical Steps

🔒Business email compromise (BEC) is a high-impact social engineering threat that targets organizations' financial and identity workflows. The article outlines pragmatic defenses: enforce MFA, validate DMARC/DKIM/SPF, deploy advanced phishing and spoofing filters, and maintain continuous security awareness training with simulated attacks. It also recommends dual-approval for large transfers, stricter help-desk verification, and monitoring for anomalies such as mailbox forwarding rules, impossible-travel logins, and last-minute bank-detail changes to accelerate detection and response.
read more →

PayPal's Hesitant Move Away From SMS for MFA, Operational Friction

🔐 PayPal announced it will begin removing unencrypted SMS for login MFA starting March 2026 but provided no firm timeline and said SMS will remain in use for fraud-related security checks. The company urged customers to adopt authenticator apps or FIDO2 security keys, though its email contained confusing setup instructions and account pages initially lacked direct update flows. Analysts say the move reflects security pressure, potential cost savings, and adoption friction between business and security teams.
read more →