< ciso
brief />
Tag Banner

All news with #tool abuse tag

43 articles · page 3 of 3

Six Ways to Curb Security Tool Proliferation in Organizations

🛡️ Organizations facing security-tool sprawl should begin by inventorying controls and eliminating those that no longer map to business risk. Use automated analytics and dashboards to surface ineffective or redundant products, and prioritize tools that enable automation to consolidate alerts and workflows. Remove duplicate solutions—often introduced through acquisitions or silos—and move toward unified platforms while fostering continuous training so teams actually use and benefit from deployed tools.
read more →

Salty2FA Phishing Framework Evades MFA Using Turnstile

🔒 A newly identified phishing-as-a-service called Salty2FA is being used in campaigns that bypass multi-factor authentication by intercepting verification flows and abusing trusted services like Cloudflare Turnstile. Ontinue researchers report the kit uses subdomain rotation, domain-pairing, geo-blocking and dynamic corporate branding to make credential pages appear legitimate. The framework simulates SMS, authenticator apps, push approvals and even hardware-token prompts, routing victims through Turnstile gates to filter automated analysis before harvesting credentials.
read more →

Threat Actors Use X's Grok AI to Spread Malicious Links

🛡️ Guardio Labs researcher Nati Tal reported that threat actors are abusing Grok, X's built-in AI assistant, to surface malicious links hidden inside video ad metadata. Attackers omit destination URLs from visible posts and instead embed them in the small "From:" field under video cards, which X apparently does not scan. By prompting Grok with queries like "where is this video from?", actors get the assistant to repost the hidden link as a clickable reference, effectively legitimizing and amplifying scams, malware distribution, and deceptive CAPTCHA schemes across the platform.
read more →