EvilProxy phishing-as-a-service with MFA bypass emerged on the dark web
Following the recent Twilio hack leading to the leakage of 2FA (OTP) codes, cybercriminals continue to upgrade their attack arsenal to orchestrate advanced phishing campaigns …
Phishing PyPI users: Attackers compromise legitimate projects to push malware
PyPI, the official third-party software repository for Python packages, is warning about a phishing campaign targeting its users. “We have additionally determined that …
How attackers use and abuse Microsoft MFA
Microsoft has been pushing for the use of multi-factor authentication (MFA) to thwart attackers for many years. But threat actors are keeping up with the increasing enterprise …
Cisco has been hacked by a ransomware gang
U.S. networking giant Cisco Systems has been hacked, the company confirmed on Wednesday, after Yanluowang ransomware operators claimed the attack on their leak site. …
Phishers use custom phishing kit to hijack MFA-protected enterprise Microsoft accounts
An ongoing, large-scale phishing campaign is targeting owners of business email accounts at companies in the FinTech, Lending, Insurance, Energy and Manufacturing sectors in …
84% of organizations experienced an identity-related breach in the past 18 months
60% of IT security decision makers believe their overall security strategy does not keep pace with the threat landscape, and that they are either lagging behind (20%), …
Companies around the globe still not implementing MFA
SMB owners across the globe are still relying only on usernames and passwords to secure critical employee, customer, and partner data, according to the Global Small Business …
Popular business web apps fail to implement critical password requirements
Specops Software released new research finding cybersecurity weaknesses in business web apps including Shopify, Zendesk, Trello, and Stack Overflow. Amid a wave of …
Phishers steal Office 365 users’ session cookies to bypass MFA, commit payment fraud
A massive phishing campaign has been targeting Office 365 (i.e., Microsoft 365) users in over 10,000 organizations since September 2021 and successfully bypassing multi-factor …
54% of SMBs do not implement MFA
SMB owners across the globe are still relying only on usernames and passwords to secure critical employee, customer, and partner data, according to the Global Small Business …
Account pre-hijacking attacks possible on many online services
Online accounts getting hijacked and misused is an everyday occurrence, but did you know that account pre-hijacking attacks are also possible? Inspired by previous research on …
Good end user passwords begin with a well-enforced password policy
In this interview with Help Net Security, Lori Österholm, CTO at Specops Software, explains what makes passwords vulnerable and suggests some password best practices and …
Featured news
Resources
Don't miss
- KillChainGraph: Researchers test machine learning framework for mapping attacker behavior
- AIDEFEND: Free AI defense framework
- Boards are being told to rethink their role in cybersecurity
- Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms
- New framework aims to outsmart malware evasion tricks