New Gmail & M365 Warning As 2FA Security Bypass Hack Confirmed

The developers of a notorious 2FA account security bypass tool have launched an updated version of their ‘as-a-service’ kit that is targeting Microsoft 365 and Gmail account holders. Researchers from the Sekoia Threat Detection and Research team have published an Read More …

CircleCI’s hack caused by malware stealing engineer’s 2FA-backed session

Hackers breached CircleCi in December after an engineer became infected with information-stealing malware that their 2FA-backed SSO session cookie, allowing access to the company’s internal systems. Earlier this month, CircleCi disclosed that they suffered a security incident and warned customers Read More …

Comcast Xfinity accounts hacked in widespread 2FA bypass attacks

​Comcast Xfinity customers report their accounts being hacked in widespread attacks that bypass two-factor authentication. These compromised accounts are then used to reset passwords for other services, such as the Coinbase and Gemini crypto exchanges. Starting on December 19th, many Read More …

FBI: Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) to warn organizations that Russian state-sponsored cyber actors have gained network access through exploitation of default MFA protocols and a Read More …

Powerful new Oski variant ‘Mars Stealer’ grabbing 2FAs and crypto

A new and powerful malware named ‘Mars Stealer’ has appeared in the wild, and appears to be a redesign of the Oski malware that shut down development abruptly in the summer of 2020. Mars Stealer is an information-stealing malware that Read More …

Twitter Could Face $250M FTC Fine Over Improper Data Use

Twitter may be facing a Federal Trade Commission (FTC) fine of up to $250 million, after the social media giant last year revealed the improper use of users’ email addresses and phone numbers. In October 2019, Twitter acknowledged that user Read More …

North Korean hackers infect real 2FA app to compromise Macs

Hackers have hidden malware in a legitimate two-factor authentication (2FA) app for macOS to distribute Dacls, a remote access trojan associated with the North Korean Lazarus group. Dacls has been used to target Windows and Linux platforms and the recently discovered RAT Read More …

Metro Bank targeted with 2FA-bypassing SS7 attacks

Metro Bank has reportedly fallen victim to a sophisticated two-factor authentication (2FA) bypass attack after hackers infiltrated a telecoms firm’s text messaging protocol. The Signalling Systems No. 7 (SS7) protocol is used by telecom firms to coordinate how texts and Read More …