Crooks bank on Microsoft’s search engine to phish customers

Malwarebytes Labs researchers identified a new wave of phishing for banking credentials that targets consumers via Microsoft’s search engine. A Bing search query for ‘Keybank login’ currently returns malicious links on the first page, and sometimes as the top search Read More …

‘Two-factor authentication may have stopped Synnovis cyber attack’

The cyber attack on pathology provider Synnovis could have been prevented by two-factor authentication, according to Beverley Bryant, strategic advisor in the frontline digitisation team at NHS England. Speaking at the Health Excellence Through Technology (HETT) conference on 24 September Read More …

New Gmail & M365 Warning As 2FA Security Bypass Hack Confirmed

The developers of a notorious 2FA account security bypass tool have launched an updated version of their ‘as-a-service’ kit that is targeting Microsoft 365 and Gmail account holders. Researchers from the Sekoia Threat Detection and Research team have published an Read More …

CircleCI’s hack caused by malware stealing engineer’s 2FA-backed session

Hackers breached CircleCi in December after an engineer became infected with information-stealing malware that their 2FA-backed SSO session cookie, allowing access to the company’s internal systems. Earlier this month, CircleCi disclosed that they suffered a security incident and warned customers Read More …

Comcast Xfinity accounts hacked in widespread 2FA bypass attacks

​Comcast Xfinity customers report their accounts being hacked in widespread attacks that bypass two-factor authentication. These compromised accounts are then used to reset passwords for other services, such as the Coinbase and Gemini crypto exchanges. Starting on December 19th, many Read More …

FBI: Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) to warn organizations that Russian state-sponsored cyber actors have gained network access through exploitation of default MFA protocols and a Read More …

Powerful new Oski variant ‘Mars Stealer’ grabbing 2FAs and crypto

A new and powerful malware named ‘Mars Stealer’ has appeared in the wild, and appears to be a redesign of the Oski malware that shut down development abruptly in the summer of 2020. Mars Stealer is an information-stealing malware that Read More …

Twitter Could Face $250M FTC Fine Over Improper Data Use

Twitter may be facing a Federal Trade Commission (FTC) fine of up to $250 million, after the social media giant last year revealed the improper use of users’ email addresses and phone numbers. In October 2019, Twitter acknowledged that user Read More …

North Korean hackers infect real 2FA app to compromise Macs

Hackers have hidden malware in a legitimate two-factor authentication (2FA) app for macOS to distribute Dacls, a remote access trojan associated with the North Korean Lazarus group. Dacls has been used to target Windows and Linux platforms and the recently discovered RAT Read More …