#jobs #incident #vulnerability #security-tools #patch-management #ai #malware #detection-engineering #exploit #cloud #phishing #ransomware #authentication #breach #zero-day
Articles tagged with: #2fa Clear filter
Facebook Breaches?

Facebook Breaches?

cybersecurity www.reddit.com

So a few days ago, I got notifications that someone was trying to get into my Facebook, so I changed the password. Luckily I had 2FA on (I have it on everything I know of). Then, a day later, someone tried to get into my instagram (same failure). Adobe and Amazon both said about data breaches, and that I should change my passwords. I did virus checks on all my devices, and I use a VPN. Then, this morning, Google contact me and say there's been a data breach, and I should change my passwords on...

#incident #2fa #breach
DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft

DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft

The Hacker News thehackernews.com

Popular password manager plugins for web browsers have been found susceptible to clickjacking security vulnerabilities that could be exploited to steal account credentials, two-factor authentication (2FA) codes, and credit card details under certain conditions. The technique has been dubbed Document Object Model (DOM)-based extension clickjacking by independent security researcher Marek Tóth,

#vulnerability #authentication #2fa #clickjacking
Major password managers can leak logins in clickjacking attacks

Major password managers can leak logins in clickjacking attacks

cybersecurity www.reddit.com

Six major password managers with tens of millions of users are currently vulnerable to unpatched clickjacking flaws that could allow attackers to steal account credentials, 2FA codes, and credit card details. Threat actors could exploit the security issues when victims visit a malicious page or websites vulnerable to cross-site scripting (XSS) or cache poisoning, where attackers overlay invisible HTML elements over the password manager interface. While users believe they are interacting with...

#incident #exploit #2fa #xss #clickjacking
New Salty 2FA PhaaS platform Attacking Microsoft 365 Users to Steal Login Credentials

New Salty 2FA PhaaS platform Attacking Microsoft 365 Users to Steal Login Credentials

Cyber Security News cybersecuritynews.com

A sophisticated new Phishing-as-a-Service (PhaaS) framework dubbed "Salty 2FA" has emerged as a significant threat to Microsoft 365 users across US and European industries. This previously undocumented platform employs advanced obfuscation techniques and multi-stage execution chains specifically designed to bypass two-factor authentication mechanisms while stealing corporate credentials. The framework targets organizations spanning finance, telecommunications, energy,

#security-tools #phishing #authentication #2fa
Does VPN SSO with Windows Hello for Business satisfy MFA requirements?

Does VPN SSO with Windows Hello for Business satisfy MFA requirements?

cybersecurity www.reddit.com

I'm thing about moving our remote access from RADIUS app-based 2FA to SAML Single Sign-On (SSO) on our firewall VPN. All users sign into Microsoft Entra ID - joined laptops with Windows Hello for Business (WHfB) (PIN, fingerprint, or facial recognition). Since WHfB uses a TPM-bound key on the device (something you have) plus PIN/biometric (something you know/are), Microsoft recognizes it as MFA. When the VPN connection is made via SAML SSO, Entra ID passes the MFA claim into the VPN session....

#mfa #2fa #saml #sso
Confirmation codes in 2FA: Why are some apps just displaying the code, not asking to enter it?

Confirmation codes in 2FA: Why are some apps just displaying the code, not asking to enter it?

cybersecurity www.reddit.com

As an example from ID Austria: https://imgur.com/a/vis9di0 I've seen many authenticators working by displaying a code on the device logging in, then on the device with the authenticator app only requiring "yes, I am seeing this code", but not typing it off. This has me somewhat stumped: This still leaves the attack surface for accidentally confirming a malicious action by not paying attention. Annoyingly, this method is used by banking apps and public administration 2FA apps alike. Other apps...

#incident #2fa #attack-surface