bitnewsbot

Spear-phishers hide HTML lures in 27 malicious npm packages.

Attackers abused 27 npm packages to host CDN‑served credential‑harvesting phishing lures—targeting sales and commercial staff at critical‑infrastructure‑adjacent firms with bot/sandbox evasion and 25 ...
SlashGear

Your Accounts Can Still Get Hacked, Even Using Multi-Factor Authentication

When it comes to digital safety, setting up an extra layer of security for accounts is heavily recommended. The idea behind this approach, known as multi-factor authentication (MFA), is to ensure that ...
Security

Infoblox Uncovers MFA-Bypassing “Evilginx” Phishing Operation Targeting U.S. Universities

DNS analysis links more than 70 malicious domains to a months-long phishing campaign impersonating U.S. university login portals, including the University of California system and the University of ...
CPO Magazine

Inside a Threat Actor’s Typical Day: Lessons Learned for MSPs

Have you ever wondered how exactly threat actors spend their days? A recent Huntress investigation into a machine operated by a threat actor, who had installed a Huntress agent, gave an inside look ...
The Record

Evilginx’s creator reckons with the dark side of red-team tools

Kuba Gretzky wanted to make the internet safer. Instead, he helped make it more dangerous. In 2017, from his home in Poland, the coder released a hacking tool called Evilginx – a program designed to ...
Biometric Companies

Cybersecurity firm flags FIDO authentication downgrade phishing attack risk

A new downgrade attack designed to bypass FIDO authentication with a “dedicated phishlet” has been discovered by enterprise cybersecurity provider Proofpoint. The adversary-in-the-middle (AiTM) attack ...
CSOonline

FIDO authentication undermined

The FIDO standard is generally regarded as secure and user-friendly. It is used for passwordless authentication and is considered an effective means against phishing attempts. However, research ...
Dark Reading

Downgrade Attack Allows Phishing Kits to Bypass FIDO

Researchers have developed a new proof-of-concept (PoC) for how phishing kits can circumvent Fast Identity Online (FIDO) authentication. FIDO is the gold standard of online authentication — the best, ...
Bleeping Computer

New downgrade attack can bypass FIDO auth in Microsoft Entra ID

Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and ...
American Banker

A U.S. cybercrime group is targeting banks and credit unions

A new report released Wednesday by a group of sector-specific cybersecurity consortia, led by the Financial Services Information Sharing and Analysis Center (FS-ISAC), warns financial institutions and ...
Bleeping Computer

How attackers are still phishing "phishing-resistant" authentication

As awareness grows around many MFA methods being “phishable” (i.e. not phishing resistant), passwordless, FIDO2-based authentication methods (aka. passkeys) like YubiKeys, Okta FastPass, and Windows ...