Collecting Cyber-News from over 60 sources

Tag: 2fa

Coinbase to fix 2FA account activity entry freaking out users

Apr 5, 2025 6:42 PM

by

Andy Stern

in SecurityNews

Tags: 2fa, credentials

Coinbase is fixing an incorrect account activity message that freaks out customers and makes them think their credentials were compromised. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/coinbase-to-fix-2fa-account-activity-entry-freaking-out-users/
Even anti-scammers get scammed: security expert Troy Hunt pwned by phishing email

Mar 26, 2025 8:35 PM

by

Andy Stern

in SecurityNews

Tags: 2fa, attack, authentication, awareness, credentials, email, identity, mfa, passkey, password, phishing, scam, service

Troy Hunt, creator of the Have I Been Pwned website Troy HuntThe phishing attack was “highly automated and designed to immediately export the list before the victim could take preventative measures,” Hunt wrote.The attack highlights the limitations of passwords and two-factor authentication (2FA) in preventing phishing attacks. Hunt said the incident highlights the need for…
NCSC taps influencers to make 2FA go viral

Mar 26, 2025 1:13 PM

by

Andy Stern

in SecurityNews

Tags: 2fa, cyber, resilience

Who knew social media stars had a role to play in building national cyber resilience? First seen on theregister.com Jump to article: www.theregister.com/2025/03/26/ncsc_influencers_2fa/
Two-Factor Authentication (2FA) vs. Multi-Factor Authentication (MFA)

Mar 26, 2025 1:13 AM

by

Andy Stern

in SecurityNews

Tags: 2fa, authentication, mfa

How authentication works, the difference between 2FA and MFA, and the various types of secondary authentication factors. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/two-factor-authentication-2fa-vs-multi-factor-authentication-mfa/
Benutzerkonten schützen – Synology-NAS-Systeme mit 2FA absichern

Mar 25, 2025 12:13 PM

by

Andy Stern

in SecurityNews

Tags: 2fa

First seen on security-insider.de Jump to article: www.security-insider.de/synology-2fa-einrichten-deaktivieren-a-f15add01ff6ef75f8d64f0197e27bbfd/
11 ways cybercriminals are making phishing more potent than ever

Mar 25, 2025 8:13 AM

by

Andy Stern

in SecurityNews

Tags: 2fa, ai, attack, authentication, awareness, breach, business, ciso, conference, corporate, credentials, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, deep-fake, detection, dns, email, exploit, finance, hacker, infrastructure, intelligence, linkedin, login, malicious, malware, mfa, microsoft, mobile, office, phishing, powershell, qr, russia, service, social-engineering, software, sophos, spam, sql, switch, theft, threat, tool

They’re luring with voice and video: Bad actors are also exploiting AI’s ability to clone voices and likenesses from audio and video clips or images found online.Combined with tools that mimic caller ID, cybercriminals can fool targets by calling them and purporting to be a family member, friend, or work colleague seeking urgent assistance. Such…
Warum eine klassische Multifaktor-Authentifizierung in Zukunft nicht mehr ausreicht

Mar 22, 2025 12:13 PM

by

Andy Stern

in SecurityNews

Tags: 2fa, authentication, password, phishing

Angreifer nutzen immer häufiger ausgefeilte Phishing-Methoden, um Nutzer dazu zu bringen, sowohl ihr Passwort als auch den temporären 2FA-Code preiszugeben. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/warum-eine-klassische-multifaktor-authentifizierung-in-zukunft-nicht-mehr-ausreicht/a40216/
FBI and CISA Urge Enabling 2FA to Counter Medusa Ransomware

Mar 13, 2025 10:52 PM

by

Andy Stern

in SecurityNews

Tags: 2fa, attack, cisa, ransomware, tactics

FBI and CISA warn of Medusa ransomware attacks impacting critical infrastructure. Learn about Medusa’s tactics, prevention tips, and… First seen on hackread.com Jump to article: hackread.com/fbi-cisa-urge-enabling-2fa-counter-medusa-ransomware/
mailbox.org 2FA im Fokus: Wann wird es endlich so bequem wie sicher?

Feb 27, 2025 7:59 AM

by

Andy Stern

in SecurityNews

Tags: 2fa, mail

Nur die Teilnehmer des Beta-Programms können beim Berliner E-Mail-Anbieter mailbox.org die einfache 2FA-Nutzung in Anspruch nehmen. Warum? First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/datenschutz/mailbox-org-2fa-im-fokus-wann-wird-es-endlich-so-bequem-wie-sicher-310827.html
Microsoft’s Password Spray and Pray Attack: A Wake-Up Call for 2FA Adoption

Feb 25, 2025 8:23 PM

by

Andy Stern

in SecurityNews

Tags: 2fa, attack, defense, microsoft, password

Microsoft accounts without 2FA face a “password spray and pray” attack, prompting urgent warnings for organizations to bolster defenses and prevent breaches. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/trends/microsoft-password-spray-and-pray-attack/
Fake Timesheet Report Emails Linked to Tycoon 2FA Phishing Kit

Feb 18, 2025 7:46 AM

by

Andy Stern

in SecurityNews

Tags: 2fa, credentials, cyber, cybersecurity, email, phishing, service, theft

Cybersecurity researchers have uncovered a novel phishing campaign distributing the notorious Tycoon 2FA phishing kit through fraudulent timesheet notification emails, marking a concerning evolution in multi-layered credential theft operations. The operation utilizes Pinterest’s visual bookmarking service as an intermediary redirector, demonstrating attackers’ increasing sophistication in bypassing traditional email security filters. Campaign Mechanics and Delivery Vector…
Astaroth Phishing Kit Bypasses 2FA, Steals Accounts

Feb 17, 2025 5:46 AM

by

Andy Stern

in SecurityNews

Tags: 2fa, cybersecurity, phishing

Cybersecurity researchers at SlashNext have discovered a sophisticated new phishing kit dubbed >>Astaroth
Astaroth 2FA Phishing Kit Targets Gmail, Yahoo, Office 365, and Third-Party Logins

Feb 14, 2025 10:48 AM

by

Andy Stern

in SecurityNews

Tags: 2fa, authentication, credentials, cyber, cybercrime, cybersecurity, login, mfa, network, office, phishing, threat

A new phishing kit named Astaroth has emerged as a significant threat in the cybersecurity landscape by bypassing two-factor authentication (2FA) mechanisms. First advertised on cybercrime networks in January 2025, Astaroth employs advanced techniques such as session hijacking and real-time credential interception to compromise accounts on platforms like Gmail, Yahoo, Office 365, and other third-party…
Astaroth Phishing Kit Bypasses 2FA to Hijack Gmail and Microsoft Accounts

Feb 13, 2025 4:48 PM

by

Andy Stern

in SecurityNews

Tags: 2fa, credentials, login, microsoft, phishing

New Astaroth Phishing Kit bypasses 2FA (two-factor authentication) to steal Gmail, Yahoo and Microsoft login credentials using a… First seen on hackread.com Jump to article: hackread.com/astaroth-phishing-kit-bypasses-2fa-hijack-gmail-microsoft/
Astaroth Phishing Kit Bypasses 2FA Using Reverse Proxy Techniques

Feb 13, 2025 3:48 PM

by

Andy Stern

in SecurityNews

Tags: 2fa, credentials, office, phishing

Astaroth is an advanced phishing kit using real-time credential and session cookie capture to compromise Gmail, Yahoo and Office 365 accounts First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/astaroth-phishing-kit-bypasses-2fa/
Phishing trotz Zwei-Faktor-Authentifizierung – Erfolgreiche Hacks trotz 2FA das können Unternehmen tun

Feb 13, 2025 1:48 PM

by

Andy Stern

in SecurityNews

Tags: 2fa, authentication, mfa, phishing

First seen on security-insider.de Jump to article: www.security-insider.de/-phishing-methoden-zwei-faktor-authentifizierung-herausforderungen-unternehmen-a-f271964311ee60db02f7fc9e62ce5550/
Bitwarden Requires Mandatory Email Verification For Non-2FA Accounts

Jan 29, 2025 10:39 PM

by

Andy Stern

in SecurityNews

Tags: 2fa, email

First seen on scworld.com Jump to article: www.scworld.com/brief/bitwarden-requires-mandatory-email-verification-for-non-2fa-accounts
Mandatory email verification implemented by BitWarden for non-2FA accounts

Jan 28, 2025 10:37 PM

by

Andy Stern

in SecurityNews

Tags: 2fa, email

First seen on scworld.com Jump to article: www.scworld.com/brief/mandatory-email-verification-implemented-by-bitwarden-for-non-2fa-accounts
Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

Jan 23, 2025 3:22 PM

by

Andy Stern

in SecurityNews

Tags: 2fa, authentication, cyber, detection, microsoft, phishing, service, threat

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers to launch increasingly sophisticated phishing campaigns. One such advanced PhaaS platform, Tycoon, has seen widespread use since its emergence in August 2023. In November 2024, it debuted its latest iteration, Tycoon 2FA, which bypasses multifactor authentication (2FA) using Microsoft 365 session…
Tycoon 2FA Phishing Kit Upgraded to Bypass Security Measures

Jan 22, 2025 6:22 PM

by

Andy Stern

in SecurityNews

Tags: 2fa, mfa, phishing, threat

Threat researchers analyzed the updated Tycoon 2FA phishing kit, which bypasses MFA First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/tycoon-2fa-phishing-kit-upgraded/
Attackers Can Evade 2FA with Yubico Software Module Bug

Jan 21, 2025 9:23 PM

by

Andy Stern

in SecurityNews

Tags: 2fa, software

First seen on scworld.com Jump to article: www.scworld.com/brief/attackers-can-evade-2fa-with-yubico-software-module-bug
Evading 2FA possible with Yubico software module bug

Jan 21, 2025 9:23 PM

by

Andy Stern

in SecurityNews

Tags: 2fa, software

First seen on scworld.com Jump to article: www.scworld.com/brief/evading-2fa-possible-with-yubico-software-module-bug
Yubico Warns of 2FA Security Flaw in pam-u2f for Linux and macOS Users

Jan 20, 2025 1:22 PM

by

Andy Stern

in SecurityNews

Tags: 2fa, advisory, authentication, cve, fido, flaw, linux, macOS, mfa, open-source, risk, software, threat, vulnerability

Yubico has released a security advisory, YSA-2025-01, which highlighted a vulnerability within the software module that supports two-factor authentication (2FA) for Linux and macOS platforms. This issue, tracked as CVE-2025-23013, allows for a partial 2FA bypass protections when using YubiKeys or other FIDO-compatible authenticators. The vulnerability poses a high-risk security threat and could potentially compromise…
Telegram-Based >>Sneaky 2FA<< Phishing Kit Targets Microsoft 365 Accounts

Jan 20, 2025 1:22 PM

by

Andy Stern

in SecurityNews

Tags: 2fa, microsoft, phishing, service

Sneaky 2FA: New Phishing-as-a-Service targets Microsoft 365, leveraging sophisticated evasion techniques and a Telegram-based platform to steal credentials…. First seen on hackread.com Jump to article: hackread.com/telegram-sneaky-2fa-phishing-kit-microsoft-365-accounts/
Sneaky 2FA: A New Adversarythe-Middle Phishing-asService Threat

Jan 20, 2025 5:22 AM

by

Andy Stern

in Allgemein

Tags: 2fa, data-breach, detection, phishing, service, threat

SEKOIA’s Threat Detection & Research (TDR) team has exposed a new Adversary-in-the-Middle (AiTM) phishing kit, dubbed “Sneaky 2FA.” First seen on securityonline.info Jump to article: securityonline.info/sneaky-2fa-a-new-adversary-in-the-middle-phishing-as-a-service-threat/
Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes

Jan 15, 2025 7:02 PM

by

Andy Stern

in SecurityNews

Tags: 2fa, credentials, cybersecurity, google, login, malware, phishing, scam

Cybersecurity researchers have alerted to a new malvertising campaign that’s targeting individuals and businesses advertising via Google Ads by attempting to phish for their credentials via fraudulent ads on Google.”The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages,” JÃ©rÃ´me Segura, senior director…
Secure Gaming During the Holidays

Dec 28, 2024 6:43 PM

by

Andy Stern

in SecurityNews

Tags: 2fa, cyberattack

Secure Gaming during holidays is essential as cyberattacks rise by 50%. Protect accounts with 2FA, avoid fake promotions,… First seen on hackread.com Jump to article: hackread.com/secure-gaming-during-the-holidays/
Turmoil Besets Phishing-as-a-Service Toolkit Rockstar 2FA

Dec 23, 2024 8:42 PM

by

Andy Stern

in SecurityNews

Tags: 2fa, infrastructure, phishing, service

Infrastructure Problems Blamed; Users Appear to Move to Similar FlowerStorm Service. As the end of the year approaches, it’s out with the old and in with the new as researchers report that Rockstar 2FA, which once facilitated prolific phishing-as-a-service hits, has crashed and burned, apparently leading many one-time users to move to rival FlowerStorm. First…
Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service

Dec 23, 2024 1:42 PM

by

Andy Stern

in SecurityNews

Tags: 2fa, group, infrastructure, phishing, service, sophos

An interruption to the phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA has led to a rapid uptick in activity from another nascent offering named FlowerStorm.”It appears that the [Rockstar2FA] group running the service experienced at least a partial collapse of its infrastructure, with pages associated with the service no longer reachable,” Sophos said in a new…
Evilginx: Open-source man-inmiddle attack framework

Dec 23, 2024 6:44 AM

by

Andy Stern

in SecurityNews

Tags: 2fa, attack, credentials, framework, login, open-source, phishing

Evilginx is an open-source man-in-the-middle attack framework designed to phish login credentials and session cookies, enabling attackers to bypass 2FA safeguards. >>Back … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/23/evilginx-open-source-man-in-the-middle-attack-framework/