Fake Google Security site uses PWA app to steal credentials, MFA codes

A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time ...
Krebs on Security

‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA

According to an analysis of Starkiller by the security firm Abnormal AI, the service lets customers select a brand to impersonate (e.g., Apple, Facebook, Google, Microsoft et. al.) and generates a ...
Hosted on MSN

ShinyHunters vishing attacks steal MFA to breach SaaS platforms

Threat actors tied to the ShinyHunters ecosystem have increasingly leaned on vishing (voice phishing) to defeat modern authentication controls and gain access to business-critical SaaS platforms.
Forbes

How Hackers Bypass MFA, And What You Can Do About It

Forbes contributors publish independent expert analyses and insights. Alex Vakulov is a cybersecurity expert focused on consumer security. Sep 05, 2024, 06:52am EDT Sep 06, 2024, 11:36am EDT ...

Hackers target Microsoft Entra accounts in device code vishing attacks

Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device ...
CSOonline

Microsoft secretly stopped actors from snooping on your MFA codes

The issue could allow threat actors to brute force MFA authentication codes for Outlook, Teams, and Azure access with 50% accuracy. Microsoft may have silently fixed a problem with its MFA ...