MFA Bombing; A Growing Threat to Two-Factor Authentication

MFA Bombing; A Growing Threat to Two-Factor Authentication


Malware Developments

New Sophisticated Phishing Campaign Observed Leveraging the Agent Tesla Info Stealer?

A new phishing campaign has been spotted masquerading as a bank payment message - downloading a unique payload malware to spread Agent Tesla's data theft and keylogger.

READ MORE


Ransomware Operations

Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script?

The Agenda Ransomware group - also known as Qilin - has been active and in development since 2022. These days, Agenda continues infecting victims globally - with the US, Argentina, Australia, and Thailand being among its top targets.

READ MORE


Vulnerabilities and Exploitation Attempts

Exploit Released for Fortinet RCE Bug Used in Attacks?

Security researchers published a POC code for CVE-2023-48788, a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software. Details about the vulnerability were shared by the CyberProof CTI team as part of the March 18th CTI weekly report. The vulnerability is now reported to be exploited in the wild.

READ MORE

XZ Tools Backdoor Vulnerability Could Allow Unauthorized Access?

A critical security vulnerability - CVE-2024-3094 (CVSS Score 10) - has been identified within the “xz” tools and libraries, specifically in versions 5.6.0 and 5.6.1. This vulnerability involves malicious code that could potentially allow unauthorized access to systems.

READ MORE


Identified Trends

MFA Bombing; A Growing Threat to Two-Factor Authentication?

The sophistication of MFA bombing tactics has grown, as noted in reports by cybersecurity experts. Attackers, undeterred by users ignoring relentless notifications, may resort to directly contacting their targets under the guise of customer support, further attempting to manipulate victims into compromising their accounts. For instance, a victim receiving a spoofed call from someone claiming to be from Apple Support - aiming to facilitate a password reset and capture the reset code - highlights this trend.

READ MORE

Cisco Warns of Password-Spraying Attacks Targeting VPN Services?

Cisco released an advisory regarding password-spraying attacks targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices. The attacks have also been observed targeting other remote access VPN services, likely as part of reconnaissance.?

READ MORE

Phishing Kits Bypass MFA - Tycoon 2FA on the Rise Since October 2023?

The phishing-as-a-service (PhaaS) kit Tycoon 2FA has become a significant threat since its emergence in late October 2023. This kit specifically targets Microsoft 365 and Gmail accounts, employing a concerning technique to bypass multi-factor authentication (MFA).

READ MORE


Gain deeper CTI insights!?

CyberProof’s CTI service offers comprehensive threat intelligence coverage, ensuring that your organization stays ahead of active threats that pose the greatest risk to your assets.?

Our advanced CTI team investigates the threat landscape, providing you with detailed reports, related Indicators of Compromise (IOCs), technical recommendations, and MITRE ATT&CK mapping.

LEARN MORE ABOUT OUR CTI SERVICES

Goutham Ganesh

SOC ANALYST L1 AT CYBERPROOF, A UST COMPANY |CICSA | CERTIFIED IT INFRASTRUCTURE AND CYBER SOC ANALYST | AZURE SENTINEL | MICROSOFT DEFENDER |

11 个月

Deep insights!

回复

要查看或添加评论,请登录

CyberProof的更多文章

社区洞察

其他会员也浏览了