New phishing attack easily bypasses MFA

This is a scary one, only real solution is for your users to stay diligent. It’s worth reading the entire article but basically the phishing attack uses man-in-the-middle to trick you into authenticating with MFA, so it can steal a session cookie and login without you later (without a password or MFA). The other really interesting part is its ability to filter connections from bots and other analysis tools that URL filtering companies use to see if a link is malicious. It’s a cat-and-mouse game, no doubt the security vendors will figure out a way to keep them on their toes. Be sure your security training and phishing test campaigns are on point.

Tags

What do you think?

Leave a Reply

Your email address will not be published. Required fields are marked *

Related articles

Contact us

Partner with Us for Comprehensive IT

We’re happy to answer any questions you may have and help you determine which of our services best fit your needs.

Your benefits:
What happens next?
1

We Schedule a call at your convenience 

2

We do a discovery and consulting meting 

3

We prepare a proposal 

Schedule a Free Consultation