This big phish can swim around MFA, says Microsoft Security

13 July 2022

A widespread phishing campaign that has hit more than 10,000 organizations since September 2021 uses adversary-in-the-middle (AiTM) proxy sites to get around multifactor authentication (MFA) features and steal credentials that are then used to compromise business email accounts. With AiTM phishing, cybercriminals place a proxy server between the targeted user and the website they’re trying to visit, enabling the miscrants to intercept and steal the user’s password and session cookie, which are implemented by web services after initial authentication so that the user doesn’t have to keep authenticating as they move through the site during the session.

Read full article on The Register

Date:

13 July 2022

Categorie(s):

NEWS

Tag(s):

IT, MFA, Microsoft Security, News

Ten years of Heartbleed: Lessons learned29 April 2024
Grafana Tool Vulnerability Let Attackers Inject SQL Queries29 April 2024
France willing to buy key Atos assets to keep them French29 April 2024
Voter Registration System Taken Offline in Coffee County Cyber-Incident29 April 2024
Hackers Tool 29 Days from Initial Hack to Sabotage Ransomware Attack29 April 2024