• chevron_right

    Still using authenticators for MFA? Software for sale can hack you anyway / ArsTechnica · Tuesday, 14 March - 20:09

Software for sale is fueling a torrent of phishing attacks that bypass MFA

Enlarge (credit: Getty Images)

Microsoft on Tuesday profiled software for sale in online forums that makes it easy for criminals to deploy phishing campaigns that successfully compromise accounts, even when they’re protected by the most common form of multi-factor authentication.

The phishing kit is the engine that’s powering more than 1 million malicious emails each day, researchers with the Microsoft Threat Intelligence team said . The software, which sells for $300 for a standard version and $1,000 for VIP users, offers a variety of advanced features for streamlining the deployment of phishing campaigns and increasing their chances of bypassing anti-phishing defenses.

One of the most salient features is the built-in ability to bypass some forms of multi-factor authentication. Also known as MFA, two-factor authentication, or 2FA, this protection requires account holders to prove their identity not only with a password but also by using something only they own (such as a security key or authenticator app) or something only they are (such as a fingerprint or facial scan). MFA has become a major defense against account takeovers because the theft of a password alone isn’t sufficient for an attacker to gain control.

Read 8 remaining paragraphs | Comments

  • chevron_right

    I’m a security reporter and got fooled by a blatant phish / ArsTechnica · Thursday, 11 August, 2022 - 22:57 · 1 minute

This is definitely not a Razer mouse—but you get the idea.

Enlarge / This is definitely not a Razer mouse—but you get the idea. (credit: calvio via Getty Images )

There has been a recent flurry of phishing attacks so surgically precise and well-executed that they've managed to fool some of the most aware people working in the cybersecurity industry. On Monday, Tuesday, and Wednesday, two-factor authentication provider Twilio, content delivery network Cloudflare, and network equipment maker Cisco said phishers in possession of phone numbers belonging to employees and employee family members had tricked their employees into revealing their credentials. The phishers gained access to internal systems of Twilio and Cisco. Cloudflare's hardware-based 2FA keys prevented the phishers from accessing its systems.

The phishers were persistent, methodical and had clearly done their homework. In one minute, at least 76 Cloudflare employees received text messages that used various ruses to trick them into logging into what they believed was their work account. The phishing website used a domain ( that had been registered 40 minutes before the message flurry, thwarting a system Cloudflare uses to be alerted when the domains using its name are created (presumably because it takes time for new entries to populate). The phishers also had the means to defeat forms of 2FA that rely on one-time passwords generated by authenticator apps or sent through text messages.

Creating a sense of urgency

Like Cloudflare, both Twilio and Cisco received text messages or phone calls that were also sent under the premise that there were urgent circumstances—a sudden change in a schedule, a password expiring, or a call under the guise of a trusted organization—necessitating that the target takes action quickly.

Read 14 remaining paragraphs | Comments

  • chevron_right

    Phishers who breached Twilio and fooled Cloudflare could easily get you, too / ArsTechnica · Tuesday, 9 August, 2022 - 23:33

Phishers who breached Twilio and fooled Cloudflare could easily get you, too

Enlarge (credit: Getty Images)

At least two security-sensitive companies—Twilio and Cloudflare—were targeted in a phishing attack by an advanced threat actor who had possession of home phone numbers of not just employees but employees' family members as well.

In the case of Twilio, a San Francisco-based provider of two-factor authentication and communication services, the unknown hackers succeeded in phishing the credentials of an undisclosed number of employees and, from there, gained unauthorized access to the company's internal systems, the company said . The threat actor then used that access to data in an undisclosed number of customer accounts.

Two days after Twilio's disclosure, content delivery network Cloudflare, also headquartered in San Francisco, revealed it had also been targeted in a similar manner. Cloudflare said that three of its employees fell for the phishing scam, but that the company's use of hardware-based MFA keys prevented the would-be intruders from accessing its internal network.

Read 10 remaining paragraphs | Comments

  • Sc chevron_right

    SMS Phishing Attacks are on the Rise / Schneier · Monday, 2 May, 2022 - 21:50

SMS phishing attacks — annoyingly called “smishing” — are becoming more common .

I know that I have been receiving a lot of phishing SMS messages over the past few months. I am not getting the “Fedex package delivered” messages the article talks about. Mine are usually of the form: “Thank you for paying your bill, here’s a free gift for you.”

  • Nu chevron_right

    Phishing : sur la messagerie Signal, un faux Amazon fait « gagner » des iPhone 12 / Numerama · Wednesday, 17 February, 2021 - 15:49

Les phishings débarquent sur l'app Signal. Au menu ce 17 février : un faux jeu concours avec un iPhone 12 Pro à la clé. [Lire la suite]

Abonnez-vous à notre chaîne YouTube pour ne manquer aucune vidéo !

L'article Phishing : sur la messagerie Signal, un faux Amazon fait « gagner » des iPhone 12 est apparu en premier sur Numerama .

  • Sc chevron_right

    Police Have Disrupted the Emotet Botnet / Schneier · Thursday, 28 January, 2021 - 16:09 · 1 minute

A coordinated effort has captured the command-and-control servers of the Emotet botnet:

Emotet establishes a backdoor onto Windows computer systems via automated phishing emails that distribute Word documents compromised with malware . Subjects of emails and documents in Emotet campaigns are regularly altered to provide the best chance of luring victims into opening emails and installing malware ­ regular themes include invoices, shipping notices and information about COVID-19 .

Those behind the Emotet lease their army of infected machines out to other cyber criminals as a gateway for additional malware attacks, including remote access tools (RATs) and ransomware .


A week of action by law enforcement agencies around the world gained control of Emotet’s infrastructure of hundreds of servers around the world and disrupted it from the inside.

Machines infected by Emotet are now directed to infrastructure controlled by law enforcement, meaning cyber criminals can no longer exploit machines compromised and the malware can no longer spread to new targets, something which will cause significant disruption to cyber-criminal operations.


The Emotet takedown is the result of over two years of coordinated work by law enforcement operations around the world, including the Dutch National Police, Germany’s Federal Crime Police, France’s National Police, the Lithuanian Criminal Police Bureau, the Royal Canadian Mounted Police, the US Federal Bureau of Investigation, the UK’s National Crime Agency, and the National Police of Ukraine.

  • Nu chevron_right

    Au Royaume-Uni, des cybercriminels proposent déjà de faux rendez-vous de vaccination / Numerama · Tuesday, 12 January, 2021 - 15:21

À peines les campagnes de vaccination entamées que des cybercriminels essaient déjà de les imiter. Le premier exemple britannique sera-t-il imité en France ? [Lire la suite]

Abonnez-vous à notre chaîne YouTube pour ne manquer aucune vidéo !

L'article Au Royaume-Uni, des cybercriminels proposent déjà de faux rendez-vous de vaccination est apparu en premier sur Numerama .

  • Nu chevron_right

    Phishing : il faut se débarrasser de ces 3 préjugés encore trop communs / Numerama · Friday, 18 December, 2020 - 09:04

Une large majorité de Français et Françaises sait désormais ce qu'est un phishing. Mais certains préjugés ont la peau dure, et entravent la bonne compréhension de cet acte malveillant toujours plus répandu. [Lire la suite]

Voitures, vélos, scooters... : la mobilité de demain se lit sur Vroom !

L'article Phishing : comment se débarrasser de ces 3 préjugés encore trop communs est apparu en premier sur Numerama .