Tag: 2fa

BSI warnt: Immer weniger Menschen nutzen 2FA und sichere Passwörter

Jun 24, 2025 10:35 AM

Tags: 2fa, bsi, password

Eine neue Untersuchung des BSI zeigt einen bedenklichen Trend. Menschen verhalten sich im Netz trotz hoher Bedrohungslage immer unvorsichtiger. First seen on golem.de Jump to article: www.golem.de/news/bsi-warnt-immer-weniger-menschen-nutzen-2fa-und-sichere-passwoerter-2506-197389.html
Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign

Jun 19, 2025 11:03 AM

Tags: 2fa, access, exploit, google, group, intelligence, password, phishing, russia, social-engineering, threat

Threat actors with suspected ties to Russia have been observed taking advantage of a Google account feature called application specific passwords (or app passwords) as part of a novel social engineering tactic designed to gain access to victims’ emails.Details of the highly targeted campaign were disclosed by Google Threat Intelligence Group (GTIG) and the Citizen…
6 Best Authenticator Apps for 2025

Jun 5, 2025 2:54 PM

Tags: 2fa

2FA authenticator apps add an extra layer of security to your accounts. Explore the best options for seamless protection and peace of mind. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/best-authenticator-apps/
Hacker nehmen Rüstungslieferanten der Ukraine ins Visier

May 15, 2025 12:54 PM

Tags: 2fa, access, authentication, bug, cyberattack, exploit, hacker, mail, mfa, password, software, strategy, ukraine, vulnerability

Russische Hacker greifen gezielt Rüstungsfirmen an, die die Ukraine mit Waffen versorgen.Die berüchtigte russische Hackergruppe Fancy Bear hat gezielt Rüstungsfirmen angegriffen, die Waffen an die Ukraine liefern. Das geht aus einer aktuellen Studie des slowakischen Sicherheitsunternehmens Eset aus Bratislava hervor. Danach richteten sich die Angriffe vor allem gegen Hersteller sowjetischer Waffentechnik in Bulgarien, Rumänien und…
Twilio denies breach following leak of alleged Steam 2FA codes

May 13, 2025 9:38 PM

Tags: 2fa, access, breach, leak, threat

Twilio has denied in a statement for BleepingComputer that it was breached after a threat actor claimed to be holding over 89 million Steam user records with one-time access codes. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/twilio-denies-breach-following-leak-of-alleged-steam-2fa-codes/
Crypto users embrace 2FA, lag in other protections

May 8, 2025 10:10 PM

Tags: 2fa, crypto

First seen on scworld.com Jump to article: www.scworld.com/brief/crypto-users-embrace-2fa-lag-in-other-protections
AiTM Phishing Kits Bypass MFA by Hijacking Credentials and Session Tokens

Apr 30, 2025 6:49 PM

Tags: 2fa, attack, authentication, credentials, cyber, cybercrime, exploit, mfa, phishing, service, software

Darktrace’s Security Operations Center (SOC) in late 2024 and early 2025, cybercriminals have been exploiting legitimate Software-as-a-Service (SaaS) platforms like Milanote to orchestrate sophisticated phishing campaigns. These attacks, bolstered by the Tycoon 2FA phishing kit, demonstrate an advanced Adversary-in-the-Middle (AiTM) approach that circumvents multi-factor authentication (MFA) protections. Leveraging Legitimate Services for Stealthy Attacks By abusing…
Coinbase fixes 2FA log error making people think they were hacked

Apr 27, 2025 8:52 PM

Tags: 2fa, credentials

Coinbase has fixed a confusing bug in its account activity logs that caused users to think their credentials were compromised. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/coinbase-fixes-2fa-log-error-making-people-think-they-were-hacked/
‘SessionShark’ A New Toolkit Bypasses Microsoft Office 365 MFA Security

Apr 25, 2025 11:50 AM

Tags: 2fa, authentication, cyber, cybercrime, marketplace, mfa, microsoft, office, phishing, service, threat

Security researchers have uncovered a new and sophisticated threat to Microsoft Office 365 users: a phishing-as-a-service toolkit dubbed “SessionShark O365 2FA/MFA.” Promoted through cybercriminal marketplaces, SessionShark is designed to bypass Microsoft’s multi-factor authentication (MFA) protections”, an alarming escalation in the ongoing battle between defenders and cyber attackers. A Toolkit Purpose-Built to Evade 2FA and MFA…
Tycoon 2FA phishing kit adds stealth, expands to mobile devices

Apr 15, 2025 10:28 PM

Tags: 2fa, mobile, phishing

First seen on scworld.com Jump to article: www.scworld.com/news/tycoon-2fa-phishing-kit-adds-stealth-expands-to-mobile-devices
Cryptohack Roundup: US Disbands Cryptocurrency Legal Team

Apr 10, 2025 7:06 PM

Tags: 2fa, crypto, phishing

Also: PoisonSeed Phishing Campaign, FTX Clients Face Reimbursement Hurdle. This week, Trump administration disbanded a Justice Department crypto unit, the U.S. Securities and Exchange Commission will review crypto guidance, Usual pledged up to $16M in bug bounties, a PoisonSeed phishing campaign, FTX repayment plan troubles and a Coinbase 2FA error. First seen on govinfosecurity.com Jump…
Coinbase to fix 2FA account activity entry freaking out users

Apr 5, 2025 6:42 PM

Tags: 2fa, credentials

Coinbase is fixing an incorrect account activity message that freaks out customers and makes them think their credentials were compromised. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/coinbase-to-fix-2fa-account-activity-entry-freaking-out-users/
Even anti-scammers get scammed: security expert Troy Hunt pwned by phishing email

Mar 26, 2025 8:35 PM

Tags: 2fa, attack, authentication, awareness, credentials, email, identity, mfa, passkey, password, phishing, scam, service

Troy Hunt, creator of the Have I Been Pwned website Troy HuntThe phishing attack was “highly automated and designed to immediately export the list before the victim could take preventative measures,” Hunt wrote.The attack highlights the limitations of passwords and two-factor authentication (2FA) in preventing phishing attacks. Hunt said the incident highlights the need for…
NCSC taps influencers to make 2FA go viral

Mar 26, 2025 1:13 PM

Tags: 2fa, cyber, resilience

Who knew social media stars had a role to play in building national cyber resilience? First seen on theregister.com Jump to article: www.theregister.com/2025/03/26/ncsc_influencers_2fa/
Two-Factor Authentication (2FA) vs. Multi-Factor Authentication (MFA)

Mar 26, 2025 1:13 AM

Tags: 2fa, authentication, mfa

How authentication works, the difference between 2FA and MFA, and the various types of secondary authentication factors. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/two-factor-authentication-2fa-vs-multi-factor-authentication-mfa/
Benutzerkonten schützen – Synology-NAS-Systeme mit 2FA absichern

Mar 25, 2025 12:13 PM

Tags: 2fa

First seen on security-insider.de Jump to article: www.security-insider.de/synology-2fa-einrichten-deaktivieren-a-f15add01ff6ef75f8d64f0197e27bbfd/
11 ways cybercriminals are making phishing more potent than ever

Mar 25, 2025 8:13 AM

Tags: 2fa, ai, attack, authentication, awareness, breach, business, ciso, conference, corporate, credentials, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, deep-fake, detection, dns, email, exploit, finance, hacker, infrastructure, intelligence, linkedin, login, malicious, malware, mfa, microsoft, mobile, office, phishing, powershell, qr, russia, service, social-engineering, software, sophos, spam, sql, switch, theft, threat, tool

They’re luring with voice and video: Bad actors are also exploiting AI’s ability to clone voices and likenesses from audio and video clips or images found online.Combined with tools that mimic caller ID, cybercriminals can fool targets by calling them and purporting to be a family member, friend, or work colleague seeking urgent assistance. Such…
Warum eine klassische Multifaktor-Authentifizierung in Zukunft nicht mehr ausreicht

Mar 22, 2025 12:13 PM

Tags: 2fa, authentication, password, phishing

Angreifer nutzen immer häufiger ausgefeilte Phishing-Methoden, um Nutzer dazu zu bringen, sowohl ihr Passwort als auch den temporären 2FA-Code preiszugeben. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/warum-eine-klassische-multifaktor-authentifizierung-in-zukunft-nicht-mehr-ausreicht/a40216/
FBI and CISA Urge Enabling 2FA to Counter Medusa Ransomware

Mar 13, 2025 10:52 PM

Tags: 2fa, attack, cisa, ransomware, tactics

FBI and CISA warn of Medusa ransomware attacks impacting critical infrastructure. Learn about Medusa’s tactics, prevention tips, and… First seen on hackread.com Jump to article: hackread.com/fbi-cisa-urge-enabling-2fa-counter-medusa-ransomware/
mailbox.org 2FA im Fokus: Wann wird es endlich so bequem wie sicher?

Feb 27, 2025 7:59 AM

Tags: 2fa, mail

Nur die Teilnehmer des Beta-Programms können beim Berliner E-Mail-Anbieter mailbox.org die einfache 2FA-Nutzung in Anspruch nehmen. Warum? First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/datenschutz/mailbox-org-2fa-im-fokus-wann-wird-es-endlich-so-bequem-wie-sicher-310827.html
Microsoft’s Password Spray and Pray Attack: A Wake-Up Call for 2FA Adoption

Feb 25, 2025 8:23 PM

Tags: 2fa, attack, defense, microsoft, password

Microsoft accounts without 2FA face a “password spray and pray” attack, prompting urgent warnings for organizations to bolster defenses and prevent breaches. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/trends/microsoft-password-spray-and-pray-attack/
Fake Timesheet Report Emails Linked to Tycoon 2FA Phishing Kit

Feb 18, 2025 7:46 AM

Tags: 2fa, credentials, cyber, cybersecurity, email, phishing, service, theft

Cybersecurity researchers have uncovered a novel phishing campaign distributing the notorious Tycoon 2FA phishing kit through fraudulent timesheet notification emails, marking a concerning evolution in multi-layered credential theft operations. The operation utilizes Pinterest’s visual bookmarking service as an intermediary redirector, demonstrating attackers’ increasing sophistication in bypassing traditional email security filters. Campaign Mechanics and Delivery Vector…
Astaroth Phishing Kit Bypasses 2FA, Steals Accounts

Feb 17, 2025 5:46 AM

Tags: 2fa, cybersecurity, phishing

Cybersecurity researchers at SlashNext have discovered a sophisticated new phishing kit dubbed >>Astaroth
Astaroth 2FA Phishing Kit Targets Gmail, Yahoo, Office 365, and Third-Party Logins

Feb 14, 2025 10:48 AM

Tags: 2fa, authentication, credentials, cyber, cybercrime, cybersecurity, login, mfa, network, office, phishing, threat

A new phishing kit named Astaroth has emerged as a significant threat in the cybersecurity landscape by bypassing two-factor authentication (2FA) mechanisms. First advertised on cybercrime networks in January 2025, Astaroth employs advanced techniques such as session hijacking and real-time credential interception to compromise accounts on platforms like Gmail, Yahoo, Office 365, and other third-party…
Astaroth Phishing Kit Bypasses 2FA to Hijack Gmail and Microsoft Accounts

Feb 13, 2025 4:48 PM

Tags: 2fa, credentials, login, microsoft, phishing

New Astaroth Phishing Kit bypasses 2FA (two-factor authentication) to steal Gmail, Yahoo and Microsoft login credentials using a… First seen on hackread.com Jump to article: hackread.com/astaroth-phishing-kit-bypasses-2fa-hijack-gmail-microsoft/
Astaroth Phishing Kit Bypasses 2FA Using Reverse Proxy Techniques

Feb 13, 2025 3:48 PM

Tags: 2fa, credentials, office, phishing

Astaroth is an advanced phishing kit using real-time credential and session cookie capture to compromise Gmail, Yahoo and Office 365 accounts First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/astaroth-phishing-kit-bypasses-2fa/
Phishing trotz Zwei-Faktor-Authentifizierung – Erfolgreiche Hacks trotz 2FA das können Unternehmen tun

Feb 13, 2025 1:48 PM

Tags: 2fa, authentication, mfa, phishing

First seen on security-insider.de Jump to article: www.security-insider.de/-phishing-methoden-zwei-faktor-authentifizierung-herausforderungen-unternehmen-a-f271964311ee60db02f7fc9e62ce5550/
Bitwarden Requires Mandatory Email Verification For Non-2FA Accounts

Jan 29, 2025 10:39 PM

Tags: 2fa, email

First seen on scworld.com Jump to article: www.scworld.com/brief/bitwarden-requires-mandatory-email-verification-for-non-2fa-accounts
Mandatory email verification implemented by BitWarden for non-2FA accounts

Jan 28, 2025 10:37 PM

Tags: 2fa, email

First seen on scworld.com Jump to article: www.scworld.com/brief/mandatory-email-verification-implemented-by-bitwarden-for-non-2fa-accounts
Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

Jan 23, 2025 3:22 PM

Tags: 2fa, authentication, cyber, detection, microsoft, phishing, service, threat

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers to launch increasingly sophisticated phishing campaigns. One such advanced PhaaS platform, Tycoon, has seen widespread use since its emergence in August 2023. In November 2024, it debuted its latest iteration, Tycoon 2FA, which bypasses multifactor authentication (2FA) using Microsoft 365 session…