Beware of Latest Phishing Threats: Authenticators and Open Source Kits Vulnerable

March 14, 2023 at 08:09 PM

•

1 min read

Beware of Latest Phishing Threats: Authenticators and Open Source Kits Vulnerable — Photo: Ars Technica

TL;DR Summary

Criminals are using software that sells for as little as $300 to deploy phishing campaigns that can bypass some forms of multi-factor authentication (MFA), including those that use time-based one-time passwords (TOTPs). The software, which is responsible for more than 1 million malicious emails each day, uses a technique known as adversary in the middle (AitM) to place a phishing site between the targeted user and the site they are trying to log in to. The most effective barrier to account takeovers is MFA based on the industry standard known as FIDO2.

Topics:technology #aitm #cybersecurity #fido2 #multi-factor-authentication #phishing #totp

Share this article

Still using authenticators for MFA? Software for sale can hack you anyway Ars Technica
Microsoft Warns of Large-Scale Use of Phishing Kits to Send Millions of Emails Daily The Hacker News
DEV-1101 Updates Open Source Phishing Kit Infosecurity Magazine
View Full Coverage on Google News

Reading Insights

Total Reads

Unique Readers

Time Saved

3 min

vs 4 min read

Condensed

88%

780 → 92 words

Want the full story? Read the original article

Read on Ars Technica

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights