“Someone can take 77 GB of flight maintenance data with a three-year-old password. That's not ‘hacked’ security; that’s ignored security.”
#MFA Failure Enables Infostealer Breach At 50 Enterprises
#cybersecurity
https://www.infosecurity-magazine.com/news/mfa-failure-infostealer-breach-50/
Looking for a source or the exact wording
Recently I read a post describing Multi Factor Authentication #mfa as (tongue in cheek)
Did anyone have a source?
#cybersecurity
“Someone can take 77 GB of flight maintenance data with a three-year-old password. That's not ‘hacked’ security; that’s ignored security.”
#MFA Failure Enables Infostealer Breach At 50 Enterprises
#cybersecurity
https://www.infosecurity-magazine.com/news/mfa-failure-infostealer-breach-50/
Hey y'all 👋 I'm Emily, but friends call me Em — spelled like the dash! Guess it's time for an #intro post.
I'm a software engineer by day, and I lead a team working at the intersection of digital identity and usability.
Functionally, this means I grew up playing around in Macromedia Fireworks and learning to make websites with the middle school librarian, and nowadays I know far too much about #SAML, #MFA, #OIDC, #Passkeys, and go to lots of meetings 😮💨
I love music (playing or listening), photography, and getting outdoors! Teaching makes me incredibly happy.
I'm also a diehard #avgeek, licensed #amateurradio operator, uhhhh, I know a lot about transit busses? Tell me about your special interests plz!
Currently learning C++ because I'm insane, and learning to draw with #Krita because it makes me happy.
Hey y'all 👋 I'm Emily, but friends call me Em — spelled like the dash! Guess it's time for an #intro post.
I'm a software engineer by day, and I lead a team working at the intersection of digital identity and usability.
Functionally, this means I grew up playing around in Macromedia Fireworks and learning to make websites with the middle school librarian, and nowadays I know far too much about #SAML, #MFA, #OIDC, #Passkeys, and go to lots of meetings 😮💨
I love music (playing or listening), photography, and getting outdoors! Teaching makes me incredibly happy.
I'm also a diehard #avgeek, licensed #amateurradio operator, uhhhh, I know a lot about transit busses? Tell me about your special interests plz!
Currently learning C++ because I'm insane, and learning to draw with #Krita because it makes me happy.
Don’t let MFA lull you into complacency. Advanced phishing kits can still slip through.
Before the Thanksgiving holiday, one of our customers alerted us to an Evilginx MITM phishing campaign targeting university students and SSO portals. At least 18 American institutions were targeted.
We tested several approaches for large-scale detection, including analyzing web server fingerprints and HTTP artifacts. However, this proved challenging because Evilginx operates as a proxy between the victim’s browser and the legitimate login page, making its behavior and content nearly indistinguishable from the real site. In the end, we mostly relied on DNS for confirmation and classification.
Here is a short blog about the campaign and actor, including involved domains and IPs.
https://blogs.infoblox.com/threat-intelligence/dns-uncovers-infrastructure-used-in-sso-attacks/
#InfobloxThreatIntel #dns #evilginx #threatintel #threatintelligence #infosec #cybersecurity #cybercrime #infoblox #phishing #mitm #aitm #sso #mfa #university #students #proxy #login
Don’t let MFA lull you into complacency. Advanced phishing kits can still slip through.
Before the Thanksgiving holiday, one of our customers alerted us to an Evilginx MITM phishing campaign targeting university students and SSO portals. At least 18 American institutions were targeted.
We tested several approaches for large-scale detection, including analyzing web server fingerprints and HTTP artifacts. However, this proved challenging because Evilginx operates as a proxy between the victim’s browser and the legitimate login page, making its behavior and content nearly indistinguishable from the real site. In the end, we mostly relied on DNS for confirmation and classification.
Here is a short blog about the campaign and actor, including involved domains and IPs.
https://blogs.infoblox.com/threat-intelligence/dns-uncovers-infrastructure-used-in-sso-attacks/
#InfobloxThreatIntel #dns #evilginx #threatintel #threatintelligence #infosec #cybersecurity #cybercrime #infoblox #phishing #mitm #aitm #sso #mfa #university #students #proxy #login
#TheCrux thanks @daedalus for writing this down it annoys me to no end 😬
"We are told to use multi-factor authentication, yet implementing #MFA is the responsibility of the large vendors that collect our information. We are told not to give out sensitive information to strangers, yet we are compelled, often by law, to provide sensitive information to firms that are routinely breached by teenagers ringing their helpdesk and being given admin access. Where’s their use of MFA, by the way?"
#TheCrux thanks @daedalus for writing this down it annoys me to no end 😬
"We are told to use multi-factor authentication, yet implementing #MFA is the responsibility of the large vendors that collect our information. We are told not to give out sensitive information to strangers, yet we are compelled, often by law, to provide sensitive information to firms that are routinely breached by teenagers ringing their helpdesk and being given admin access. Where’s their use of MFA, by the way?"
@iMeddles the problem is not the nature of any of the authentication devices but rather the fact that you're losing the multi in multi-factor authentication.
With multi-factor authentication, if someone steals my security key, they still need to guess my #passwords. If someone cracks my passwords, they still need to get their hands on my key.
With #passkeys, this is no longer true and all your authentication and identity is rolled into one device that if compromised, compromises everything. #MFA
Hey @bitwarden you are being misleading and it's making us sad.
Your website currently has a misleading link (and its affecting us being able to recommend ur tools).
Your dedicated Authentor app on the "Bitwarden Authenticator' page, has a Download it today button at the top of the page > That SHOULD take folks to the Authenticator download links (like at the bottom of the page), but instead it takes people to download the FULL Bitwarden Password Manager software.
Currently we're having to recommend folks use an alternative service as this is coming across as sneaky and dirty tactics. Really hoping it was unintentional. Regardless, pls fix so that this link takes ppl to download the tool they are expecting.
We were hoping to recommend ur service at our upcoming Digital Lounges, but we only endorse the most ethical open providers and stuff like this is the stuff the community notices.
#BItwarden #AuthenticatorApp #MFA #2FA #Authentication #Misleading #MisleadingCopy #Marketing #BigTech #FOSS
🆕 blog! “Some minor bugs in Proton's new Authenticator app”
I maintain a a test-suite for TOTP codes. It contains a bunch of codes which adhere to the specification, some of which stretch it to breaking point, and some that are completely invalid. These codes are a good starting point for checking whether a 2FA / MFA app works correctly.
Proton …
👀 Read more: https://shkspr.mobi/blog/2025/08/some-minor-bugs-in-protons-new-authenticator-app/
⸻
#2fa#CyberSecurity#MFA#Proton #totp
🆕 blog! “Some minor bugs in Proton's new Authenticator app”
I maintain a a test-suite for TOTP codes. It contains a bunch of codes which adhere to the specification, some of which stretch it to breaking point, and some that are completely invalid. These codes are a good starting point for checking whether a 2FA / MFA app works correctly.
Proton …
👀 Read more: https://shkspr.mobi/blog/2025/08/some-minor-bugs-in-protons-new-authenticator-app/
⸻
#2fa#CyberSecurity#MFA#Proton #totp
What is your favorite app for
Multifactor Authentication, and why do you like it most? 2️⃣✌️👀
Quite a cool little song about MFA (2FA) 😎
