Don’t let MFA lull you into complacency. Advanced phishing kits can still slip through.

Before the Thanksgiving holiday, one of our customers alerted us to an Evilginx MITM phishing campaign targeting university students and SSO portals. At least 18 American institutions were targeted.

We tested several approaches for large-scale detection, including analyzing web server fingerprints and HTTP artifacts. However, this proved challenging because Evilginx operates as a proxy between the victim’s browser and the legitimate login page, making its behavior and content nearly indistinguishable from the real site. In the end, we mostly relied on DNS for confirmation and classification.

Here is a short blog about the campaign and actor, including involved domains and IPs.

https://blogs.infoblox.com/threat-intelligence/dns-uncovers-infrastructure-used-in-sso-attacks/

#InfobloxThreatIntel #dns #evilginx #threatintel #threatintelligence #infosec #cybersecurity #cybercrime #infoblox #phishing #mitm #aitm #sso #mfa #university #students #proxy #login

Don’t let MFA lull you into complacency. Advanced phishing kits can still slip through.

Before the Thanksgiving holiday, one of our customers alerted us to an Evilginx MITM phishing campaign targeting university students and SSO portals. At least 18 American institutions were targeted.

We tested several approaches for large-scale detection, including analyzing web server fingerprints and HTTP artifacts. However, this proved challenging because Evilginx operates as a proxy between the victim’s browser and the legitimate login page, making its behavior and content nearly indistinguishable from the real site. In the end, we mostly relied on DNS for confirmation and classification.

Here is a short blog about the campaign and actor, including involved domains and IPs.

https://blogs.infoblox.com/threat-intelligence/dns-uncovers-infrastructure-used-in-sso-attacks/

#InfobloxThreatIntel #dns #evilginx #threatintel #threatintelligence #infosec #cybersecurity #cybercrime #infoblox #phishing #mitm #aitm #sso #mfa #university #students #proxy #login

OpenSSH 10.2 released https://www.undeadly.org/cgi?action=article;sid=20251010131052 #openbsd #openssh #ssh #security #networking #login #trickery #shell #tunneling

OpenSSH 10.2 released https://www.undeadly.org/cgi?action=article;sid=20251010131052 #openbsd #openssh #ssh #security #networking #login #trickery #shell #tunneling

That reminds me to post my favourite welcome screen / authentication desktop background picture.

Free for anyone to use for the porpose of a login screen 🙂

#Wallpaper#Login#Wales

I absolutely hate web services that only offer magic link login through Gmail and don't let me set up my own 2FA. It's surprising how many just take the easy way out and do this.

#UX#Web#WebDev#Websites#Security#Login

I mean, these ain't like in the old days where a few Megabytes got you #Pidgin and other Multi-Protocol Clients of the old days where everyone had to implement bespoke, custom and incompatible and *often completely undocumented, proprietary * protocols like #ICQ, #AIM, #SIPE, etc.

• Nowadays all these do have some kind of #WebApp or Web Interface one can just login (because *none of them do proper #E2EE with #SelfCustody of all the keys!) so this should be way easier these days: All they do is do HTTP(S) GET/POST so the most critical part is to attain credentials like a #Login #cookie and to basically run a console on i.e. #Firefox to reverse-engineer the #API...

Just released: #swad 0.5

swad is the "Simple Web Authentication Daemon", meant to add authentication using a #cookie and a #login form to your reverse proxy. It's designed for #nginx' "auth_request" module. It's written in pure #C with very few external dependencies (zlib, and depending on build options OpenSSL/LibreSSL and #PAM).

And with this release, it also allows guest logins using the crypto puzzle you may already know from #Anubis!

Read more in the release notes, grab the .tar.xz and build/install it 😎

https://github.com/Zirias/swad/releases/tag/v0.5

And here's the "real world" usage 😎

So now I can give ppl a #login for #swad with a monthly changing password to access my #poudriere logs. Hopefully still keeps the #bot hordes out.