More results...
A financially motivated hacking group is targeting Canadian employees with a sophisticated campaign designed to covertly redirect their salary payments into attacker-controlled bank accounts, Microsoft researchers discovered. SEO poisoning and malverti…
Organizations rely on MFA to enforce identity checks before granting access to systems and services. Microsoft has made external MFA generally available in Microsoft Entra ID, expanding support for third-party identity providers. Configure external MFA…
Cofense researchers warn of a phishing scam where attackers use LiveChat to impersonate Amazon and PayPal agents and steal credit card and MFA codes.
Passwords weren’t enough, so we added MFA. Now MFA isn’t enough either. In this Help Net Security video, Karlo Zatylny, CTO/CISO at Portnox, walks through why each layer of identity security has failed and what comes next. SMS codes can be …
Europol and partners dismantle Tycoon 2FA phishing service used to bypass MFA, disrupting a global phishing-as-a-service operation targeting organisations.
Written by Katie Barnett, Director of Cyber Security, and Gavin Wilson, Director of Physical Security and Risk, at Toro SolutionsAfter spending years working with organisations on security, one thing becomes hard to ignore. When something serious …
Phishing-as-a-Service (PhaaS) kits lower the barrier to entry, enabling less-skilled attackers to run large-scale, targeted phishing campaigns that impersonate legitimate services and institutions, according to Barracuda Networks. Phishing kits grow mo…
Security teams know the strain that comes from tightening authentication controls while keeping users productive. A new report from Okta suggests this strain is easing. Stronger authentication methods are gaining traction, and many of them let users mo…
Customer identity has become one of the most brittle parts of the enterprise security stack. Teams know authentication matters, but organizations keep using methods that frustrate users and increase risk. New research from Descope shows how companies m…
Many organizations still rely on weak authentication methods while workers’ personal habits create additional risks, according to Yubico. Training and policy gaps 40% of employees said they have never received cybersecurity training. Even among those w…