Primary Refresh Tokens Aren’t Your Parent’s Browser Token
If you haven’t been paying attention closely enough, a new type of access control token, like a super browser token on steroids, is becoming hackers’ theft target of choice.
MFA
Protect Your Devices: Mobile Phishing Attacks Bypass Desktop Security Measures
Zimperium warns of a surge in phishing attacks specifically tailored for mobile devices. These attacks are designed to evade desktop security measures in order to breach organizations through employees’ smartphones.
Account takeover detection: There’s no single tell
Account takeover (ATO) is one of the most prevalent attack types; Proofpoint says that in 2024, 99% of the customer tenants the company monitors were hit with at least one account takeover attempt, and 62% of the customers experienced at least one that…
IBM Tests Audio-Based Large Language Model to Hijack Live Conversations
With the idea in mind to “audio-jack” a live call-based banking transaction, security researchers were successful in inserting cybercriminal-controlled account details.
Why you need to extend enterprise IT security to the mainframe
Organizations with mainframes face a unique challenge: extending consistency across the entire enterprise, including mainframe environments. The ongoing issue lies in the incompatibility of tools designed for both mainframes and enterprise settings, re…
Cybercrime Group “Scattered Spider” is a Social Engineering Threat
The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have released a joint Cybersecurity Advisory describing the Scattered Spider cybercriminal gang’s activities.
Microsoft Authenticator suppresses suspicious MFA notifications
Microsoft has quietly rolled out a new mechanism that shields users of its mobile Authenticator app from suspicious (and annoying) push notifications triggered by attackers. Preventing attacks relying on MFA fatigue When faced with MFA-protected accoun…
Targeted Social Engineering on the Rise With Lowering Phishing-as-a-Service Costs
Targeted individuals were the most common victims of social engineering attacks in the second half of 2022 and the first half of 2023, according to researchers at AtlasVPN.
Microsoft introduces new access policies in Entra to boost MFA usage
As part of a broader initiative to strengthen security, Microsoft is rolling out Microsoft-managed Conditional Access policies in Entra ID (formerly Azure Active Directory) to increase the use of multifactor authentication (MFA) for enterprise accounts…
Spear Phishing Becomes Most Common Attack Technique in Q3 2023
Spear phishing was the most common attack technique in the third quarter of 2023, according to researchers at ReliaQuest.