Hachyderm @hachyderm

11 posts11 participants1 post today

**Habr** @habr@zhub.link · 3h

[Перевод] OpenAM и Zero Trust: Подтверждение критичных операций

Один из принципов нулевого доверия гласит: никогда не доверяй, всегда проверяй (Never trust, always verify). В этой статье мы рассмотрим, как реализовать соблюдение такого принципа в системе аутентификации на примере продуктов с открытым исходным кодом OpenAM и OpenIG .

https://habr.com/ru/articles/905824/

ХабрOpenAM и Zero Trust: Подтверждение критичных операцийВведение Один из принципов нулевого доверия гласит: никогда не доверяй, всегда проверяй (Never trust, always verify). В этой статье мы рассмотрим, как реализовать соблюдение такого принципа в системе...

#openam #zero_trust #openig

**Open Genova APS** @opengenova@mastodon.uno · 1d

Open Genova APS @opengenova@mastodon.uno

In questa #newsletter parliamo di:
#Virale vuol dire ancora qualcosa?
Buon World #Password Day! Tra #MIT, #Hacker, #Infostealer e #MFA. Perchè sono così vulnerabili
Perché #Tiktok ha preso una multa da mezzo miliardo in #Europa
#Meta lancia la sua app #IA personale: un assistente vocale che può fare anche da #social
#AI, come le #BigTech indeboliscono il codice di buone pratiche europeo

@informatica

https://bit.ly/3GFpP6w

Da zero a digital · 1d🚀 Da zero a digital » Newsletter n° 109By Open Genova APS

**Paul Puschmann** @paule@ieji.de · 2d

Paul Puschmann @paule@ieji.de

Windows-Bashing

**PrivacyDigest** @PrivacyDigest@mas.to · 2d

PrivacyDigest @PrivacyDigest@mas.to

#Phishing attacks that defeat #MFA are easier than ever. So what are we to do?
#privacy #2fa #security

https://arstechnica.com/security/2025/05/phishing-attacks-that-defeat-mfa-are-easier-than-ever-so-what-are-we-to-do/

Ars Technica · 3dWhy MFA is getting easier to bypass and what to do about itBy Dan Goodin

**The New Oil** @thenewoil@mastodon.thenewoil.org · 2d

The New Oil @thenewoil@mastodon.thenewoil.org

Why #MFA is getting easer to bypass and what to do about it

https://arstechnica.com/security/2025/05/phishing-attacks-that-defeat-mfa-are-easier-than-ever-so-what-are-we-to-do/

Ars Technica · 3dWhy MFA is getting easier to bypass and what to do about itBy Dan Goodin

#cybersecurity #2FA

**.:. brainsik** @brainsik · 2d

.:. brainsik @brainsik

When using #passkeys I experience one of these 3 behaviors:

1. Immediately logged in (even if #MFA is enabled)
2. I’m prompted for an MFA token
3. I’m only asked for my passkey after I’ve entered some amount of other information. Possibly just and email or phone number or sometimes my full login/password where the passkey is acting as an MFA token.

Would be nice if this was consistent. Feels like rolling UX dice every time.

**ax6761** @ax6761@freeradical.zone · 2d *

2d *

ax6761 @ax6761@freeradical.zone

Why #MFA is getting easier to bypass and what to do about it: Why #multiFactorAuthentication based on one-time passwords and push notifications fails, 20250501,
by Dan G,
https://arstechnica.com/security/2025/05/phishing-attacks-that-defeat-mfa-are-easier-than-ever-so-what-are-we-to-do/

— mentioned #passkey, #webAuthn

Ars Technica · 3dWhy MFA is getting easier to bypass and what to do about itBy Dan Goodin

#phishing

**IT News** @itnewsbot@schleuss.online · 3d

IT News @itnewsbot@schleuss.online

Why MFA is getting easer to bypass and what to do about it - An entire cottage industry has formed around phishing attacks that bypass ... - https://arstechnica.com/security/2025/05/phishing-attacks-that-defeat-mfa-are-easier-than-ever-so-what-are-we-to-do/ #multifactorauthentication #passwords #security #phishing #webauthn #biz⁢ #mfa

Ars Technica · 3dWhy MFA is getting easier to bypass and what to do about itBy Dan Goodin

**ITSEC News** @itsecbot@schleuss.online · 3d

ITSEC News @itsecbot@schleuss.online

State-of-the-art phishing: MFA bypass - Cybercriminals are bypassing multi-factor authentication (MFA) using adversary-in-the-mid... https://blog.talosintelligence.com/state-of-the-art-phishing-mfa-bypass/ #ontheradar #phishing #mfa

Cisco Talos Blog · 4dState-of-the-art phishing: MFA bypassThreat actors are bypassing MFA with adversary-in-the-middle attacks via reverse proxies. Phishing-as-a-Service tools like Evilproxy make these threats harder to detect.

**ole skovgaard** @TheCentralScrutinizer@pixelfed.social · 5d

ole skovgaard @TheCentralScrutinizer@pixelfed.social

Great work by Kristoffer Bech at the MFA Degree Show 2025, The Royal Danish Academy of Fine Arts, Charlottenborg, Copenhagen
#art #painting #artwork #contemporary #fediart #artcollector #MFA #Bech

#bech

**Jonas Lejon** @jonasl@infosec.exchange · 5d

Jonas Lejon @jonasl@infosec.exchange

Verizon DBIR 2025: Ökande hot och trender i cybersäkerhet -Cybersäkerhet och IT-säkerhet

Läs mer på bloggen: https://kryptera.se/verizon-dbir-2025-okande-hot-och-trender-i-cybersakerhet/

Cybersäkerhet och IT-säkerhet · 5dVerizon DBIR 2025: Ökande hot och trender i cybersäkerhet • Cybersäkerhet och IT-säkerhetVarje år sedan 2008 släpper den amerikanska telekomjätten Verizon sin Data Breach Investigations Report (DBIR). Rapporten kommer ut en gång om året och analyserar tiotusentals attacker från hela världen för att ge organisationer en bättre insikt av aktuella cyberhot. Årets rapport analyserat ca 22 000 incidenter och 12 195 bekräftade dataintrång från 139 länder. Trenden […]

#cybersäkerhet #informationssäkerhet #ITsäkerhet

**Heals** @heals@indiepocalypse.social · Apr 27

Apr 27

Heals @heals@indiepocalypse.social

Well.. things you do in Hospitals.
Just a little cutter knife here and super glue there and.. my phone now carries a YubiCat5c security dongle.

A Yubikey 5c nano, fitted into the USB-C port of my iPhone. The top of a previous USB-C dust cover is now superglued to its top and the whole is connected to a little cat shaped pendant and secured my a zip line to the side of the phone case.

A Yubikey 5c nano, to which the top of a previous USB-C dust cover is now superglued and the whole is connected to a little cat shaped pendant and secured by a zip line to the side of the phone case.

#yubikey5 #yubikey #mfa

**ZeroDaily** @zerodaily@infosec.exchange · Apr 26

Apr 26

ZeroDaily @zerodaily@infosec.exchange

New threat alert! SessionShark phishing kit can bypass Microsoft Office 365 MFA, stealing session tokens and putting your cloud accounts at risk. Stay ahead of attackers—discover how to defend your org now.

Learn more: https://zerodaily.me/blog/2025-04-26-microsoft-office-365-mfa-bypassed-by-sessionshark-phishing-kit

ZeroDaily - Cybersecurity News · Apr 26Microsoft Office 365 MFA Bypassed by SessionShark Phishing KitSecurity researchers have discovered SessionShark, a phishing-as-a-service toolkit that can bypass Microsoft Office 365 MFA by stealing session tokens, highlighting new risks for organizations relying on multi-factor authentication.

#CyberSecurity #Phishing #Office365

Replied in thread

**Kobold** @kobold@social.troll.academy · Apr 24

Apr 24

Kobold @kobold@social.troll.academy

@GossiTheDog I just logged into #snowflake, no MFA required.
Did #snowflake force legacy instances to use #mfa? Do you know?

**The Ukrainian Tribune** @uatribune@mastodon.social · Apr 23

Apr 23

The Ukrainian Tribune @uatribune@mastodon.social

Ukraine’s MFA handed the ambassador evidence of the Chinese involvement in the military production in russia

#Beijing #China #MFA #russia #Ukraine #war

https://uatribune.com/en/ukraine-s-mfa-handed-ambassador-evidence-of-the-chinese-involvement-in-the-military-production-in-russia/

**The DefendOps Diaries** @defendopsdiaries@infosec.exchange · Apr 23

Apr 23

The DefendOps Diaries @defendopsdiaries@infosec.exchange

Phishing isn't what it used to be—attackers are now using dynamic sites that dodge multi-factor security in real time. Can your defenses keep up with this next-level identity theft?

https://thedefendopsdiaries.com/the-evolution-of-phishing-attacks-from-links-to-identity-theft/

#phishingattacks
#identitytheft
#cybersecurity
#mfa
#realtimedetection

**Merill Fernando** @merill@infosec.exchange · Apr 22

Apr 22

Merill Fernando @merill@infosec.exchange

PSA: FAKE Microsoft Authenticator apps are flooding the App Store & Play Store!

Protect your users!

ONLY send them to the official download link

Bookmark this! Update your user guides & intranet NOW. RT to spread the word!

#CyberSecurity #MFA

↓

Linking to page aka.ms/GetMicrosoftAuthenticator

**ole skovgaard** @TheCentralScrutinizer@pixelfed.social · Apr 22

Apr 22

ole skovgaard @TheCentralScrutinizer@pixelfed.social

Great work by Kristoffer Bech at the MFA Degree Show 2025, The Royal Danish Academy of Fine Arts, Charlottenborg, Copenhagen
#art #painting #artwork #contemporary #fediart #artcollector #MFA #Bech

#bech

**Samuel Smith** @Jirikiha@mastodon.cloud · Apr 21

Apr 21

Samuel Smith @Jirikiha@mastodon.cloud

Someone wants in.
I got a request on my #MFA app when I wasn't logging in, so denied the request. But, if I got an MFA request, that means they have my password.
Gotta love MFA! It saves you from most breached password attacks.
Password is now updated--and longer--so I should be good until the next breach.

#MFAEverything for #Security!

Multifactor authentication screen showing repeated unsuccessful login attempts.

**Alan K. Martinez** @akmartinez@infosec.exchange · Apr 21

Apr 21

Alan K. Martinez @akmartinez@infosec.exchange

I think it's interesting that RSA Conference doesn't offer MFA when creating an account and signing in.

I know it's only a conference but...

#rsa #RSAConference2025 #mfa

Recent searches

Search options

Administered by:

Server stats:

#mfa