#mfa

6 post4 partecipanti0 post oggi

The Ukrainian TribuneUkraine’s MFA handed the ambassador evidence of the Chinese involvement in the military production in russia<a href="https://mastodon.social/tags/Beijing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Beijing</a> <a href="https://mastodon.social/tags/China" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#China</a> <a href="https://mastodon.social/tags/MFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MFA</a> <a href="https://mastodon.social/tags/russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#russia</a> <a href="https://mastodon.social/tags/Ukraine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ukraine</a> <a href="https://mastodon.social/tags/war" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#war</a><a href="https://uatribune.com/en/ukraine-s-mfa-handed-ambassador-evidence-of-the-chinese-involvement-in-the-military-production-in-russia/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://uatribune.com/en/ukraine-s-mfa-handed-ambassador-evidence-of-the-chinese-involvement-in-the-military-production-in-russia/</a>

Merill Fernando :verified: :donor:🚨 PSA: FAKE Microsoft Authenticator apps are flooding the App Store & Play Store! ⚠️Protect your users! ONLY send them to the official download link 👇Bookmark this! Update your user guides & intranet NOW. RT to spread the word!<a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/MFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MFA</a>🧵↓

Terence Eden’s BlogThat's Not How A SIM Swap Attack Works<a href="https://shkspr.mobi/blog/2025/04/thats-not-how-a-sim-swap-attack-works/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://shkspr.mobi/blog/2025/04/thats-not-how-a-sim-swap-attack-works/</a>There's <a href="https://www.theguardian.com/money/2025/apr/15/ee-was-unapologetic-after-i-tried-to-stop-a-sim-swap" rel="nofollow noopener noreferrer" target="_blank">a disturbing article in The Guardian</a> about a person who was on the receiving end of a successful cybersecurity attack.<blockquote>EE texted to say they had processed my sim activation request, and the new sim would be active in 24 hours. I was told to contact them if I hadn’t requested this. I hadn’t, so I did so immediately. Twenty-four hours later, my mobile stopped working and money was withdrawn from my bank account.With their alien sim, the fraudster infiltrated my handset and stole details for every account I had. Passwords and logins had been changed for my finance, retail and some social media accounts. </blockquote>(Emphasis added.)I realise it is in the consumer rights section of the newspaper, not the technology section, and I dare-say some editorialising has gone on, but that's nonsense.Here's how a SIM swap works.<ol><li>Attacker convinces your phone company to reassign your telephone number to a new SIM.</li><li>Attacker goes to a website where you have an account, and initiates a password reset.</li><li>Website sends a verification code to your phone number, which is now in the hands of the attacker.</li><li>Attacker supplies verification code and gets into your account.</li></ol>Do you notice the missing step there?At no point does the attacker "infiltrate" your handset. Your handset is still in your possession. The SIM is dead, but that doesn't give the attacker access to the phone itself. There is simply no way for someone to put a new SIM into their phone and automatically get access to your device.Try it now. Take your SIM out of your phone and put it into a new one. Do all of your apps suddenly appear? Are your usernames and passwords visible to you? No.There are ways to transfer your data from an <a href="https://support.apple.com/en-gb/HT210216" rel="nofollow noopener noreferrer" target="_blank">iPhone</a> or <a href="https://support.google.com/android/answer/13761358?hl=en" rel="nofollow noopener noreferrer" target="_blank">Android</a> - but they require a lot more work than swapping a SIM.So how did the attacker know which websites to target and what username to use?What (Probably) HappenedLet's assume the person in the article didn't have malware on their device and hadn't handed over all their details to a cold caller.The most obvious answer is that the attacker already knew the victim's email address. Maybe the victim gave out their phone number and email to some dodgy site, or they're listed on their contact page, or something like that.The attacker now has two routes.First is "hit and hope". They try the email address on hundreds of popular sites' password reset page until they get a match. That's time-consuming given the vast volume of websites.Second is targetting your email. If the attacker can get into your email, they can see which sites you use, who your bank is, and where you shop. They can target those specific sites, perform a password reset, and get your details.I strongly suspect it is the latter which has happened. The swapped SIM was used to reset the victim's email password. Once in the email, all the accounts were easily found. At no point was the handset broken into.What can I do to protect myself?It is important to realise that <a href="https://shkspr.mobi/blog/2024/03/theres-nothing-you-can-do-to-prevent-a-sim-swap-attack/" rel="nofollow noopener noreferrer" target="_blank">there's nothing you can do to prevent a SIM-swap attack</a>! Your phone company is probably incompetent and their staff can easily be bribed. You do not control your phone number. If you get hit by a SIM swap, it almost certainly isn't your fault.So here are some practical steps anyone can take to reduce the likelihood and effectiveness of this class of attack:<ul><li>Remember that <a href="https://shkspr.mobi/blog/2020/03/its-ok-to-lie-to-wifi-providers/" rel="nofollow noopener noreferrer" target="_blank">it's OK to lie to WiFi providers</a> and other people who ask for your details. You don't need to give someone your email for a receipt. You don't need to hand over your real phone number on a survey. This is the most important thing you can do.</li><li>Try to hack yourself. How easy would it be for an attacker who had stolen your phone number to also steal your email address? Open up a private browser window and try to reset your email password. What do you notice? How could you secure yourself better?</li><li>Don't use SMS for two-factor authentication. If you are given a choice of 2FA methods, use a dedicated app. If the only option you're given is SMS - contact the company to complain, or leave for a different provider.</li><li>Don't rely on a <a href="https://bsky.app/profile/scientits.bsky.social/post/3lmz2zaxkf22k" rel="nofollow noopener noreferrer" target="_blank">setting a PIN for your SIM</a>. The PIN only protects the physical SIM from being moved to a new device; it does nothing to stop your number being ported to a new SIM.</li><li>Finally, realise that professional criminals only need to be lucky once but you need to be lucky all the time.</li></ul>Stay safe out there.<a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://shkspr.mobi/blog/tag/2fa/" target="_blank">#2fa</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://shkspr.mobi/blog/tag/cybersecurity/" target="_blank">#CyberSecurity</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://shkspr.mobi/blog/tag/mfa/" target="_blank">#MFA</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://shkspr.mobi/blog/tag/security/" target="_blank">#security</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://shkspr.mobi/blog/tag/sim/" target="_blank">#sim</a>

LavX NewsSurge in Infostealer Attacks: How to Fortify Your CybersecurityIn a startling revelation, IBM X-Force reports an 84% rise in infostealer malware, signaling a shift in cybercriminal tactics from ransomware to data theft. This article explores the implications of t...<a href="https://news.lavx.hu/article/surge-in-infostealer-attacks-how-to-fortify-your-cybersecurity" rel="nofollow noopener noreferrer" target="_blank">https://news.lavx.hu/article/surge-in-infostealer-attacks-how-to-fortify-your-cybersecurity</a><a href="https://mastodon.cloud/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#news</a> <a href="https://mastodon.cloud/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tech</a> <a href="https://mastodon.cloud/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://mastodon.cloud/tags/MFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MFA</a> <a href="https://mastodon.cloud/tags/Infostealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infostealer</a>

Mr. E. Grey SealeTesting a theory. Did you sign-on with <a href="https://mastodon.ie/tags/microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#microsoft</a> <a href="https://mastodon.ie/tags/MicrosoftEntra" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MicrosoftEntra</a> ID today? When prompted for <a href="https://mastodon.ie/tags/mfa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mfa</a> was the code 97 or 99?

TRANSIENCENew <a href="https://mastodon.social/@transience_project" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@transience_project</a> publication!!Our colleagues from <a href="https://xn--baw-joa.social/@FraunhoferISI" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@FraunhoferISI</a> have integrated <a href="https://mastodon.social/tags/MFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MFA</a> (Material Flow Analysis) with the industry model <a href="https://mastodon.social/tags/FORECAST" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FORECAST</a> to quantify the impact of broad <a href="https://mastodon.social/tags/CircularEconomy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CircularEconomy</a> actions in buildings on the decarbonisation of the EU industry!📝Read the paper <a href="https://mastodon.social/tags/open" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#open</a> access 👇 <a href="https://www.sciencedirect.com/science/article/pii/S0921344925001855?via%3Dihub" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.sciencedirect.com/science/article/pii/S0921344925001855?via%3Dihub</a>With <a href="https://respublicae.eu/@EU_HaDEA" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@EU_HaDEA</a> and <a href="https://mastodon.social/tags/P4Planet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#P4Planet</a><a href="https://mastodon.social/tags/transience" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#transience</a> <a href="https://mastodon.social/tags/industry4netzero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#industry4netzero</a>

Bytes EuropePixalate’s March 2025 Netherlands Publisher Rankings for <a href="https://www.byteseu.com/915151/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.byteseu.com/915151/</a> <a href="https://pubeurope.com/tags/AdQuality" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AdQuality</a> <a href="https://pubeurope.com/tags/CTV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CTV</a> <a href="https://pubeurope.com/tags/MFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MFA</a> <a href="https://pubeurope.com/tags/MobileApps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MobileApps</a> <a href="https://pubeurope.com/tags/Netherlands" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Netherlands</a> <a href="https://pubeurope.com/tags/Pixalate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Pixalate</a> <a href="https://pubeurope.com/tags/ProgrammaticAds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ProgrammaticAds</a> <a href="https://pubeurope.com/tags/reports" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#reports</a> <a href="https://pubeurope.com/tags/websites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#websites</a>

Pyrzout :vm:Russia’s Storm-2372 Hits Orgs with MFA Bypass via Device Code Phishing – Source:hackread.com <a href="https://ciso2ciso.com/russias-storm-2372-hits-orgs-with-mfa-bypass-via-device-code-phishing-sourcehackread-com/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://ciso2ciso.com/russias-storm-2372-hits-orgs-with-mfa-bypass-via-device-code-phishing-sourcehackread-com/</a> <a href="https://social.skynetcloud.site/tags/1CyberSecurityNewsPost" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#1CyberSecurityNewsPost</a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurityNews</a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://social.skynetcloud.site/tags/CyberAttacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberAttacks</a> <a href="https://social.skynetcloud.site/tags/PhishingScam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PhishingScam</a> <a href="https://social.skynetcloud.site/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberAttack</a> <a href="https://social.skynetcloud.site/tags/Storm2372" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Storm2372</a> <a href="https://social.skynetcloud.site/tags/Hackread" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Hackread</a> <a href="https://social.skynetcloud.site/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://social.skynetcloud.site/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://social.skynetcloud.site/tags/SOCRadar" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SOCRadar</a> <a href="https://social.skynetcloud.site/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Russia</a> <a href="https://social.skynetcloud.site/tags/Scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Scam</a> <a href="https://social.skynetcloud.site/tags/MFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MFA</a>

0xKaishakuninFinally! 7 Factor Authentication! <a href="https://mastodon.social/tags/mfa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mfa</a> <a href="https://mastodon.social/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passkey</a> <a href="https://mastodon.social/tags/iam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iam</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a>

Hackread.comNEW: 🚨 Russian APT Storm-2372 is using device code phishing to bypass <a href="https://mstdn.social/tags/MFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MFA</a> in attacks against organisations in Europe and the US.Read: <a href="https://hackread.com/russia-storm-2372-hit-mfa-bypass-device-code-phishing/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://hackread.com/russia-storm-2372-hit-mfa-bypass-device-code-phishing/</a><a href="https://mstdn.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://mstdn.social/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberAttack</a> <a href="https://mstdn.social/tags/Storm2372" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Storm2372</a> <a href="https://mstdn.social/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Russia</a>

Pyrzout :vm:Russia’s Storm-2372 Hits Orgs with MFA Bypass via Device Code Phishing <a href="https://hackread.com/russia-storm-2372-hit-mfa-bypass-device-code-phishing/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://hackread.com/russia-storm-2372-hit-mfa-bypass-device-code-phishing/</a> <a href="https://social.skynetcloud.site/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://social.skynetcloud.site/tags/CyberAttacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberAttacks</a> <a href="https://social.skynetcloud.site/tags/PhishingScam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PhishingScam</a> <a href="https://social.skynetcloud.site/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberAttack</a> <a href="https://social.skynetcloud.site/tags/Storm2372" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Storm2372</a> <a href="https://social.skynetcloud.site/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Security</a> <a href="https://social.skynetcloud.site/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://social.skynetcloud.site/tags/SOCRadar" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SOCRadar</a> <a href="https://social.skynetcloud.site/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Russia</a> <a href="https://social.skynetcloud.site/tags/Scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Scam</a> <a href="https://social.skynetcloud.site/tags/MFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MFA</a>

Terence Eden’s BlogFobCam '25 - All my MFA tokens on one page<a href="https://shkspr.mobi/blog/2025/04/fobcam-25-all-my-mfa-tokens-on-one-page/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://shkspr.mobi/blog/2025/04/fobcam-25-all-my-mfa-tokens-on-one-page/</a>Some ideas are timeless. Back in 2004, an anonymous genius set up "<a href="https://web.archive.org/web/20060215092922/http://fob.webhop.net/" rel="nofollow noopener noreferrer" target="_blank">FobCam</a>". Tired of having to carry around an RSA SecurID token everywhere, our hero simply left the fob at home with an early webcam pointing at it. And then left the page open for all to see.Security expert Bruce Schneier approved0 of this trade-off between security and usability - saying what we're all thinking:<blockquote>Here’s a guy who has a webcam pointing at his SecurID token, so he doesn’t have to remember to carry it around. Here’s the strange thing: unless you know who the webpage belongs to, it’s still good security. <a href="https://www.schneier.com/crypto-gram/archives/2004/0815.html#:~:text=webcam" rel="nofollow noopener noreferrer" target="_blank">Crypto-Gram - August 15, 2004</a></blockquote>Nowadays, we have to carry dozens of these tokens with us. Although, unlike the poor schmucks of 2004, we have an app for that. But I don't always have access to my phone. Sometimes I'm in a secure location where I can't access my electronics. Sometimes my phone gets stolen, and I need to log into Facebook to whinge about it. Sometimes I just can't be bothered to remember which fingerprint unlocks my phone1.Using the <a href="https://shkspr.mobi/blog/2025/03/using-the-web-crypto-api-to-generate-totp-codes-in-javascript-without-3rd-party-libraries/" rel="nofollow noopener noreferrer" target="_blank">Web Crypto API, it is easy to Generate TOTP Codes in JavaScript directly in the browser</a>. So here are all my important MFA tokens. If I ever need to log in somewhere, I can just visit this page and grab the code I need2.All My Important CodesWhat The Actual Fuck?A 2007 paper called <a href="https://cups.cs.cmu.edu/soups/2007/proceedings/p64_bauer.pdf" rel="nofollow noopener noreferrer" target="_blank">Lessons learned from the deployment of a smartphone-based access-control system</a> looked at whether fobs met the needs of their users:<blockquote> However, we observed that end users tend to be most concerned about how convenient [fobs] are to use. There are many examples of end users of widely used access-control technologies readily sacrificing security for convenience. For example, it is well known that users often write their passwords on post-it notes and stick them to their computer monitors. Other users are more inventive: a good example is the user who pointed a webcam at his fob and published the image online so he would not have to carry the fob around.</blockquote>As for Schneier's suggestion that anonymity added protection, a contemporary report noted that <a href="https://www.schneier.com/crypto-gram/archives/2004/0915.html#:~:text=Fobcam" rel="nofollow noopener noreferrer" target="_blank">the owner of the FobCam site was trivial to identify</a>3.Every security system involves trade-offs. I have a password manager, but with over a thousand passwords in it, the process of navigating and maintaining becomes a burden. <a href="https://shkspr.mobi/blog/2020/08/i-have-4-2fa-coverage/" rel="nofollow noopener noreferrer" target="_blank">The number of 2FA tokens I have is also rising</a>. All of these security factors need backing up. Those back-ups need testing4. It is an endless cycle of drudgery.What's a rational user supposed to do5? I suppose I could buy a couple of hardware keys, keep one in an off-site location, but somehow keep both in sync, and hope that a firmware-update doesn't brick them.Should I just upload all of my passwords, tokens, secrets, recovery codes, passkeys, and biometrics6 into the cloud?The cloud is just someone else's computer. This website is my computer. So I'm going to upload all my factors here. What's the worst that could happen7. <ol start="0"><li>🫠 ↩︎</li><li>🖕 ↩︎</li><li>🙃 ↩︎</li><li>The neologism "doxing" hadn't yet been invented. ↩︎</li><li>As was written by the prophets: "<a href="https://lkml.iu.edu/hypermail/linux/kernel/9607.2/0292.html" rel="nofollow noopener noreferrer" target="_blank">Only wimps use tape backup: real men just upload their important stuff on ftp, and let the rest of the world mirror it</a>" ↩︎</li><li>I in no way imply that I am rational. ↩︎</li><li>Just one more factor, that'll fix security, just gotta add one more factor bro. ↩︎</li><li>This is left as an exercise for the reader. ↩︎</li></ol> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://shkspr.mobi/blog/tag/2fa/" target="_blank">#2fa</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://shkspr.mobi/blog/tag/cybersecurity/" target="_blank">#CyberSecurity</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://shkspr.mobi/blog/tag/mfa/" target="_blank">#MFA</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://shkspr.mobi/blog/tag/satire-probably/" target="_blank">#SatireProbably_</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://shkspr.mobi/blog/tag/security/" target="_blank">#security</a>

Landesärztekammer BWWie sollte die Aus- und Fortbildung für Medizinische Fachangestellte (<a href="https://xn--baw-joa.social/tags/MFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MFA</a>) zukünftig aussehen? Denn die Arbeitswelt ist im Wandel und Berufsanforderungen ändern sich. Eine Online-<a href="https://xn--baw-joa.social/tags/Umfrage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Umfrage</a>, an der die MFA sowie <a href="https://xn--baw-joa.social/tags/%C3%84rztinnen" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ärztinnen</a> und <a href="https://xn--baw-joa.social/tags/%C3%84rzte" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ärzte</a> teilnehmen können, will genau dies ermitteln. Die Ärztekammer <a href="https://xn--baw-joa.social/tags/BW" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BW</a> unterstützt das Vorhaben. Mehr Infos: <a href="https://www.aerztekammer-bw.de/online-umfrage-zum-mfa-beruf-34112363f96f9097" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.aerztekammer-bw.de/online-umfrage-zum-mfa-beruf-34112363f96f9097</a> -- Bild: © Adobe Stock / Pixel-Shot <a href="https://xn--baw-joa.social/tags/stuttgart" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#stuttgart</a> <a href="https://xn--baw-joa.social/tags/%C3%A4rzteschaft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ärzteschaft</a> <a href="https://xn--baw-joa.social/tags/%C3%A4rztin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ärztin</a> <a href="https://xn--baw-joa.social/tags/arzt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#arzt</a> <a href="https://xn--baw-joa.social/tags/%C3%A4rztekammer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ärztekammer</a> <a href="https://xn--baw-joa.social/tags/badenw%C3%BCrttemberg" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#badenwürttemberg</a>

cacu👉🏽 Beyond the Hook: A Technical Deep Dive into Modern Phishing Methodologies 👈🏽 <a href="https://blog.quarkslab.com/technical-dive-into-modern-phishing.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blog.quarkslab.com/technical-dive-into-modern-phishing.html</a>A technical exploration of modern phishing tactics, from basic HTML pages to advanced MFA-bypassing techniques, with analysis of infrastructure setup and delivery methods used by phishers in 2025.<a href="https://todon.nl/tags/pishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pishing</a> <a href="https://todon.nl/tags/MFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MFA</a> <a href="https://todon.nl/tags/2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#2FA</a> <a href="https://todon.nl/tags/maliciousinfrastructure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#maliciousinfrastructure</a> <a href="https://todon.nl/tags/maliciousemal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#maliciousemal</a> <a href="https://todon.nl/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#redteam</a>

Landesärztekammer BWWie lässt sich das Berufsbild der Medizinischen Fachangestellten (<a href="https://xn--baw-joa.social/tags/MFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MFA</a>) skizzieren? Was gibt es bei der Aus- und <a href="https://xn--baw-joa.social/tags/Weiterbildung" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Weiterbildung</a> zu beachten? Und wie kann die <a href="https://xn--baw-joa.social/tags/Fachkr%C3%A4ftesicherung" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Fachkräftesicherung</a> in angespannten Zeiten wie diesen gelingen? – Unter anderem darum ging es beim berufskundlichen Austausch zwischen der Ärztekammer <a href="https://xn--baw-joa.social/tags/BW" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BW</a> und Berufsberatern und -vermittlern. Mehr zum Thema: <a href="https://www.aerztekammer-bw.de/mfa-im-fokus-beim-berufskundlichen-austausch-f52cef0aefd46b8a" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.aerztekammer-bw.de/mfa-im-fokus-beim-berufskundlichen-austausch-f52cef0aefd46b8a</a> -- Bild: © Landesärztekammer Baden-Württemberg <a href="https://xn--baw-joa.social/tags/%C3%A4rzteschaft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ärzteschaft</a> <a href="https://xn--baw-joa.social/tags/%C3%A4rztin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ärztin</a> <a href="https://xn--baw-joa.social/tags/arzt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#arzt</a> <a href="https://xn--baw-joa.social/tags/%C3%A4rztekammer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ärztekammer</a> <a href="https://xn--baw-joa.social/tags/badenw%C3%BCrttemberg" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#badenwürttemberg</a>

DxUGestern war ich auf der <a href="https://social.tchncs.de/tags/DMEA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DMEA</a><a href="https://www.dmea.de/de/about/dmea/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.dmea.de/de/about/dmea/</a> Nur wenige Stunden, aber interessante Talks zu Themen wie <a href="https://social.tchncs.de/tags/MFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MFA</a>, <a href="https://social.tchncs.de/tags/Cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cloud</a> und <a href="https://social.tchncs.de/tags/Messenging" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Messenging</a> im Gesundheitswesen. Hier fand ich die Präsentationen von <a href="https://social.tchncs.de/tags/famedly" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#famedly</a> recht interssant. Ein Anbieter von TK Messenger <a href="https://www.famedly.com/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.famedly.com/</a> den ich selbst auch beruflich seit einiger Zeit teste. Er nutzt das <a href="https://social.tchncs.de/tags/matrix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#matrix</a> Protokoll. Und wie ich erfahren durfte, arbeitet deren Chef wohl auch mit an <a href="https://social.tchncs.de/tags/fluffychat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#fluffychat</a> der Multiaccount Messenger.

Pyrzout :vm:Corsha Raises $18 Million to Enhance and Extend Machine-to-Machine Security <a href="https://www.securityweek.com/corsha-raises-18-million-to-enhance-and-extend-machine-to-machine-security/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.securityweek.com/corsha-raises-18-million-to-enhance-and-extend-machine-to-machine-security/</a> <a href="https://social.skynetcloud.site/tags/CybersecurityFunding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CybersecurityFunding</a> <a href="https://social.skynetcloud.site/tags/Identity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Identity</a>&Access <a href="https://social.skynetcloud.site/tags/Funding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Funding</a>/M&A <a href="https://social.skynetcloud.site/tags/funding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#funding</a> <a href="https://social.skynetcloud.site/tags/MFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MFA</a>

Erik van Straten<a href="https://chaos.social/@fleaz" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@fleaz</a> : it's not MultiMultiFactorAuthentication but 1FA max.Assuming that you don't use those hardware keys to generate TOTP codes (which are pointless when confronted with the likes of <a href="https://infosec.exchange/tags/Evilginx2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Evilginx2</a>), but use WebAuthn instead (FIDO2 passkeys in hardware keys), everything depends on one factor: the domain name of the website.1️⃣ DV-CERTS SUCK It is not very common that certificates are issued to malicious parties, but it *does* happen now and then (<a href="https://infosec.exchange/@ErikvanStraten/112914050216821746" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/112914050216821746</a>).2️⃣ SUBDOMAINS Furthermore, sometimes organizations have "dangling" subdomain names. For example, test.example.commay point to the IP-adress of some cloud server no longer used by example.com. Anyone with write access to that server may install a fake "test.example.com" website and phish you to it. It *may* be used to phish your WebAuthm credentials *if* "example.com" does not explicitly *DENY* WebAuthn from "test.example.com".See <a href="https://github.com/w3ctag/design-reviews/issues/97#issuecomment-175766580" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/w3ctag/design-reviews/issues/97#issuecomment-175766580</a> for how Google prevents "sites.google.com" from authenticating to "google.com".3️⃣ DNS HACKED It may not be neccessary to execute BGP-hijacks to redirect network traffic to an impostor: it also all depends on how reliable DNS records are protected against unauthorized access. If the dude in charge for DNS uses a stupid password only, or the DNS provider is easily fooled into believing "I forgot my creds", it's game over. The crooks will obtain a DV-cert in no time, no questions asked, for free.4️⃣ All the bells and whistless are moot if there's an alternative way to log in (such as by using a 1FA rescue code) and the user is fooled into providing it (after they've been lied to that their WebAithn public key on the server became corrupted or was lost otherwise).5️⃣ Cloudflare MitM's https connections (it's not a secret: <a href="https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised/</a>). The same applies to any server you log in to, which is accessible by untrustworthy personnel. They can steal your session cookie.6️⃣ In the end MFA/2FA is a hoax anyway, because the session cookie (or JWT or whatever) is 1FA anyway.Did I mention the risks of account lockout with hardware keys that cannot be backupped? And the mess it is to keep at least one other hardware key synchronized if it's in a vault? And the limitation of, for example, 25 WebAuthn accounts max? And (unpatcheable) vulnerabilities found in hardware keys? And their price? And how easy it is to forget or loose them?<a href="https://infosec.exchange/@odr_k4tana" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@odr_k4tana</a> <a href="https://infosec.exchange/tags/1FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#1FA</a> <a href="https://infosec.exchange/tags/2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#2FA</a> <a href="https://infosec.exchange/tags/MFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MFA</a> <a href="https://infosec.exchange/tags/JWT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#JWT</a> <a href="https://infosec.exchange/tags/SessionCookie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SessionCookie</a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AitM</a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MitM</a> <a href="https://infosec.exchange/tags/FIDO2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FIDO2</a> <a href="https://infosec.exchange/tags/WebAuthn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WebAuthn</a> <a href="https://infosec.exchange/tags/Yubikey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Yubikey</a> <a href="https://infosec.exchange/tags/Titan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Titan</a> <a href="https://infosec.exchange/tags/BGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BGP</a> <a href="https://infosec.exchange/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNS</a>

AndroidStopping MFA Fatigue Attacks Before They Start: Securing Your Entry Points MFA Fatigue Attacks on... <a href="https://securityboulevard.com/2025/04/stopping-mfa-fatigue-attacks-before-they-start-securing-your-entry-points/?utm_source=rss&utm_medium=rss&utm_campaign=stopping-mfa-fatigue-attacks-before-they-start-securing-your-entry-points" rel="nofollow noopener noreferrer" target="_blank">https://securityboulevard.com/2025/04/stopping-mfa-fatigue-attacks-before-they-start-securing-your-entry-points/?utm_source=rss&utm_medium=rss&utm_campaign=stopping-mfa-fatigue-attacks-before-they-start-securing-your-entry-points</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Identity" target="_blank">#Identity</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/&" target="_blank">#&</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Access" target="_blank">#Access</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Security" target="_blank">#Security</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Bloggers" target="_blank">#Bloggers</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Network" target="_blank">#Network</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/MFA" target="_blank">#MFA</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Password" target="_blank">#Password</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Security" target="_blank">#Security</a> <a href="https://awakari.com/pub-msg.html?id=CP8ljBkhA1JsMYYblHRKkPdzRmC" rel="nofollow noopener noreferrer" target="_blank">Event Attributes</a>

Ricerche recenti

Opzioni di ricerca

Amministrato da:

Statistiche del server: