#mfa-bypass — Public Fediverse posts

Iran-Linked APT Exploits Ransomware Disguise for Espionage

MuddyWater, an Iran-linked APT group, has been caught exploiting a ransomware disguise to secretly infiltrate systems, using interactive tactics to harvest credentials and gain internal access. By masquerading as a Chaos ransomware affiliate, the group aimed to throw off detectives and cover its espionage tracks.

https://osintsights.com/iran-linked-apt-exploits-ransomware-disguise-for-espionage?utm_source=mastodon&utm_medium=social

#Muddywater #Apt #Iran #MfaBypass #Ransomware

🚨 JokerOTP PhaaS Seller Arrested - Netherlands

A coordinated law enforcement operation has resulted in the arrest of a suspected JokerOTP access seller. The platform enabled automated OTP interception via synchronized login attempts and vishing bots.

Impact:
• $10M in financial damage
• 28,000+ attacks
• 13 countries affected
• High-value targets: PayPal, Coinbase, Amazon, Apple

This incident underscores the operational reality: MFA bypass increasingly exploits the human layer rather than technical vulnerabilities.

Are phishing-resistant authentication methods becoming mandatory rather than optional?
Engage below with your defensive strategy insights.

Source: https://www.bleepingcomputer.com/news/security/police-arrest-seller-of-jokerotp-mfa-passcode-capturing-tool/

Follow @technadu for ongoing threat intelligence and global cybercrime updates.

#InfoSec #ThreatIntelligence #PhishingDefense #MFABypass #CyberCrime #SecurityOperations #FraudPrevention #TechNadu

⚠️ Cyber threat: “Cookie Bite” attack hijacks Microsoft 365 — no malware required. Researchers uncovered a new attack that abuses Azure Entra ID auth cookies (ESTSAUTH + ESTSAUTHPERSISTENT) to:
🍪 Hijack sessions in Outlook, Teams, and more
🚫 Bypass MFA
📥 Avoid traditional endpoint detection
🧩 Spread via malicious browser extensions

🛡️ Organizations must:
🔐 Audit browser extension permissions
📊 Monitor for persistent cloud session abuse
🧠 Train users to avoid risky browser behaviors

Invisible. Persistent. And just one stolen cookie away.

#CyberSecurity #Microsoft365 #MFABypass #EntraID #ThreatIntel #security #privacy #cloud #infosec
https://www.darkreading.com/remote-workforce/cookie-bite-entra-id-attack-exposes-microsoft-365

#MFA #Cybercrime #Hacking #Authentication #Phishing #MFABypass #SimSwapping #SocialEngineering #MFAFatigue #SecurityAwareness #DefenseInDepth #CyberSecurity #PhishingResistantMFA #EndpointDetection #EDR #IncidentResponse #Security #CyberAttack #Darkweb #CybercrimeInfo #HumanFactor

https://www.ccinfo.nl/menu-onderwijs-ontwikkeling/cybercrime/hacking/2251399_mfa-bypass-ontrafeld-waarom-meerfactor-authenticatie-niet-volstaat

Microsoft MFA Bypassed via AuthQuake Attack  – Source: www.securityweek.com https://ciso2ciso.com/microsoft-mfa-bypassed-via-authquake-attack-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #Identity&Access #securityweekcom #securityweek #AuthQuake #MFAbypass #Microsoft #MFA

Microsoft MFA Bypassed via AuthQuake Attack https://www.securityweek.com/microsoft-mfa-bypassed-via-authquake-attack/ #Identity&Access #AuthQuake #MFAbypass #Microsoft #MFA

Microsoft MFA Bypassed via AuthQuake Attack https://www.securityweek.com/microsoft-mfa-bypassed-via-authquake-attack/ #Identity&Access #AuthQuake #MFAbypass #Microsoft #MFA

It's been a heck of a week, with tonnes of great research and tooling that I'm sure you're going to get a kick out of - check out our wrap-up for all the news!:

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-16042023

Kaspersky researchers shone a light on the Dark Web trade in Google Play Loaders - a service to help inject malware into legitimate, and supposedly vetted apps, with guarantees of >1 week up-time and the option to boost your spread with targeted Ads.

#Nokoyawa ransomware have clearly got some talent on their team, having abused a #CLFS 0-day prior to Microsoft patching it last week - one of 5 different exploits they've used, mind you - and they appear to have a new, distinct ransomware strain in rotation, too.

There's heaps more great threat reporting, including a report that #FIN7 and former #Conti (#FIN12/#WizardSpider) members are collaborating on a new backdoor, and a crypto-mining campaign that may be the canary in the coal mine, indicating broader uptake of BYOVD and IPFS by low-level operators.

The #QueueJumper vulnerability from last week looks primed to explode in coming days, with a no-fix vulnerability in Microsoft Intune capping off a lousy week for Windows admins struggling to keep their networks secure.

TOOLING. Ooooh boy, this was a good week for tooling and tradecraft, ladies and gentlemen.

The #redteam have a new port of the SharpHound AD enumeration tool for Cobalt Strike; a great reference piece on leveraging stolen Office tokens to bypass MFA and access cloud workloads, and a list of keywords to avoid when crafting stealthy PowerShell scripts.

The #blueteam have a script to help tweak VM settings to circumvent malware anti-analysis checks; Procmon for macOS, and a lightweight bastion host to help redirect and record traffic sent to honeypots in your network.

This was a fun one to write up, with heaps of interesting reads and takeaways to be had. Get amongst it!

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-16042023

#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #darkweb #microsoft #azure #mfa #mfabypass #cobaltstrike #bloodhound #sharphound #byovd #ipfs #intune #GooglePlay #Android #zeroday #0day