Security News

February 2022 Patch Tuesday forecast: A rough start for 2022January 2022 Patch Tuesday was a rough one for Microsoft - and us. Samba bug may allow code execution as root on Linux machines, NAS devicesA critical vulnerability in Samba, a widely used open source implementation of the Server Message Block networking protocol, could allow attackers to execute arbitrary code as root on affected Samba installations.

The increased use of multi-factor authentication has pushed developers of phishing kits to come up with ways to bypass that added account protection measure. Proofpoint researchers have flagged three such phishing kits: Modlishka, Muraena/Necrobrowser, and Evilginx2.

More and more phishing kits are focusing on bypassing multi-factor authentication methods, researchers have warned - typically by stealing authentication tokens via a man-in-the-middle attack. According to an analysis from Proofpoint, MFA-bypass phishing kits are proliferating rapidly, "Ranging from simple open-source kits with human readable code and no-frills functionality to sophisticated kits utilizing numerous layers of obfuscation and built-in modules that allow for stealing usernames, passwords, MFA tokens, Social Security numbers and credit-card numbers."

The rising adoption of multi-factor authentication for online accounts pushes phishing actors to use more sophisticated solutions to continue their malicious operations, most notably reverse-proxy tools. The increasing use of MFA has pushed phishing actors to use transparent reverse proxy solutions, and to cover this rising demand, reverse proxy phish kits are being made available.

Amid the COVID-19 crisis, the global market for multi-factor authentication estimated at $8.6 billion in the year 2020, is projected to reach a revised size of $21.3 billion by 2027, growing at a CAGR of 13.9% over the analysis period 2020-2027, according to ResearchAndMarkets. The U.S. MFA market is estimated at $2.3 billion.

This change has profound implications: customers unable to implement MFA across their access by the set date can continue to use Salesforce without MFA at their own risk. Thales statistics suggest that 90 per cent of cyberattacks utilise compromised credentials in some way, which if correct implies that failing to implement MFA on Salesforce is potentially shifting responsibility for almost all cyberattacks involving the service.

A fake Android app is masquerading as a housekeeping service to steal online banking credentials from the customers of eight Malaysian banks. The app is promoted through multiple fake or cloned websites and social media accounts to promote the malicious APK, 'Cleaning Service Malaysia.

Konstantin Gizdov, an IT professional, was locked out of his Microsoft account by a bug in the company's Multi-Factor Authentication, but says support refused to acknowledge the bug or recover his account. A Microsoft account is distinct from a Microsoft 365 account, and although it is mainly aimed at consumers it is hard to avoid, for logging onto a new Windows PC or obtaining apps from the Microsoft Store.

That lesson was hammered home through a recent phishing attack that stole money from Coinbase customers. The attackers were able to move funds from Coinbase to their own accounts, thus stealing a vast amount of money in the form of cryptocurrency.

The accounts of at least 6,000 Coinbase customers were robbed of funds after attackers bypassed the cryptocurrency exchange's multi-factor authentication. The attacker(s) used a flaw in Coinbase's account recovery process to seize the SMS two-factor authentication tokens needed to break into customers' accounts and transfer funds to crypto wallets unassociated with Coinbase.