Security News

Hackers have managed to compromise a telephony provider for Duo, the Cisco-owned company providing secure access solutions, and steal MFA SMS message logs of Duo customers."The threat actor downloaded message logs for SMS messages that were sent to certain users under your Duo account between March 1, 2024 and March 31, 2024," the Cisco Data Privacy and Incident Response Team notified its MSP partners.

Cisco Duo's security team warns that hackers stole some customers' VoIP and SMS logs for multi-factor authentication messages in a cyberattack on their telephony provider. In emails sent to customers, Cisco Duo says an unnamed provider who handles the company's SMS and VOIP multi-factor authentication messages was compromised on April 1, 2024.

Cybercriminals have been increasingly using a new phishing-as-a-service platform named 'Tycoon 2FA' to target Microsoft 365 and Gmail accounts and bypass two-factor authentication protection. Tycoon 2FA attacks involve a multi-step process where the threat actor steals session cookies by using a reverse proxy server hosting the phishing web page, which intercepts the victim's input and relays them to the legitimate service.

MFA software solutions provide multi-factor authentication for individual end-users, organizational workforces and customer-facing applications. Software Solution category Authentication types Hosting options Pricing Google Authenticator Individual MFA Mobile app, software token, mobile push, risk-based Cloud-based Free Cisco Duo Workforce MFA Mobile app, software token, hardware token, mobile push, WebAuthn, biometric Cloud-based Free MFA for up to 10 users; plans start at $3/user/month.

The terms 2FA and MFA are sometimes used interchangeably. This is because 2FA is really a subset of MFA. 2FA involves only one additional authentication factor.

When it comes to access security, one recommendation stands out above the rest: multi-factor authentication (MFA). With passwords alone being simple work for hackers, MFA provides an essential...

Please turn on your JavaScript for this page to function normally. While a valuable tool in the cybersecurity toolkit, MFA is not immune to weaknesses.

With MFA in place, when a hacker gets a hold of your account credentials, they cannot fulfill the additional identification requirement, meaning their ability to breach the system is dead in the water. We've seen lately a surprising number of high-profile social engineering attacks that result in MFA bypass.

In today's digital landscape, traditional password-only authentication systems have proven to be vulnerable to a wide range of cyberattacks. To safeguard critical business resources, organizations...

SE Labs advised CISOs to step-up their efforts against attacks on systems protected by MFA in response to increased attacker activity to exploit failure points. As is often the case when compromising systems, attackers have not reinvented the wheel to circumvent MFA, or 2FA, as it is also known.