Phishers Have Found a Way to Downgrade—Not Bypass—FIDO MFA

Threat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attack

A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in WebAuthn to trick users into approving login authentication requests from fake company portals.

Phishers have found a way to downgrade—not bypass—FIDO MFA

Researchers recently reported encountering a phishing attack in the wild that bypasses a multifactor authentication scheme based on FIDO (Fast Identity Online), the industry-wide standard being adopted by thousands of sites and enterprises. If true, the attack, reported in a blog post Thursday by security firm Expel, would be huge news, since FIDO is widely regarded as being immune to credential phishing attacks. After analyzing the Expel write-…

Threat Actors Downgrade FIDO2 MFA Auth In PoisonSeed Phishing Attack - Cybernoz - Cybersecurity News

A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in WebAuthn to trick users into approving login authentication requests from fake company portals. The PoisonSeed threat actors are known to employ large-volume phishing attacks for financial fraud. In the past, distributing emails containing crypto seed phrases used to drain cryptocurrency wallets. In the recent phishing attack…

Phishers have found a way to downgrade—not bypass—FIDO MFA - WorldNL Magazine

Researchers recently reported encountering a phishing attack in the wild that bypasses a multifactor authentication scheme based on FIDO (Fast Identity Online), the industry-wide standard being adopted by thousands of sites and enterprises. If true, the attack, reported in a blog post Thursday by security firm Expel, would be huge news, since FIDO is widely regarded as being immune to credential phishing attacks. After analyzing the Expel write-…

New ‘Scanception’ QR Code Phishing Campaign Evades Security by Targeting Mobile Devices

A sophisticated phishing campaign dubbed “Scanception” has emerged as a novel threat that uses QR codes embedded within PDF documents to circumvent traditional security measures and harvest user credentials. The campaign, which has been actively tracked by Cyble’s Research and Intelligence Lab (CRIL) and other cybersecurity researchers, shows an evolution in phishing tactics amid a broader 26 percent surge in mobile phishing attacks during 2024.…

Phishing attack abuses QR codes to bypass FIDO keys

A man-in-the-middle attack relays a cross-device sign-in mechanism via a fake login site. Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 fo…