Mastodawn

> There is sunshine and rainbows in our future Hank because strong security is simple security. #Passwords stink. Multiffactor authentication (#MFA) where you type in a code stinks. So really we to be secure we have to take the human out of the equation and that means it'll be easier for us.

https://youtu.be/V6pgZKVcKpw?si=NilUbnumkT18R5Y0&t=827

#Yep #Security #WellPut

You Actually Do Need to Understand Mythos

YouTube

OTX Bot 2d ago

Payroll pirate attacks targeting Canadian employees

Microsoft Incident Response researchers identified Storm-2755, a financially motivated threat actor conducting payroll pirate attacks against Canadian users. The campaign uses malvertising and SEO poisoning on generic search terms like "Office 365" to lure victims to a fraudulent sign-in page. Through adversary-in-the-middle techniques, the actor captures authentication tokens and session cookies, bypassing MFA protections. Storm-2755 maintains persistence using Axios HTTP client to replay stolen tokens, then conducts discovery for payroll and HR contacts. The actor impersonates compromised users to socially engineer HR staff or directly manipulates payroll systems like Workday. Malicious inbox rules hide correspondence from victims. Attacks resulted in direct financial losses through redirected salary payments to attacker-controlled bank accounts.

Pulse ID: 69d80c2c976a9ec209e19217
Pulse Link: https://otx.alienvault.com/pulse/69d80c2c976a9ec209e19217
Pulse Author: AlienVault
Created: 2026-04-09 20:29:32

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AdversaryInTheMiddle #Bank #Canadian #Cookies #CyberSecurity #HTTP #InfoSec #MFA #Malvertising #Microsoft #OTX #Office #OpenThreatExchange #RAT #SEOPoisoning #Troll #bot #iOS #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange

AWiRo e.V. / Café Median 3d ago

Save the Date: 14.05. FLINTA*s stark statt Herrentag

❤️‍🔥 FLINTA*s stark statt Herrentag 💪 Kommt vorbei zu Workshops, Vernetzen, Schnacken, Live Musik und Tanz. Wir bieten einen Rückzugsort, um dem unnötigen Tag zu entkommen im Kiezladen und im Median. Nicht alle Männer aber immer Männer - kein Tag um sich als Cis-Mann zu feiern!Haltet euch den Tag frei, weiter Infos folgen. Wir freuen uns auf euch! 😈 Organisiert von Mixed Feminist Action Rostock

https://awiro.org/save-the-date-14-05-flintas-stark-statt-herrentag/

Habr 3d ago

Фишинг 2025–2026: от социальной инженерии к промышленным конвейерам PhaaS

Современный ландшафт киберугроз демонстрирует окончательную трансформацию фишинга из набора разрозненных мошеннических писем в зрелую сервисную индустрию, функционирующую по канонам легитимного ИТ-бизнеса. Фишинг на протяжении многих лет остается одним из наиболее востребованных способов получения первоначального доступа к корпоративной инфраструктуре, сохраняя свою эффективность вопреки массовому внедрению многофакторной аутентификации (MFA) и инвестициям в антиспам-фильтрацию.

https://habr.com/ru/companies/pt/articles/1020880/

#фишинг #mfa #phaas #парсинг #aitm #dkim #dmark #seg #ocr #вредоносное_по

Фишинг 2025–2026: от социальной инженерии к промышленным конвейерам PhaaS

Хабр

Kevin Dominik Korte Apr 4

Should something be considered Open Source if cybersecurity features, such as SSO or MFA, are locked behind a paid tier? To me, insecurity by design seems to run counter to the idea of working together for a better world.
#cybersecurity #opensource #mfa #sso

der.hans Apr 4

0PHO - MFA saying no soup for me

#MFA #GeekHumor #Seinfeld #NY #MFAshortStories

Cyzo Apr 4

MFA Does Fail
MFA isn't bulletproof. Hackers use fake sites and alert spam to break in.
Stay safe: read before you tap, or switch to passkeys!
#CyberSecurity #MFA #TechTips #Privacy