A new phishing technique is helping threat actors bypass multi-factor authentication (MFA) by tricking victims into logging into their accounts directly on adversary-controlled servers using the VNC screen sharing system. MFA protocols have become one of the best defenses against phishing compromises and other malicious cyber activity. However, a security researcher has come up with a novel approach to bypass MFA protocols using the “noVNC remote access software and browsers running in kiosk mode to display email login prompts running on the attacker's server but shown in the victim's browser,” according to BleepingComputer. Additionally, if the victim enters the MFA passcode on the attacker’s server, the threat actor would now have access to the account for future logins. Practicing basic cyber hygiene and treating all email as suspicious, especially when it prompts you to login to your account will help defend against this type of MFA-bypass attack. Read more at BleepingComputer.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!