Jump to content
Report any bug Read more... ×
We're hiring! We are accepting applications for Developers, Teachers, Redactors and Junior Moderators. Read more... ×
Search In
  • More options...
Find results that contain...
Find results in...

Create an account on our board

or login and enjoy all the possibilities

Existing user? Sign In

Sign In



Sign Up

Learn Or Teach

You can learn computer security by practicing in the Dashboard, you can also be taught by a teacher. Or You can teach community members regardless of your specialty, and earn points for each person!

Learn or Teach

The Challenges

The new Challenges page is here. Take advantage of several vulnerable web applications to help train you such as, DVWA, XVWA, Mutillidae. You can also launch an existing or custom virtual machine.

Play Now !

Collaboration Room

The first categories of the forum are rooms that you can create or join in order to participate in events with the other members of the community. You can also create your room to make a teaching request, or attend your teacher's presentation. In this room you can create a private forum, store your information, invite other people etc.

Create Room

Create your club

You can create a club with your friends, earn points in teams. Creating a club gives you access to a team space. There you will have a private forum where you can store files, share information etc. Invite your friends and play together!

Create yours now!

VIP

Several VIP packs are available, understand that the survival of this site depends on it. Of course you can buy this pack with your points won during events. Formulas: Vip Member Vip Teacher Vip student

Buy
News
  • For new users read this
  • Challenges
  • for new users thank you to post in introduction and answer "Accept" on the topic of the rules to have access to the integrity of the forum and receive your Exploit-Code
  • The challenges board is being developed you are likely to encounter some bugs if this is the case report to an administrator.

PHISHING ATTACKS CAPABLE OF BYPASSING MULTI-FACTOR AUTHENTICATION INCREASE

Sign in to follow this  
AdminSec

56 views

Gmail, from Google, is one of the main services that use this login method

Network security and ethical hacking specialists from the International Institute of Cyber security ensure that malicious actors have been developing their methods to deploy phishing campaigns to the point where they are able to bypass multi factor authentication.

“There has been a significant increase in the number of phishing attacks capable of bypassing two-factor authentication (2FA)”, experts commented.

This phishing variant works by tricking the victim into revealing your password and a one-use code that protects your email account. This code of a use is very difficult to get for hackers, as it is sent to the phone number linked to the email account and expires less than a minute later.

A few months ago, Amnesty International detected a group of hackers who managed to bypass the authentication of two factors using an automatic phishing tool capable of extracting the keys and entering them on the legitimate platform. Subsequently, a network security expert launched a set of open source tools that worked in a similar way.

Because this one-use code is sent via SMS, any technique to intercept these utensils will be useful to complete the attack. Therefore, two-factor authentication is primarily vulnerable to attacks against the SMS system.

Google, which uses this authentication system for its Gmail service, is deploying a hacking prevention campaign, mainly through blocking logins from unknown locations. The company has also alerted users to possible emails with malicious links or attachments.

According to network security specialists, the best way to prevent this kind of attack is with hardware solutions, such as the USB security keys. These tools eliminate the need to receive a key by SMS, because the hardware itself works as a second way of authentication.

By Google policy, for example, all of its employees carry one of these security keys and, although their price is not the most economical, cybersecurity experts reaffirm that, so far, this is the best way to prevent phishing attacks.

The news about these phishing variants is a reminder to any user about how important it is to check what goes into your email. The operators of these campaigns will always try to impersonate legitimate services, such as streaming platforms or accounts in applications developed by third parties; It is the responsibility of each user to distinguish between legitimate and malicious content and know how to act in case of finding a phishing attempt.

  • Like 1
Sign in to follow this  


0 Comments


Recommended Comments

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×