https://www.alojapan.com/1235679/mfa-sacks-diplomat-who-was-fined-for-filming-naked-boy-at-tokyo-public-bath/ MFA sacks diplomat who was fined for filming naked boy at Tokyo public bath #MFA #MinistryOfForeignAffairs #Tokyo #TokyoTopics #東京 #東京都 DID NOT VOLUNTARILY INFORM MFA ABOUT INCIDENT Japanese media reported that in February last year, the diplomat had used his mobile phone to secretly film a 13-year-old first-year middle school student in the changing room of a public bath. The boy was naked. The police were called and “multiple naked photos o…

Hackers are bypassing #MFA with new #phishing kits like SneakyLog!

Watch our 4-minute video to learn how attackers are stealing MFA codes, session tokens, and cookies using sophisticated tools sold as malware-as-a-service.

We'll share:

How SneakyLog mimics login portals & detects fake traffic.
How blurry login pages trick users into giving up credentials.
How to defend against MFA bypass with Zero Trust, hardware tokens, SSO, and more.

As attackers pivot between platforms—it's time to strengthen your identity protections!

Watch Now: https://youtu.be/7Vipr_EySwI

Ich empfahl ja neulich auf den #clt2025 den Vortrag über #Passkeys, die man für #2fa oder bei manchen Anbietern auch als einzige Authentifizierungsmethode nutzen kann. Auch den Vortrag könnt Ihr nachschauen. Link und Materialien sind hier: https://chemnitzer.linux-tage.de/2025/de/programm/beitrag/188

Spent Friday on a trip to Boston, visiting the MFA and some good friends. MFA was open for the members day for the Van Gogh exhibit of the Roulin portraits, which was quite fun. MBTA all ran on time, even! Obligatory visit to Tatte near NEU, although that location is hella-crowded. Coolidge remains far more chill. #boston #mfa #vangogh #roulin

#Ukraine has achieved full alignment with the #European_Union’s foreign policy and defence strategies in 2025, according to the Ministry of Foreign Affairs (#MFA) The #EU confirmed that Ukraine has met all its international obligations following the completion of legislative screening in early March. The next step in #Ukraine’s #European integration process is the opening of the “#External_Relations” negotiating cluster.

#ukraine #putinisamasskiller #putinisawarcriminal @kardinal691

Van Gogh at the Museum of Fine Art Boston #vangogh #mfa #boston

UK Software Firm Fined £3 Million Over Ransomware-Caused Data Breach  – Source: www.securityweek.com https://ciso2ciso.com/uk-software-firm-fined-3-million-over-ransomware-caused-data-breach-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #securityweekcom #DataBreaches #securityweek #Compliance #DataBreach #Advanced #fine #ico #MFA

Der Mitschnitt und die Folien von meinem Vortrag "Keycloak - FAQ zu Ausfallsicherheit und Absicherung" bei den #clt2025 sind jetzt online: https://chemnitzer.linux-tage.de/2025/de/programm/beitrag/185

(sophos.com) Evilginx: How Attackers Bypass MFA Through Adversary-in-the-Middle Attacks https://news.sophos.com/en-us/2025/03/28/stealing-user-credentials-with-evilginx/

A short descriptive article about Evilginx and how stealing credentials work, a few suggested ways of detecting etc.

Summary:
This article examines Evilginx, a tool that leverages the legitimate nginx web server to conduct Adversary-in-the-Middle (AitM) attacks that can bypass multifactor authentication (MFA). The tool works by proxying web traffic through malicious sites that mimic legitimate services like Microsoft 365, capturing not only usernames and passwords but also session tokens. The article demonstrates how Evilginx operates, showing how attackers can gain full access to a user's account even when protected by MFA. It provides detection methods through Azure/Microsoft 365 logs and suggests both preemptive and reactive mitigations, emphasizing the need to move toward phishing-resistant FIDO2-based authentication methods.

UK Software Firm Fined £3 Million Over Ransomware-Caused Data Breach https://www.securityweek.com/uk-software-firm-fined-3-million-over-ransomware-caused-data-breach/ #DataBreaches #Compliance #compliance #databreach #Advanced #fine #ICO #MFA

UK Software Firm Fined £3 Million Over Ransomware-Caused Data Breach https://www.securityweek.com/uk-software-firm-fined-3-million-over-ransomware-caused-data-breach/ #DataBreaches #Compliance #compliance #databreach #Advanced #fine #ICO #MFA

Что произошло в 2022 году и как будет развиваться рынок информационной безопасности в 2025 году

После ухода иностранных вендоров российский рынок информационной безопасности не только не рухнул, но и продолжил развиваться. Отечественные компании активно разрабатывают собственные решения в таких областях, как защита конечных устройств (EDR), межсетевые экраны нового поколения (NGFW), системы защиты данных и другие ключевые продукты, которые помогают укрепить инфраструктуру безопасности российских организаций. В этой статье рассказываю о том, какие компании стали лидерами в отдельных сегментах рынка ИБ и какие тренды определяют их развитие.

https://habr.com/ru/articles/894534/

I hear very often that the cloud is secure because Multi Factor Authentication (MFA) is enabled, so all accounts are secure.

What about the service accounts and the (break glass) global administrator account?

Or in Azure: do you have a conditional access policy that excludes accounts from MFA?

What about MFA phishing with evilginx?

=> Apply a defense-in-depth strategy also in cloud environments.