Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11New Microsoft 365 Attack Can Break 2FA
Adding two-factor authentication (2FA) to your account security is always a good idea, but it's not insurmountable. Hackers are finding new ways to bypass these defenses and gain access to people's accounts. For example, a new phishing attack can access Microsoft 365 accounts even if the target has 2FA enabled.
Rockstar 2FA is stealing everyone's 2FA codes
The Rockstar 2FA phishing kit is a unique malicious toolkit that cybercriminals can buy on the black market for $200, Trustwave reports. It gives criminals everything they need to break into someone's Microsoft 365 account, even if they have 2FA enabled.
Here's how it works: A bad actor sends a phishing email asking the target to log in to their Microsoft 365 account. The email contains a link to a fake Microsoft 365 page, claims they've received a new document, or makes fake threats that must be resolved by accessing the account.
Typically, a phishing attack doesn't get much more complicated than this. But the Rockstar 2FA phishing kit has a trick up its sleeve: It acts as an adversary-in-the-middle (AITM). When a user enters their username and password into the fake login page, Rockstar 2FA passes the details to the legitimate Microsoft 365 login page.
Microsoft's servers verify the login process and ask Rockstar 2FA for a 2FA code. Rockstar passes this request on to the user, who completes the login process. Rockstar 2FA then steals the session cookie for the transaction, allowing the hacker to access the victim's account.
How to stay safe from Rockstar 2FA
Fortunately, while Rockstar 2FA is dangerous, it still relies on traditional phishing tactics to steal your account, so if you take the time to learn what phishing is and how to avoid it, you can avoid this dangerous attack.
Isabella HumphreyYou should read it
- What is data leakage?
- Are you a victim of the MOVEit breach?
- So frustrated with the learning situation, students hack the school's computer system
- How to Use the Grepolis Hack Tool (PRO V2)
- Tips for playing Five Nights at Freddy's: Security Breach
- One of the worst data leaks in the history of cybersecurity has just been exposed
- 7 Apple hacks, breaches, and security vulnerabilities you didn't know about
- Microsoft proves Windows 10 computers are vulnerable to hacking to advertise Windows 11
May be interested
- Microsoft confirmed it was hit by a DDoS attack
microsoft confirmed that a nearly 10-hour service interruption that prevented users from accessing some microsoft services on july 30 was due to a denial of service (ddos) attack. - Microsoft revealed the 'system crash' incident in early June was caused by a DDoS attackduring the first week of june, microsoft unexpectedly experienced a severe outage affecting most of its services including azure, outlook, and teams.
- The attack on Microsoft Exchange increased while WannaCry showed signs of returnthe series of security flaws that have existed for a long time in microsoft exchange and have only recently been patched have attracted a lot of attention from both users and cybercriminals.
- Analysis of an attack (Part 3)in part 2 of this series, we have left all the necessary information required for an attack on the victim network. with that note, let's continue with a real attack. this attack follows the transmission of ecommerce
- Vista suffered the first attackjust a week after the launch of microsoft windows vista suffered the first attack by hackers. however, vista is just a victim of abuse in this attack, not a target.
- Change the Section Break in Word 2007 and 2010when you want to change section break type in a word text, or simply manage the section better, change or reformat from the beginning ... how will you do it? maybe many people will think that the simple method is to delete that section, insert it to change the format ...
- Microsoft was attacked by Syrian Electronic Armthe syrian electronic army hackers team (sea) promised that they would continue to attack microsoft, and today the team hacked the official microsoft office blog just hours after the web was applied to the new interface.
- What is Smurf Attack? How to prevent Smurf Attack?smurf attack is a type of ddos attack, hackers will attack the victim's server by sending fake ip requests using internet control message protocol to create fake accesses that overload the target device or network.
- Trojans appear to attack Microsoft Officesecurity experts have warned of a new trojan that appears to be able to attack an unpatched microsoft office security vulnerability that could allow hackers to hack into computers.
- How to Break a Chainwhether you own a bike or simply work with chains a lot, there will probably come a time at some point where you'll need to break a chain in order to remove and repair it. if you're trying to break a bike chain, you may need to use pliers...
Attack the network
- Dangerous 'Helldown' Ransomware Warning Expands to Linux and VMware
- SteelFox Trojan: Malware Turns PCs Into Cryptocurrency Mining Zombies
- Remcos Alert: Ingenious Excel Phishing Campaign Spreading Dangerous Fileless Malware
- More than 200 apps containing malicious code were discovered and downloaded millions of times on the Google Play Store.
- Famous cyber attacks of the past decade
- Is it possible to 'crack' ransomware?
Dangerous 'Helldown' Ransomware Warning Expands to Linux and VMware
SteelFox Trojan: Malware Turns PCs Into Cryptocurrency Mining Zombies
Remcos Alert: Ingenious Excel Phishing Campaign Spreading Dangerous Fileless Malware
More than 200 apps containing malicious code were discovered and downloaded millions of times on the Google Play Store.
Famous cyber attacks of the past decade
Is it possible to 'crack' ransomware?