Some of Our Sources
- Slashdot
- TutsPlus - Code
- Team Treehouse
- Pearsonified
- The Logo Smith
- Inspiredology
- Web Design Ledger
- Specky Boy
- Web Resource Source
- Codrops
Help Webnuz
Referal links:
December 14, 2018 12:45 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/-RirbK2sHIw/iranian-phishers-bypass-2fa-protections-offered-by-yahoo-mail-gmail
Iranian Phishers Bypass 2fa Protections Offered By Yahoo Mail, Gmail
An anonymous reader quotes a report from Ars Technica: A recent phishing campaign targeting U.S. government officials, activists, and journalists is notable for using a technique that allowed the attackers to bypass two-factor authentication protections offered by services such as Gmail and Yahoo Mail, researchers said Thursday. The event underscores the risks of 2fa that relies on one-tap logins or one-time passwords, particularly if the latter are sent in SMS messages to phones. Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets' level of operational security, researchers with security firm Certfa Lab said in a blog post. The emails contained a hidden image that alerted the attackers in real time when targets viewed the messages. When targets entered passwords into a fake Gmail or Yahoo security page, the attackers would almost simultaneously enter the credentials into a real login page. In the event targets' accounts were protected by 2fa, the attackers redirected targets to a new page that requested a one-time password. "In other words, they check victims' usernames and passwords in realtime on their own servers, and even if 2 factor authentication such as text message, authenticator app or one-tap login are enabled they can trick targets and steal that information too," Certfa Lab researchers wrote. "We've seen [it] tried to bypass 2fa for Google Authenticator, but we are not sure they've managed to do such a thing or not," the Certfa representative wrote. "For sure, we know hackers have bypassed 2fa via SMS."Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/-RirbK2sHIw/iranian-phishers-bypass-2fa-protections-offered-by-yahoo-mail-gmail
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot