#jobs #incident #vulnerability #patch-management #security-tools #ai #detection-engineering #exploit #breach #malware #ransomware #phishing #cloud #zero-day #authentication
Articles tagged with: #mfa Clear filter
Corporate password manager that supports granular permissions & TOTP restrictions?

Corporate password manager that supports granular permissions & TOTP restrictions?

cybersecurity www.reddit.com

We're looking to purchase a corporate password manager, but our requirements are quite specific, and I'm not sure if existing solutions fully cover them. We need the ability to assign permissions at the individual secret level rather than only at the vault level. For example, if a vault contains five passwords, we want to grant access to just one or two of them, not the entire vault. We'd like the option to completely disable storing MFA within the password manager. Our security policy requires...

#mfa
UK Cyber Essentials - 6-digit PIN as a Device Unlocking Method

UK Cyber Essentials - 6-digit PIN as a Device Unlocking Method

cybersecurity www.reddit.com

Staff use their Personal Mobile Device to access emails via Outlook Mobile App. To sign into Outlook Mobile with their compliant password (MFA + minimum of 8 character password with block of common passwords). After that, the app is always signed in. Personal Mobile Device can be unlocked with 6-digit PIN. Is this compliant? submitted by /u/abdulrayman [link] [comments]

#mfa
Akira ransomware breaching MFA-protected SonicWall VPN accounts

Akira ransomware breaching MFA-protected SonicWall VPN accounts

BleepingComputer www.bleepingcomputer.com

Ongoing Akira ransomware attacks targeting SonicWall SSL VPN devices continue to evolve, with the threat actors found to be successfully authenticating despite OTP MFA being enabled on accounts. Researchers suspect this may through the use of previously stolen OTP seeds, though the exact method remains unconfirmed at this time.

#ransomware #mfa #ssl
Crowdstrike Identity Protection Hardware Tokens

Crowdstrike Identity Protection Hardware Tokens

CrowdStrike www.reddit.com

Hi guys, I'm currently tinkering around with CS Identity Protection and noticed the lack of support for hardware tokens like FIDO2 or something similar. Afaik there was an announcement couple of days ago that some features are available in early access that introduce phishing resistant MFA but only with their own Crowdstrike Falcon for Mobile app. Does anybody know if there are plans to support FIDO2 tokens in the future since they are already established and users don't want to use two...

#phishing #mfa #identity
Threat Actors Exploiting SonicWall Firewalls to Deploy Akira Ransomware Using Malicious Logins

Threat Actors Exploiting SonicWall Firewalls to Deploy Akira Ransomware Using Malicious Logins

Cyber Security News cybersecuritynews.com

A new wave of cyberattacks targeting organizations using SonicWall firewalls has been actively deploying Akira ransomware since late July 2025. Security researchers at Arctic Wolf Labs detected a surge in this activity, which remains ongoing. Threat actors are gaining initial access through malicious SSL VPN logins, successfully bypassing multi-factor authentication (MFA), and then rapidly moving

#authentication #ransomware #mfa #ssl
Industry myths that just won't die

Industry myths that just won't die

cybersecurity www.reddit.com

Hello people. What are some of the biggest myths people still believe in- the one which makes you facepalm every single time you hear it? I have heard folks say passwords don't matter if you have MFA. submitted by /u/Active_Meringue_1479 [link] [comments]

#mfa
OnePlus OxygenOS Vulnerability Allows Any App to Read SMS Data Without Permission

OnePlus OxygenOS Vulnerability Allows Any App to Read SMS Data Without Permission

Cyber Security News cybersecuritynews.com

A severe security vulnerability in OnePlus OxygenOS has been discovered that allows any installed application to read SMS and MMS messages without requesting permission or notifying users. The flaw, designated CVE-2025-10184, affects multiple OnePlus devices running OxygenOS versions 12 through 15, potentially compromising SMS-based multi-factor authentication (MFA) systems and exposing sensitive personal communications to unauthorized

#vulnerability #patch-management #authentication #mfa
IEC 62433 SL3 Target in SCADA Solutions

IEC 62433 SL3 Target in SCADA Solutions

cybersecurity www.reddit.com

Hi I have been assigned a task to design a security architecture for a SCADA system(BESS Plant) with IEC 62433 SL3 Target. Does anybody here has the experience with this? Additionally, I am looking for cheaper enterprise SIEM, MFA and Antivirus Solutions to be integrated with the SCADA system. Any comments/suggestions here would be more than helpful for me. Thanks. submitted by /u/holabhai1 [link] [comments]

#mfa #siem
Can this scenario be considered MFA?

Can this scenario be considered MFA?

cybersecurity www.reddit.com

Let's say I have a service which requires IAM. My authentication procedure is as follows: - user presents login and password - a code is sent to the user's email address - user enters the correct code In case the user forgets the password, the procedure is: - send a reset password link to the user's email address - user clicks on the link - user selects a new password. My understanding is that MFA should add a second layer of security. In this scenario, the expected outcome is that the attacker...

#authentication #mfa #iam
Released an open source SOC2 compliance scanner after seeing startups get quoted $50k for basic AWS security checks

Released an open source SOC2 compliance scanner after seeing startups get quoted $50k for basic AWS security checks

cybersecurity www.reddit.com

Was removed from /r/sysadmin because it seemed like advertising, but I'm not trying to sell anything - it's Apache 2.0. Just tired of seeing companies pay enterprise prices for grep and curl: I built a simple scanner that checks the technical parts of SOC2 (the ~30% that's actually infrastructure). It's not a complete compliance solution - won't write your policies or track vendor assessments. But it will tell you which S3 buckets are public, which IAM users lack MFA, and which access keys...

#aws #security-tools #mfa #iam
Is Adaptive MFA the future of cybersecurity?

Is Adaptive MFA the future of cybersecurity?

cybersecurity www.reddit.com

We've all seen how traditional passwords and even basic 2FA can be bypassed by phishing, SIM swapping, or credential theft. That's where Adaptive MFA comes in. Instead of treating every login the same, it evaluates context things like device, location, time, and user behavior before deciding if extra verification is needed. Why it matters: • Stops suspicious logins without frustrating every user • Makes phishing and stolen passwords far less effective • Helps meet compliance and insurance...

#phishing #mfa #2fa
Open-source VPN project adds MFA at WireGuard tunnel level + public pentesting reports

Open-source VPN project adds MFA at WireGuard tunnel level + public pentesting reports

cybersecurity www.reddit.com

Hey cybersecurity, We've just shipped version 1.5 of Defguard VPN (self-hosted, WireGuard-based, enterprise ready), and I thought some of the changes might be of interest to this community from a technical/security perspective. Key updates: MFA at tunnel level (desktop + mobile biometry): Instead of applying MFA only on the client login, the handshake itself can require a second factor. This approach closes gaps where a client credential compromise would otherwise be enough to establish a...

#mfa
VoidProxy PhaaS enables AiTM attacks against Google & Microsoft accounts | Has anyone seen similar AiTM toolkits in the wild? What detection rules worked for you?

VoidProxy PhaaS enables AiTM attacks against Google & Microsoft accounts | Has anyone seen similar AiTM toolkits in the wild? What detection rules worked for you?

For [Blue|Purple] Teams in Cyber Defence www.reddit.com

Okta intelligence shows attackers use compromised ESPs (Constant Contact, ActiveCampaign/Postmarkapp, NotifyVisitors, etc.) to send phishing emails with shortened links. Victims pass Cloudflare CAPTCHAs and land on near-perfect Google/Microsoft login clones. Credentials + MFA responses are relayed to a VoidProxy proxy server, which then captures valid session cookies for account takeover. VoidProxy uses Cloudflare Workers, dynamic DNS and multiple redirects to evade analysis. Okta: "VoidProxy...

#phishing #mfa #detection-engineering
Solo Security Analyst - What Should I Focus On?

Solo Security Analyst - What Should I Focus On?

cybersecurity www.reddit.com

TLDR: Solo security analyst (2 years experience) at healthcare org needs guidance on strategic priorities beyond daily maintenance. Currently handling everything from AV management/logging to board presentations, but want to ensure I'm not missing out on anything. I'm the only security person at a mid-sized healthcare provider (2000 employees) in midwest reporting to our CIO. We have the basics covered - MFA, decent tools, Conditional Access etc. but I want to proactively strengthen our...

#mfa
Can I have a new password, please? The $400M question.

Can I have a new password, please? The $400M question.

BleepingComputer www.bleepingcomputer.com

Scattered Spider didn't need a zero-day to breach Clorox. They just phoned the help desk - convincing agents to reset passwords & MFA without proper checks. The result: $380M in damages. Learn from Specops Software why caller verification and audit trails are critical.

#incident #zero-day #mfa #breach