News

Phishers have found a way to downgrade—not bypass—FIDO MFA

Expel said that PoisonSeed has found a clever sleight of hand to bypass this crucial step. As the user enters the username ...

Hackers can bypass FIDO MFA keys, putting your accounts at risk - here's what we know

Hackers have found a way to steal login credentials even for accounts protected with Fast IDentity Online (FIDO) physical keys. It revolves around a fallback created in these multi-factor ...

Top multi-factor authentication apps to protect your accounts

Multi-factor authentication (MFA) adds an extra layer of protection to your accounts. Instead of relying only on a password, MFA requires you to verify your identity using two or more methods.
CSO Online11d

PoisonSeed outsmarts FIDO keys without touching them

The novel technique exploits the cross-device sign-in option on FIDO to create an authenticated session controlled by ...

Threat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attack

A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in ...
DataBreachToday14d

Hackers Exploit FIDO MFA With Novel Phishing Technique

Expel researchers have found a novel adversary-in-the-middle phishing technique used by PoisonSeed, a cybercrime group ...