Cyber Security News Aggregator
.Cyber Tzar
provide acyber security risk management
platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.
First slide label
Some representative placeholder content for the first slide.
Second slide label
Some representative placeholder content for the second slide.
Third slide label
Some representative placeholder content for the third slide.
Man-in-the-Middle Phishing Attack
published on 2022-08-25 11:45:17 UTC by Bruce SchneierContent:
Here’s a phishing campaign that uses a man-in-the-middle attack to defeat multi-factor authentication:
Microsoft observed a campaign that inserted an attacker-controlled proxy site between the account users and the work server they attempted to log into. When the user entered a password into the proxy site, the proxy site sent it to the real server and then relayed the real server’s response back to the user. Once the authentication was completed, the threat actor stole the session cookie the legitimate site sent, so the user doesn’t need to be reauthenticated at every new page visited. The campaign began with a phishing email with an HTML attachment leading to the proxy server.
https://www.schneier.com/blog/archives/2022/08/man-in-the-middle-phishing-attack.html
Published: 2022 08 25 11:45:17
Received: 2022 08 25 11:49:54
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
Views: 1
