🌈 Social 📸 Photography 🌈

LMG SecurityThe new Darcula phishing-as-a-service (PhaaS) platform lets cybercriminals clone any brand’s website and create phishing pages in minutes—no coding skills required. In the past year, 95,000 phishing domains and 31,000 IP addresses have been linked to <a href="https://infosec.exchange/tags/Darcula" class="mention hashtag" rel="nofollow noopener" target="_blank">#Darcula</a>.Using this suite, attackers can submit a URL to generate a clone, then select the HTML elements to replace and inject phishing content (e.g., payment forms and login fields) to create a malicious replica of the legitimate landing page. They can then use the admin panel to manage their phishing campaigns and data collection.It's getting harder to spot these attacks, so make sure you are training your team to carefully inspect URLs and email addresses, and enter known URLs rather than clicking links. Please contact us if you need help setting up a training program for your team. Read about Darcula: <a href="https://thehackernews.com/2025/02/cybercriminals-can-now-clone-any-brands.html" rel="nofollow noopener" translate="no" target="_blank">https://thehackernews.com/2025/02/cybercriminals-can-now-clone-any-brands.html</a><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/PhaaS" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhaaS</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#IT</a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener" target="_blank">#DFIR</a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#CISO</a> <a href="https://infosec.exchange/tags/ITsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#ITsecurity</a> <a href="https://infosec.exchange/tags/training" class="mention hashtag" rel="nofollow noopener" target="_blank">#training</a> <a href="https://infosec.exchange/tags/cyberaware" class="mention hashtag" rel="nofollow noopener" target="_blank">#cyberaware</a> <a href="https://infosec.exchange/tags/SMB" class="mention hashtag" rel="nofollow noopener" target="_blank">#SMB</a>

Erik van Straten<a href="https://retro.pizza/@textualdeviance" class="u-url mention" rel="nofollow noopener" target="_blank">@textualdeviance</a> wrote, among other things:« Sudden revolutions come with obscenely high body counts of innocent civilians. »That is not necessarily true, in for example the following cases:🔸 <a href="https://en.wikipedia.org/wiki/Velvet_Revolution" rel="nofollow noopener" translate="no" target="_blank">https://en.wikipedia.org/wiki/Velvet_Revolution</a>🔸 A revolution that STOPS killing must take place <a href="https://infosec.exchange/tags/NOW" class="mention hashtag" rel="nofollow noopener" target="_blank">#NOW</a>. The anihilation of Palestinians is simply unacceptable, in particular because western countries condone, support or even encourage it. At some point the governments of the USA, NL and others must stop following orders from their Zionist sponsors, in order to not make them EVEN MORE complicit to genocide.🔸 Personally I'm "fighting" for a safer internet; fixing tech does not have to involve bloodshed at all (although big tech and leeches like <a href="https://safer.io/" rel="nofollow noopener" translate="no" target="_blank">https://safer.io/</a> will lose income). Such as:• By insisting on a system where internet users can distinguish betwee fake and authentic websites (see <a href="https://infosec.exchange/@ErikvanStraten/113079966331873386" rel="nofollow noopener" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/113079966331873386</a>);• By providing strong arguments why "Chatcontrol" (governments scanning every smartphone looking for Child Sexual Abuse Material - and what not) will not protect a single child - on the contrary (<a href="https://infosec.exchange/@ErikvanStraten/113075518670257012" rel="nofollow noopener" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/113075518670257012</a>; chatcontrol is *not* just a privacy risk);• By warning for passkeys (<a href="https://infosec.exchange/@ErikvanStraten/113058944497262936" rel="nofollow noopener" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/113058944497262936</a>) and suggesting better alternatives;• By warning for risks such as when unlocking the screen of an iPhone/iPad with a PIN (<a href="https://infosec.exchange/@ErikvanStraten/113053761440539290" rel="nofollow noopener" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/113053761440539290</a>);• By warning for security measures that are easily bypassed, such as 2FA/MFA (using SMS, voice, or TOTP "Authenticator" apps including Microsoft's using "number matching");• Et cetera.<a href="https://infosec.exchange/@0xabad1dea" class="u-url mention" rel="nofollow noopener" target="_blank">@0xabad1dea</a> <a href="https://infosec.exchange/tags/AIPAC" class="mention hashtag" rel="nofollow noopener" target="_blank">#AIPAC</a> <a href="https://infosec.exchange/tags/CIDI" class="mention hashtag" rel="nofollow noopener" target="_blank">#CIDI</a> <a href="https://infosec.exchange/tags/Gaza" class="mention hashtag" rel="nofollow noopener" target="_blank">#Gaza</a> <a href="https://infosec.exchange/tags/Westbank" class="mention hashtag" rel="nofollow noopener" target="_blank">#Westbank</a> <a href="https://infosec.exchange/tags/EthnicCleansing" class="mention hashtag" rel="nofollow noopener" target="_blank">#EthnicCleansing</a> <a href="https://infosec.exchange/tags/Genocide" class="mention hashtag" rel="nofollow noopener" target="_blank">#Genocide</a> <a href="https://infosec.exchange/tags/Palestinians" class="mention hashtag" rel="nofollow noopener" target="_blank">#Palestinians</a> <a href="https://infosec.exchange/tags/BigTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#BigTech</a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener" target="_blank">#DV</a> <a href="https://infosec.exchange/tags/Fake" class="mention hashtag" rel="nofollow noopener" target="_blank">#Fake</a> <a href="https://infosec.exchange/tags/Real" class="mention hashtag" rel="nofollow noopener" target="_blank">#Real</a> <a href="https://infosec.exchange/tags/Authentic" class="mention hashtag" rel="nofollow noopener" target="_blank">#Authentic</a> <a href="https://infosec.exchange/tags/Impostors" class="mention hashtag" rel="nofollow noopener" target="_blank">#Impostors</a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#Authentication</a> <a href="https://infosec.exchange/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberCrime</a> <a href="https://infosec.exchange/tags/eID" class="mention hashtag" rel="nofollow noopener" target="_blank">#eID</a> <a href="https://infosec.exchange/tags/EDIW" class="mention hashtag" rel="nofollow noopener" target="_blank">#EDIW</a> <a href="https://infosec.exchange/tags/EUDIW" class="mention hashtag" rel="nofollow noopener" target="_blank">#EUDIW</a> <a href="https://infosec.exchange/tags/ChatControl" class="mention hashtag" rel="nofollow noopener" target="_blank">#ChatControl</a> <a href="https://infosec.exchange/tags/CSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#CSS</a> <a href="https://infosec.exchange/tags/CSAM" class="mention hashtag" rel="nofollow noopener" target="_blank">#CSAM</a> <a href="https://infosec.exchange/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#2FA</a> <a href="https://infosec.exchange/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#MFA</a> <a href="https://infosec.exchange/tags/NumberMatching" class="mention hashtag" rel="nofollow noopener" target="_blank">#NumberMatching</a> <a href="https://infosec.exchange/tags/PhaaS" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhaaS</a> <a href="https://infosec.exchange/tags/Evilginx2" class="mention hashtag" rel="nofollow noopener" target="_blank">#Evilginx2</a> <a href="https://infosec.exchange/tags/HSTS" class="mention hashtag" rel="nofollow noopener" target="_blank">#HSTS</a> <a href="https://infosec.exchange/tags/httpvshttps" class="mention hashtag" rel="nofollow noopener" target="_blank">#httpvshttps</a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener" target="_blank">#Certificates</a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener" target="_blank">#DV</a> <a href="https://infosec.exchange/tags/OV" class="mention hashtag" rel="nofollow noopener" target="_blank">#OV</a> <a href="https://infosec.exchange/tags/EV" class="mention hashtag" rel="nofollow noopener" target="_blank">#EV</a> <a href="https://infosec.exchange/tags/QWAC" class="mention hashtag" rel="nofollow noopener" target="_blank">#QWAC</a> <a href="https://infosec.exchange/tags/passcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#passcode</a> <a href="https://infosec.exchange/tags/iPhone" class="mention hashtag" rel="nofollow noopener" target="_blank">#iPhone</a> <a href="https://infosec.exchange/tags/iPad" class="mention hashtag" rel="nofollow noopener" target="_blank">#iPad</a> <a href="https://infosec.exchange/tags/Android" class="mention hashtag" rel="nofollow noopener" target="_blank">#Android</a> <a href="https://infosec.exchange/tags/iOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#iOS</a> <a href="https://infosec.exchange/tags/iPadOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#iPadOS</a>

Erik van StratenIn *2019*, Alex Weinert of Microsoft wrote in <a href="https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/all-your-creds-are-belong-to-us/ba-p/855124" rel="nofollow noopener" translate="no" target="_blank">https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/all-your-creds-are-belong-to-us/ba-p/855124</a>:«     MFA had failed.    [...]     All Authenticators Are Vulnerable     [...] »Today, as echoed in <a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-enable-mfa-or-lose-access-to-admin-portals-in-october/" rel="nofollow noopener" translate="no" target="_blank">https://www.bleepingcomputer.com/news/microsoft/microsoft-enable-mfa-or-lose-access-to-admin-portals-in-october/</a>, Microsoft still insists that using weak MFA is a good idea.In <a href="https://azure.microsoft.com/en-us/blog/announcing-mandatory-multi-factor-authentication-for-azure-sign-in/" rel="nofollow noopener" translate="no" target="_blank">https://azure.microsoft.com/en-us/blog/announcing-mandatory-multi-factor-authentication-for-azure-sign-in/</a> Microsoft writes (on August 15):« As recent research [1] by Microsoft shows that multifactor authentication (MFA) can block more than 99.2% of account compromise attacks, making it one of the most effective security measures available, today’s announcement brings us all one step closer toward a more secure future. »From that same article, "solutions" with (nearly as weak as SMS) "Microsoft Authenticator" is at the TOP of their list:« Organizations have multiple ways to enable their users to utilize MFA through Microsoft Entra:• Microsoft Authenticator [...] • FIDO2 security keys [...] • Certificate-based authentication [...] • Passkeys [...] • Finally, and this is the least secure version of MFA, you can also use a SMS or voice approval [...] »From [1] (PDF) = <a href="https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW166lD?culture=en-us" rel="nofollow noopener" translate="no" target="_blank">https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW166lD?culture=en-us</a> , no date of the "investigation period" to be seen *anywhere*, and one of the authors being Alex Weinert, more extreme percentages (approved by Microsoft's marketing dept):« Our findings reveal that MFA implementation offers outstanding protection, with over 99.99% of MFA-enabled accounts remaining secure during the investigation period. Moreover, MFA reduces the risk of compromise by 99.22% across the entire population and by 98.56% in cases of leaked credentials. »Dear reader: please stop buying Microsoft BS that completely ignores PhaaS.To name a few examples:🚨 "Experts agree [*] that setting up two-factor authentication (2FA) İs one of the most powerful ways to protect your account from getting hacked. However, hackers like COLDRIVER and COLDWASTREL may try to trick you into entering your second factor; we have seen attackers successfully compromise a victim who had enabled 2FA." - (PDF) <a href="https://www.accessnow.org/wp-content/uploads/2024/08/Spearphishing-cases-in-Eastern-Europe-2022-2024-technical-brief.pdf" rel="nofollow noopener" translate="no" target="_blank">https://www.accessnow.org/wp-content/uploads/2024/08/Spearphishing-cases-in-Eastern-Europe-2022-2024-technical-brief.pdf</a>[*] Not me. My tip is here: <a href="https://infosec.exchange/@ErikvanStraten/112724966066248808" rel="nofollow noopener" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/112724966066248808</a>🚨 EvilGinx2: "Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication" - <a href="https://github.com/kgretzky/evilginx2" rel="nofollow noopener" translate="no" target="_blank">https://github.com/kgretzky/evilginx2</a> (there are more, like Modlishka, Muraena, CredSniper, EvilProxy (Phaas), NakedPages etc.)🚨 Not even a fake website needed: <a href="https://www.bleepingcomputer.com/news/security/new-greatness-service-simplifies-microsoft-365-phishing-attacks/" rel="nofollow noopener" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/new-greatness-service-simplifies-microsoft-365-phishing-attacks/</a>🚨 From <a href="https://mrd0x.com/attacking-with-webview2-applications/" rel="nofollow noopener" translate="no" target="_blank">https://mrd0x.com/attacking-with-webview2-applications/</a>: « Bypass 2FA WebView2 also provides built-in functionality to extract cookies. This allows an attacker to extract cookies after the user authenticates into the legitimate website. This technique removes the need of having to spin up Evilginx2 or Modlishka but the obvious trade-off is that the user must execute the binary and authenticate. » In addition, from <a href="https://www.bleepingcomputer.com/news/security/clever-phishing-method-bypasses-mfa-using-microsoft-webview2-apps/" rel="nofollow noopener" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/clever-phishing-method-bypasses-mfa-using-microsoft-webview2-apps/</a>: « "Yubikeys can't save you because you're authenticating to the REAL website not a phishing website." mr.d0x » AND: « However, as mr.d0x admits and Microsoft pointed out in their response to our questions, this attack is a social engineering attack and requires a user to run a malicious executable. » Correct, but a local compromise does'nt protect you when you're using FIDO2 hardware keys or passkeys.🚨 From 2022: <a href="https://microsoft.com/en-us/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/" rel="nofollow noopener" translate="no" target="_blank">https://microsoft.com/en-us/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/</a>: « A large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites stole passwords, hijacked a user’s sign-in session, and skipped the authentication process even if the user had enabled multifactor authentication (MFA). »🚨 "Phishing with Cloudflare Workers: Transparent Phishing and HTML Smuggling" - <a href="https://www.netskope.com/blog/phishing-with-cloudflare-workers-transparent-phishing-and-html-smuggling" rel="nofollow noopener" translate="no" target="_blank">https://www.netskope.com/blog/phishing-with-cloudflare-workers-transparent-phishing-and-html-smuggling</a>🚨 "New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security" - <a href="https://thehackernews.com/2022/09/new-evilproxy-phishing-service-allowing.html" rel="nofollow noopener" translate="no" target="_blank">https://thehackernews.com/2022/09/new-evilproxy-phishing-service-allowing.html</a>🚨 From <a href="https://www.europol.europa.eu/media-press/newsroom/news/international-investigation-disrupts-phishing-service-platform-labhost" rel="nofollow noopener" translate="no" target="_blank">https://www.europol.europa.eu/media-press/newsroom/news/international-investigation-disrupts-phishing-service-platform-labhost</a>: « The investigation uncovered at least 40 000 phishing domains linked to LabHost, which had some 10 000 users worldwide. [...] LabRat was designed to capture two-factor authentication codes and credentials, allowing the criminals to bypass enhanced security measures. »🚨 "Security and Privacy Failures in Popular 2FA Apps" by Gilsenan et al. (USENIX 2023): <a href="https://www.usenix.org/conference/usenixsecurity23/presentation/gilsenan" rel="nofollow noopener" translate="no" target="_blank">https://www.usenix.org/conference/usenixsecurity23/presentation/gilsenan</a> The PDF can also be found here: <a href="https://github.com/blues-lab/totp-app-analysis-public" rel="nofollow noopener" translate="no" target="_blank">https://github.com/blues-lab/totp-app-analysis-public</a> (Aegis was one of the least problematic apps, and don't use Authy).This is what is wrong with weak MFA/2FA: You  o /|\  [device + browser] / \ | v [login.microsoftonline-aitm.com] | v [login.microsoftonline.com](no thanks to DV-certificates).<a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#AitM</a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#MitM</a> <a href="https://infosec.exchange/tags/EvilProxy" class="mention hashtag" rel="nofollow noopener" target="_blank">#EvilProxy</a> <a href="https://infosec.exchange/tags/PhaaS" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhaaS</a> <a href="https://infosec.exchange/tags/Authenticator" class="mention hashtag" rel="nofollow noopener" target="_blank">#Authenticator</a> <a href="https://infosec.exchange/tags/TOTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#TOTP</a> <a href="https://infosec.exchange/tags/OTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTP</a> <a href="https://infosec.exchange/tags/MicrosoftAuthenticator" class="mention hashtag" rel="nofollow noopener" target="_blank">#MicrosoftAuthenticator</a> <a href="https://infosec.exchange/tags/Authy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Authy</a> <a href="https://infosec.exchange/tags/Aegis" class="mention hashtag" rel="nofollow noopener" target="_blank">#Aegis</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/WebView" class="mention hashtag" rel="nofollow noopener" target="_blank">#WebView</a> <a href="https://infosec.exchange/tags/AitB" class="mention hashtag" rel="nofollow noopener" target="_blank">#AitB</a> <a href="https://infosec.exchange/tags/MitB" class="mention hashtag" rel="nofollow noopener" target="_blank">#MitB</a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener" target="_blank">#Impersonation</a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#Authentication</a> <a href="https://infosec.exchange/tags/Trust" class="mention hashtag" rel="nofollow noopener" target="_blank">#Trust</a> <a href="https://infosec.exchange/tags/TrustWorthyNess" class="mention hashtag" rel="nofollow noopener" target="_blank">#TrustWorthyNess</a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener" target="_blank">#DV</a> <a href="https://infosec.exchange/tags/PasswordManager" class="mention hashtag" rel="nofollow noopener" target="_blank">#PasswordManager</a> <a href="https://infosec.exchange/tags/CheckDomainName" class="mention hashtag" rel="nofollow noopener" target="_blank">#CheckDomainName</a> <a href="https://infosec.exchange/tags/DomainNameCheck" class="mention hashtag" rel="nofollow noopener" target="_blank">#DomainNameCheck</a>

Recent searches

Search options

Administered by:

Server stats:

#phaas