Lmst

@BleepingComputer : when using untrustworthy networks, use a browser that supports "warn for insecure connections" - and enable it (my advice: do both anyway).

Note that it is near-impossible to redirect an https connection without a certificate error - until said connection has been successfully set up. After that happens, only the target website can redirect the browser.

• Firefox uses a stupid name: "HTTPS-only". That's misleading because it only means that you'll be warned for insecure http connections (which can be enforced and hijacked by an evil twin, when not demanding https).

• Chrome on Android is stupid too: "Always use secure connections" (default: off). Also we'll have to wait one more year for this to become the default: https://security.googleblog.com/2025/10/https-by-default.html.

• Safari on iOS/iPadOS: "Not Secure Connection Warning" (also off by default).

To test: open http://http.badssl.com - your browser should warn you (instead of showing the web page), but allow you to use http.

Important: most browsers will *remember* your choice to allow an insecure connection to a specific website (based on the domain name). The criteria to "forget" such an exception vary per browser.

#AitM #MitM #EvilTwin #HTTPSonly #InsecureConnectionWarning #Firefox #Chrome #Safari

Screenshot from Firefox Focus Security (Android) settings. Enabled in the image:

HTTPS-Only Mode
Automatically attempts to connect to sites using the HTTPS encryption protocol for increased security.
Learn More

The last line points to https://support.mozilla.org/en-US/kb/https-only-prefs-focus

Screenshot: Chrome on Android, settings page for "Always use secure connections"

Switch: Always use secure connections (default: off)
Comment: For sites that don't support secure connections, get warned before visiting the site

Switch: Warns you for insecure public sites

Switch: Warns you for insecure public & private sites
Comment: Private sites might include things like your company's intranet

@PerlPlayer : unless it was an extremely boring meeting, that's probably one of the dumbest moments to ask people to change their password.

Regardless, tell your local BOFH's to change their stupid policy which has never improved security.

EXTREMELY long overdue (bad advice from day 1): point 6 in https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver.

P.S.
1️⃣ Use a strong and reliable password manager
2️⃣ Make it use Autofill (offer creds based on domain name)
3️⃣ Let it create a long, complex, UNIQUE pw for EACH account
4️⃣ Make a backup of the database after each change
5️⃣ Make multiple backups, at least one offline
6️⃣ Use a STRONG master password (and never forget it)
7️⃣ Compromised device or account: game over
8️⃣ Enable "warn for insecure connections" in browser(s)
9️⃣ Stay vigilant (oops: https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/).

@sundogplanets

#Passwords #PasswordManager #Phishing #TroyHunt #AitM #MitM

Screenshot from a small part of https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver

6. Verifiers and CSPs SHALL NOT require subscribers to change passwords periodically.
However, verifiers SHALL force a change if there is evidence that the authenticator has been compromised.

7. Verifiers and CSPs
[...]

VoidProxy phishing-as-a-service bypasses MFA & SSO for Microsoft 365/Google accounts. Okta Threat Intelligence reveals sophisticated AitM attacks defeating modern authentication. Enterprise security teams: reassess your defenses NOW.

#SecurityLand #ThreatHorizon #CyberSecurity #PhishingAttack #EnterpriseSecurity #AitM #Phishing #VoidProxy

1) security.nl
2) http:⧸⧸gw.defensie.nl
3) https:⧸⧸gemeente.amsterdam

Nb. in 2 en 3 heb ik ⧸⧸ i.p.v. // gebruikt om te voorkómen dat Mastodon er resp.
http://gw.defensie.nl
en
https://gemeente.amsterdam
van maakt (m.i. zou Mastodon OP Z'N MINST "http://" in link 2 moeten laten zien).

Zie https://www.security.nl/posting/904650/security_nl+-%3E+http%3A__security_nl.

#httpVShttps #AitM #QRcodes #EvilTwin #PublicWifi #InfoSec #httpsVShttp #E2EE #Tunnel #TLS #SSL

QR-code met uitsluitend tekst:
security.nl

QR-code met uitsluitend tekst:
http://gw.defensie.nl

QR-code met uitsluitend tekst:
https://gemeente.amsterdam

This week, we encountered a new phishing campaign utilizing the Tycoon 2FA Phishing-as-a-Service (PhaaS) to bypass multifactor authentication (MFA).

The RDGA domains have Russian TLDs but are hosted on CloudFlare infrastructure. We have been seeing them use shared infrastructure for a few months now, definitely trying to make detection more challenging. They continue to obfuscate every piece of code but have updated their verification page. Previously, we always saw their custom Cloudflare Turnstile page, but now they also use a new captcha challenge, as shown below.(You can also check it here https://urlscan.io/result/0195ed8b-7a48-7348-a814-0a058571b51e/ )

Their old Cloudflare Turnstile page seems to still be their favorite, even though they now change their message more frequently: "Checking response before request" or "Tracking security across platform" are some of the new messages they use.

Here is a sample of the hundreds of domains we are detecting:
womivor[.]ru
nthecatepi[.]ru
toimlqdo[.]ru
dantherevin[.]ru
xptdieemy[.]ru

#dns #domains #phishing #AitM #PhaaS #tycoon #scam #cybercrime #threatintelligence #cybersecurity #infoblox #infobloxthreatintel #infosec #2MFABypass

New verification page associated with Tycoon PhaaS

Cloudflare verification page associated with Tycoon PhaaS

@ErikvanStraten@infosec.exchange

Dankjewel voor deze verhelderende uitleg. Ik heb er niet bij stilgestaan dat door Cloudflare grote blokken van het internet letterlijk kunnen worden uitgeschakeld, door simpelweg een script te draaien

#Risico #Economie #Cloudflare #Fastly #CDN #AitM #MitM #FISASection702 #FISA #ThreeLetterAgencies #Trump #Sbowden #E2EE #InfoSec #VVD #PVV #CIDI #VT #VirusTotal #DVCerts #DV #OV #EV #QWAC #CyberCrime #NepWebsites #FakeWebsites

Wenn die Phishing-Attacke zuschlägt… 🎣

Insbesondere mit den neuen AitM-Attacken, welche die Multi-Faktor-Authentifizierung umgehen können, ist das Phishing wieder in aller Munde ⚠️

Was hinter diesen neuartigen Angriffen steckt und wie Ihr Euch dagegen schützen könnt, erfahrt Ihr auf unserem Blog ➡️ https://sohub.io/158j

#audiusgroup #erfolgdurchzuhoeren #meme #phishing #aitm #cybersecurity

Microsoft 365: Prävention und Reaktion bei AiTM Phishing-Attacken 🛡

Weitere Informationen: https://sohub.io/pw32

#audiusgroup #erfolgdurchzuhoeren #aitm #microsoft365 #cybersicherheit

And as the final presenter before lunch on day 3, @Jacob is now on stage talking about protecting against #AiTM attacks at scale with #canarytokens - at @hack_lu !!

#hacklu2024

Up soon:
"From 0 to millions: Protecting against AitM phishing at scale"

Jacob Torrey @Jacob

@hack_lu #hacklu2024 #canaries #Thinkst #HoneyEverything #TTPs #AiTM #Deception #DetectionEngineering

Passkey implementations by Google, Amazon, Microsoft vulnerable to AitM attacks, research

Attackers can proxy login pages, removing mention of passkeys and prompting users to resort to passwords, finds eSentire.

https://www.computing.co.uk/news/4331630/passkey-implementations-google-amazon-microsoft-vulnerable-aitm-attacks-research

#technews #aitm #mitm #passkey #yubikey #esentire #infosec #cybersecurity

Hackers are using this new phishing technique to steal Gmail and Microsoft 365 accounts.

#Tycoon 2FA - Adversary-in-the-Middle (#AiTM) and Phishing-as-a-Service (#PhaaS)
A sophisticated new phishing-as-a-service platform called “Tycoon 2FA” is gaining popularity among cybercriminals due to its ability to bypass multi-factor authentication and steal login credentials for Microsoft 365 and Gmail accounts.

Ongoing End-User Security awareness training is paramount in educating and arming your tea

🎶🎵 Kickstart your week with inspiring music & empowerment on The #LivingSugarFree Lifestyle Show w/ #AITM! 🎵🎶 A dose of motivation, #AspieSecrets, and wisdom. 💪💡 Don't miss this exciting podcast episode! 🎙️🔥 ✨ #MotivationMatters #WisdomApp #PodcastLovers #LiveRecording #JoinTheDiscussion

Kicking off The Finished Product with a threat report on Evilginx, an open source AiTM phishing tool in active use #CTI #phishing #AiTM https://sourcesmethods.com/evilginx-phishing-proxy/

Unlock the power of self-actualization and elevate your frequency. Tune in for #LivingSugarFree insights. Dive into a transformative exploration of personal growth and conscious living w/ #AITM #HumpdayShift #DIYHeadExtraction 🌟

Empowerment 💪
#SpiritualGrowth ✨
#ThoughtLeadership 📚
#SelfActualization 🚀
#Sustainability 🌱
#Mindfulness 🧘♂️
#LifeLessons 📖
#Enlightenment 🔆
#Resilience 🎵
#SpiritualAdvisor 🌌
#WisdomTopMentor 🦉
#ElevateConsciousness 🌍

🎶🎵 Kickstart your week with inspiring music & empowerment on The #LivingSugarFree Lifestyle Show w/ #AITM! 🎵🎶 A dose of motivation, #AspieSecrets, and wisdom. 💪💡 Don't miss this exciting podcast episode! 🎙️🔥 ✨ #MotivationMatters #WisdomApp #PodcastLovers #LiveRecording #JoinTheDiscussion

#aitm

Client Info