Tag: FIDO2
-
The Browser Puppeteer: New Vishing Kits Hijack Sessions in Real-Time
Social engineering offensives are undergoing a sophisticated metamorphosis—adversaries now amalgamate telephonic directives with dynamic phishing kits that facilitate the real-time manipulation of a victim’s web session. According to an expose by Okta Threat Intelligence, these emerging “Phishing-as-a-Service” instruments are being aggressively deployed against users of Google, Microsoft, Okta, and various cryptocurrency ecosystems. The hallmark of…
-
FIDO2 Bypass Uncovered: Hackers Exploit Cross-Device Authentication with QR Code Phishing
Cybercriminals affiliated with the group PoisonSeed have devised a method to circumvent FIDO2 protection—not by breaching the technology itself, but by cleverly exploiting one of its legitimate features: cross-device authentication. Through this technique, attackers trick victims into approving access themselves, under the false impression that they are logging into a corporate system. As revealed by…
-
GitHub now supports FIDO2 security keys
GitHub newly provides support for using FIDO2 security keys when performing SSH Git operations to increase account protection. Two years ago, researchers at North Carolina State University (NCSU) found that after scanning about 13% of GitHub public repositories in the past 6 months, more than 100,000 GitHub repositories leaked API tokens and encryption ( SSH…